Sujet Précédent Sujet Suivant

HTML/Infected.WebPage.Gen RAPPORT HIJACKTHIS

Cathee -  
 Cathee -
Bonjour,

Depuis 2 jours, je reçois sans cesse des messages de mon antivirus à propos d'un virus que j'aurais: HTML/Infected.WebPage.Gen. J'ai fait des recherches et on m'a conseillé de faire un rapport HijackThis et de demander l'avis d'un expert sur un forum à propos de ce que je devrais faire. Merci d'avance. Catherine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:10, on 2009-10-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\Mireille\Bluebirds\BlueBirds.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: the blinkx toolbar - {F08555B0-9CC3-11D2-AA8E-000000000567} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_shook.dll
O2 - BHO: (no name) - {003AB650-7DE4-4B43-936B-80414B9DD059} - C:\WINDOWS\System32\cnbjmon32.dll
O2 - BHO: The blinkx Toolbar - {0069B690-7A2B-41C5-98CA-9F535B4C8532} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: The blinkx Toolbar - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [blinkx_toolbar] "C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe" -startservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Mireille\Bluebirds\BlueBirds.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\FM20FRA32.dll
O20 - Winlogon Notify: 4821d52e687 - C:\WINDOWS\System32\FM20FRA32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
A voir également:

3 réponses

Réponse 1 / 3
sherred Messages postés 8605 Statut Membre 351
 
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt

Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc

une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
0
Cathee
 
WOW :) Merci, je n'ai plus de problèmes maintenant! Voici quand même le rapport que vous m'avez demandé:

ComboFix 09-10-10.02 - Mireille 2009-10-11 15:22.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.2943.2487 [GMT -4:00]
Lancé depuis: c:\documents and settings\Mireille\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mireille\Application Data\020000002135a354687C.manifest
c:\documents and settings\Mireille\Application Data\020000002135a354687O.manifest
c:\documents and settings\Mireille\Application Data\020000002135a354687P.manifest
c:\documents and settings\Mireille\Application Data\020000002135a354687S.manifest
c:\documents and settings\Sarou\Application Data\020000002135a354687C.manifest
c:\documents and settings\Sarou\Application Data\020000002135a354687O.manifest
c:\documents and settings\Sarou\Application Data\020000002135a354687P.manifest
c:\documents and settings\Sarou\Application Data\020000002135a354687S.manifest
c:\windows\system32\CNBJMON32.DLL
c:\windows\system32\ERzb2yDK9Xmdv.vbs
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\HIsktR4.vbs
c:\windows\system32\LocalService\313.crack.zip
c:\windows\system32\LocalService\313.crack.zip.kwd
c:\windows\system32\LocalService\314.keygen.zip
c:\windows\system32\LocalService\314.keygen.zip.kwd
c:\windows\system32\LocalService\315.serial.zip
c:\windows\system32\LocalService\315.serial.zip.kwd
c:\windows\system32\LocalService\316.setup.zip
c:\windows\system32\LocalService\316.setup.zip.kwd
c:\windows\system32\LocalService\317.music.au.kwd
c:\windows\system32\LocalService\318.music2.au.kwd
c:\windows\system32\LocalService\319.music3.au.kwd
c:\windows\system32\LocalService\320.music4.au.kwd
c:\windows\system32\QVuOxApiv2GKo.vbs
c:\windows\system32\r5Du1dK.vbs

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-11 au 2009-10-11 ))))))))))))))))))))))))))))))))))))
.

