Infection Cid +antivir impossible Maj

Raf -  
 Raf2 -
Bonjour,
Je vien d'installer antivir mais impossible de faire une maj +j'ai une pub cid qui s'affiche
Merci de votre aide
Configuration: Windows Vista
Firefox 3.5.5

37 réponses

  • 1
  • 2
Résumé de la discussion

Problème rencontré lors de l'installation d'Antivir sur Windows Vista et Firefox 3.5.5 : impossibilité de mettre à jour le logiciel et affichage d'une publicité CID. Des réponses proposent des outils de diagnostic et des rapports pour évaluer l'infection et les causes des mises à jour bloquées, notamment GenProc pour générer un rapport et ComboFix pour les analyses. D'autres conseils suggèrent des mesures comme réinstaller Antivir ou désactiver temporairement l'antivirus afin de laisser tourner certains outils de détection et de récupérer des rapports à coller dans les réponses. Les échanges incluent des instructions détaillées sur la création et le dépôt de rapports, des manifestations de malwares détectés et des chemins d'accès aux fichiers pour localiser les rapports générés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. eZula Messages postés 3509 Statut Contributeur 392
     
    Bonjour,

    télécharge GenProc http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
    1
    1. Raf
       
      et maintenant je suis la procédure<?
      0
  2. Raf
     
    merci
    voila le rapport:
    Rapport GenProc 2.650 [1] - 21/11/2009 à 10:27:04
    @ Windows VISTA Service Pack 2 - Compaq-Presario - Mode normal
    @ Mozilla Firefox 3.5.5 (fr) [Navigateur par défaut]

    ~~ CM DISK ERROR ~~

    Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    # Etape 1/ Télécharge :

    - Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

    Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Lauriane *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).

    # Etape 2/

    Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

    # Etape 3/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 4/

    Redémarre normalement et poste, dans la même réponse :

    - Le contenu du rapport lopR.txt situé dans C:\ ;
    - Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
    - Un nouveau rapport GenProc ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

    ~~ Arguments de la procédure ~~

    # Détections [1] GenProc 2.650 21/11/2009 à 10:27:15
    Lop:le 21/11/2009 à 10:27:53 "C:\ProgramData\Settings axis axis.937pp"

    ----------------------------------------------------------------------
    Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
    ----------------------------------------------------------------------

    ~~ Fin à 10:28:14 ~~
    0
  3. eZula Messages postés 3509 Statut Contributeur 392
     
    suis la procédure ci-dessus, elle devrait résoudre le problème "CID" (qui à priori n'est pas le seul)
    0
    1. Raf
       
      oui le pc étais deja infecté par cette pub ,ma soeur avait avast et je lui est installé antir mais impossible de mettre à jour
      0
  4. Raf
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:01:16, on 21/11/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\vVX3000.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Winsudate\gibusr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Lauriane\AppData\Local\Temp\Rar$EX00.168\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Lauriane\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
    O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_SC84D.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
    O4 - HKCU\..\Run: [Store file readme bash] "C:\ProgramData\Eq Dvd Mp3.om4rusz"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Raf
     
    Rapport GenProc 2.650 [2] - 21/11/2009 à 11:02:23
    @ Windows VISTA Service Pack 2 - Compaq-Presario - Mode normal
    @ Mozilla Firefox 3.5.5 (fr) [Navigateur par défaut]

    GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

    Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :

    C:\ProgramData\Eq Dvd Mp3.om4rusz"

    "
    et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.

    ~~~~ INFORMATION COMPLEMENTAIRE ~~~~

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:03:10, on 21/11/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\vVX3000.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Winsudate\gibusr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Lauriane\AppData\Local\Temp\Rar$EX00.168\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conime.exe
    C:\GenProc\Outil\Lauriane_GenProc.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
    O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_SC84D.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
    O4 - HKCU\..\Run: [Store file readme bash] "C:\ProgramData\Eq Dvd Mp3.om4rusz"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
    0
  7. Raf
     
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 8600 Triple-Core Processor )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Lauriane ( Administrator )
    BOOT : Fail-safe boot
    C:\ (Local