2009-10-11 19:16 . 2009-10-11 19:16 116736 ----a-w- c:\windows\system32\dhcpsapi32.dll
2009-10-11 01:32 . 2009-10-11 01:32 -------- d-----w- c:\program files\Trend Micro
2009-10-11 00:09 . 2009-10-11 00:09 -------- d-----w- c:\program files\CCleaner
2009-10-10 22:41 . 2009-10-10 22:41 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-10-10 22:41 . 2009-10-10 22:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-10 14:48 . 2009-10-10 14:48 116736 ----a-w- c:\windows\system32\iasacct32.dll
2009-10-09 23:31 . 2009-10-11 19:24 -------- d-sh--w- c:\windows\system32\LocalService
2009-10-09 23:30 . 2009-10-09 23:30 116736 ----a-w- c:\windows\system32\fontext32.dll
2009-10-09 23:30 . 2009-10-09 23:30 122880 ----a-w- c:\windows\system32\FM20FRA32.dll
2009-10-09 02:16 . 2009-10-09 02:30 -------- d-----w- c:\documents and settings\Mireille\Application Data\Ventrilo
2009-10-06 22:21 . 2009-10-06 22:28 -------- d-----w- C:\bront
2009-10-04 22:27 . 2009-10-04 22:27 -------- d-----w- c:\program files\EZFace
2009-10-04 16:06 . 2009-10-04 16:43 -------- d-----w- c:\documents and settings\Mireille\Local Settings\Application Data\WMTools Downloaded Files
2009-10-01 20:31 . 2008-04-13 15:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-01 20:31 . 2008-04-13 15:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-01 20:29 . 2008-04-13 15:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-01 20:29 . 2008-04-13 15:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-30 22:11 . 2009-09-30 22:11 -------- d-----w- c:\program files\Rogers Communications Inc
2009-09-30 19:56 . 2009-09-30 19:56 -------- d-----w- c:\windows\Sun
2009-09-29 20:47 . 2009-09-29 20:47 -------- d-----w- c:\program files\iPod
2009-09-29 20:47 . 2009-09-29 20:47 -------- d-----w- c:\program files\iTunes
2009-09-24 22:26 . 2006-12-08 16:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-09-24 22:26 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-24 22:26 . 2006-11-15 15:38 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-09-24 22:26 . 2006-09-28 20:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-09-24 22:26 . 2006-09-28 20:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2009-09-24 22:26 . 2006-07-28 13:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2009-09-24 22:26 . 2006-07-28 13:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2009-09-24 22:21 . 2009-09-24 22:21 -------- d-----w- c:\program files\Ubisoft
2009-09-23 20:52 . 2009-09-23 21:01 -------- d-----w- c:\documents and settings\Sarou\Application Data\ZoomBrowser EX
2009-09-23 20:50 . 2009-09-23 21:01 -------- d-----w- c:\documents and settings\Sarou\Application Data\CameraWindowDC
2009-09-23 20:50 . 2009-09-23 20:50 -------- d-----w- c:\documents and settings\Sarou\Application Data\CANON INC
2009-09-23 20:49 . 2001-08-23 21:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-09-23 20:49 . 2008-04-13 23:33 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-09-23 20:49 . 2008-04-13 15:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-09-23 20:49 . 2008-04-13 15:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-23 20:35 . 2009-09-23 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-23 20:34 . 2009-09-23 20:35 -------- d-----w- c:\program files\Canon
2009-09-23 20:30 . 2009-09-23 20:30 -------- d-----w- c:\program files\Fichiers communs\Canon
2009-09-22 20:12 . 2009-09-22 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-21 22:01 . 2009-09-21 22:01 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-21 21:15 . 2009-09-21 21:17 -------- d-----w- c:\documents and settings\Sarou\Application Data\Apple Computer
2009-09-19 21:59 . 2009-09-19 22:07 -------- d-----w- c:\documents and settings\Sarou\Application Data\LimeWire
2009-09-17 20:10 . 2009-09-21 00:24 31616 ----a-w- c:\documents and settings\Sarou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 17:27 . 2009-09-17 17:27 -------- d-----w- c:\documents and settings\Mireille\Bluebirds
2009-09-17 17:18 . 2009-09-17 17:18 -------- d-----w- C:\ProgramData
2009-09-17 17:18 . 2009-09-17 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-09-17 17:16 . 2009-09-17 17:16 -------- d-----w- c:\program files\Microsoft WSE
2009-09-17 17:16 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-09-17 17:16 . 2009-09-17 17:16 -------- d-----w- c:\windows\Logs
2009-09-17 17:01 . 2009-09-17 17:18 -------- d-----w- c:\program files\Electronic Arts
2009-09-16 22:53 . 2009-10-10 23:55 -------- d-----w- c:\documents and settings\Sarou\Tracing
2009-09-16 20:47 . 2009-09-16 20:47 -------- d-----w- c:\program files\EtiketaGoGo
2009-09-16 00:26 . 2009-10-10 23:47 -------- d-----w- c:\documents and settings\Mireille\Incomplete
2009-09-14 19:54 . 2009-09-16 20:44 -------- d-----w- C:\Pack DFC JLogiciels
2009-09-14 19:54 . 2009-09-14 21:08 -------- d-----w- c:\program files\PhotoFiltre
2009-09-14 19:45 . 2009-09-14 19:55 -------- d-----w- c:\documents and settings\Sarou\Local Settings\Application Data\Nego
2009-09-13 23:47 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-13 23:47 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-13 23:05 . 2009-09-13 23:05 -------- d-----w- c:\program files\blinkx Remote Toolbar
2009-09-13 20:52 . 2009-10-11 19:15 -------- d-----w- c:\documents and settings\Mireille\Tracing
2009-09-13 20:51 . 2009-09-13 20:51 -------- d-----w- c:\program files\Microsoft
2009-09-13 20:50 . 2009-09-13 20:50 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-13 20:50 . 2009-09-13 20:51 -------- d-----w- c:\program files\Windows Live
2009-09-13 20:43 . 2009-09-13 20:43 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-13 17:43 . 2009-10-03 00:10 -------- d-----w- c:\documents and settings\Mireille\Application Data\vlc
2009-09-13 17:42 . 2009-09-13 17:42 -------- d-----w- c:\program files\VideoLAN
2009-09-13 16:49 . 2009-09-13 16:49 -------- d-----w- c:\documents and settings\Mireille\Application Data\CyberLink
2009-09-13 16:49 . 2009-09-13 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-13 16:47 . 2008-04-13 15:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-09-13 16:46 . 2009-09-13 16:47 -------- d-----w- c:\documents and settings\Mireille\Application Data\Ahead
2009-09-13 16:40 . 2009-09-13 16:41 -------- d-----w- c:\documents and settings\Mireille\Application Data\Apple Computer
2009-09-13 16:40 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-13 16:40 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-13 16:39 . 2009-09-13 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 16:39 . 2009-09-13 16:39 -------- d-----w- c:\program files\Bonjour
2009-09-13 16:39 . 2009-09-13 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-13 16:39 . 2009-09-13 16:39 -------- d-----w- c:\program files\QuickTime
2009-09-13 16:39 . 2009-09-13 16:39 -------- d-----w- c:\documents and settings\Mireille\Local Settings\Application Data\Apple
2009-09-13 16:39 . 2009-09-13 16:39 -------- d-----w- c:\program files\Apple Software Update
2009-09-13 16:39 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-09-13 16:39 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-09-13 16:39 . 2009-09-29 20:47 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-13 16:39 . 2009-09-13 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-13 16:38 . 2009-09-13 16:42 -------- d-----w- c:\documents and settings\Mireille\Local Settings\Application Data\Apple Computer
2009-09-13 16:09 . 2009-10-10 23:55 -------- d-----w- c:\documents and settings\Mireille\Application Data\LimeWire
2009-09-13 16:08 . 2009-10-09 23:28 -------- d-----w- c:\program files\LimeWire
2009-09-13 16:08 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-13 16:08 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-13 16:08 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-13 16:08 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-13 16:08 . 2009-09-13 16:08 -------- d-----w- c:\program files\Avira
2009-09-13 16:08 . 2009-09-13 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-12 22:28 . 2009-09-12 22:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-12 22:28 . 2009-09-12 22:28 -------- d--h--r- c:\documents and settings\Mireille\Application Data\SecuROM
2009-09-12 20:42 . 2009-09-12 20:42 -------- d-----w- c:\program files\MSXML 4.0
2009-09-12 20:26 . 2009-09-12 22:21 -------- d-----w- c:\program files\EA GAMES
2009-09-12 20:26 . 2007-04-04 22:39 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-09-12 19:38 . 2009-09-12 19:40 -------- d-----w- c:\program files\Microsoft Etudes
2009-09-12 19:38 . 2009-09-12 19:38 -------- d-----w- c:\program files\Learning Essentials
2009-09-12 19:38 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-09-12 19:15 . 2009-09-21 21:18 31616 ----a-w- c:\documents and settings\Mireille\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 11:17 . 2008-08-01 03:36 54784 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-09-12 11:17 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1ins.dll
2009-09-12 11:17 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1.dll
2009-09-12 11:17 . 2008-07-07 17:45 4984 ----a-r- c:\windows\system32\drivers\nvphy.bin
2009-09-12 11:17 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1ins.dll
2009-09-12 11:17 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1.dll
2009-09-12 11:17 . 2008-07-29 05:33 122880 ----a-r- c:\windows\system32\nvconrm.dll
2009-09-12 11:17 . 2008-07-29 05:33 446464 ----a-w- c:\windows\system32\nvunrm.exe
2009-09-12 11:17 . 2008-08-01 03:36 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-09-12 11:17 . 2008-08-01 03:35 955520 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-09-12 11:17 . 2008-08-20 10:35 122880 ----a-r- c:\windows\system32\NVCOSMB.DLL
2009-09-12 11:17 . 2008-08-20 10:35 453152 ----a-r- c:\windows\system32\nvusmb.exe
2009-09-12 11:17 . 2009-01-21 16:08 453152 ----a-r- c:\windows\system32\NVUNINST.EXE
2009-09-12 11:15 . 2009-09-12 11:15 -------- d-----w- c:\windows\system32\Lang
2009-09-12 11:10 . 2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
2009-09-12 11:10 . 2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2009-09-12 11:10 . 2009-09-12 11:10 -------- d-----w- c:\program files\Realtek
2009-09-12 11:10 . 2008-08-05 12:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-09-12 11:10 . 2008-08-25 08:17 528384 ------r- c:\windows\RtlExUpd.dll
2009-09-12 11:10 . 2009-10-06 22:29 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-09-12 11:09 . 2009-09-12 11:09 -------- d-----w- c:\windows\AsusInstAll
2009-09-12 11:09 . 2007-04-16 20:46 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2009-09-12 11:09 . 2009-10-06 22:29 -------- dc----w- c:\windows\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 22:29 . 2009-10-06 22:29 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-10-06 22:29 . 2009-10-06 22:29 -------- d-----w- c:\program files\Brother
2009-10-06 22:29 . 2009-10-06 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-10-04 04:26 . 2009-09-12 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-22 00:38 . 2004-08-05 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-22 00:38 . 2004-08-05 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-12 19:14 . 2009-09-12 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-12 10:48 . 2009-09-12 10:48 -------- d-----w- c:\program files\microsoft frontpage
2009-09-12 10:47 . 2009-09-12 10:47 -------- d-----w- c:\program files\Services en ligne
2009-09-12 10:46 . 2009-09-12 10:46 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-12 00:53 . 2009-09-12 00:53 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-09-12 00:49 . 2009-09-12 00:48 -------- d-----w- c:\program files\CyberLink
2009-09-12 00:48 . 2009-09-12 00:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 00:48 . 2009-09-12 00:48 -------- d-----w- c:\program files\Java
2009-09-12 00:47 . 2009-09-12 00:47 -------- d-----w- c:\program files\Fichiers communs\Ahead
2009-09-12 00:47 . 2009-09-12 00:47 -------- d-----w- c:\program files\Nero
2009-09-12 00:47 . 2009-09-12 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-12 00:35 . 2009-09-12 00:35 -------- d-----w- c:\program files\Microsoft Works
2009-09-12 00:34 . 2009-09-12 00:34 -------- d-----w- c:\program files\Microsoft.NET
2009-09-12 00:26 . 2009-09-12 00:26 131 ----a-w- c:\documents and settings\Mireille\Local Settings\Application Data\fusioncache.dat
2009-09-12 00:17 . 2009-09-12 00:17 -------- d-----w- c:\program files\MSBuild
2009-09-12 00:17 . 2009-09-12 00:17 -------- d-----w- c:\program files\Reference Assemblies
2009-09-12 00:16 . 2009-09-12 00:16 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:35 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F08555B0-9CC3-11D2-AA8E-000000000567}"= "c:\program files\blinkx Remote Toolbar\the_blinkx_shook.dll" [2009-09-11 42240]

[HKEY_CLASSES_ROOT\clsid\{f08555b0-9cc3-11d2-aa8e-000000000567}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{F08555A1-9CC3-11D2-AA8E-000000000567}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0069B690-7A2B-41C5-98CA-9F535B4C8532}]
2009-09-11 14:21 147968 ----a-w- c:\program files\blinkx Remote Toolbar\the_blinkx_bho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6}"= "c:\program files\blinkx Remote Toolbar\the_blinkx_toolbar.dll" [2009-09-11 264448]

[HKEY_CLASSES_ROOT\clsid\{e5a1ece5-3e3d-4fe7-8447-78cb1fd377c6}]
[HKEY_CLASSES_ROOT\BBar.BBarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{37686C62-D497-42E3-BAAB-78D89A74E151}]
[HKEY_CLASSES_ROOT\BBar.BBarBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"blinkx_toolbar"="c:\program files\blinkx Remote Toolbar\the_blinkx_toolbar.exe" [2009-09-11 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"bluebirds"="c:\documents and settings\Mireille\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-21 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-21 86016]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-12 149280]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-21 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\4821d52e687]
2009-10-09 23:30 122880 ----a-w- c:\windows\system32\FM20FRA32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-09-13 108289]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-11 c:\windows\Tasks\User_Feed_Synchronization-{29235C61-AD3A-4D71-914F-D54DD6B78F13}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{003AB650-7DE4-4B43-936B-80414B9DD059} - c:\windows\System32\cnbjmon32.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 15:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\System32\FM20FRA32.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\System32\FM20FRA32.dll
.
Heure de fin: 2009-10-11 15:26
ComboFix-quarantined-files.txt 2009-10-11 19:26

Avant-CF: 279 017 283 584 octets libres
Après-CF: 279 345 246 208 octets libres

296 --- E O F --- 2009-09-17 21:30
0
Réponse 2 / 3
sherred Messages postés 8605 Statut Membre 351
 
bon boulot
télécharge Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
le programme va se mettre automatiquement a jour.
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
https://www.malekal.com/tutorial-aboutbuster/
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des éléments on été trouvés > click sur supprimer la sélection.

si il t´es demandé de redémarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
Cathee
 
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2948
Windows 5.1.2600 Service Pack 3

2009-10-12 16:23:39
mbam-log-2009-10-12 (16-23-39).txt

Type de recherche: Examen rapide
Eléments examinés: 107047
Temps écoulé: 4 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhcpsapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fontext32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iasacct32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
0
Réponse 3 / 3
sherred Messages postés 8605 Statut Membre 351
 
ok
on fini si ton pc marche bien

Ccleaner https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
*Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .
tu fait le nettoyage
Fichiers temporaires de Windows
Cookies, cache, historique d'Internet Explorer, Opera et Firefox
Documents récents de Windows
et ensuite réparation de la base de registre.

------------------------------

ToolsCleaner, merci A.Rothstein & Dj Quiou,
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
ou http://pc-system.fr/
qui va désinstaller les outils que l'on a utilisés
qui peuvent être dangereux pour ton PC
0
Cathee
 
Et voilà! Wow, merci d'avoir été si patient et de bonne volonté avec moi Sherred :)
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
la balise <br> ou <br />
faamugol -
rwaness -

8 réponses
<br> ou <br /> ou </br>
corentin.93 -
jessy006 -

11 réponses
Balise </br>
erf -
erf -

3 réponses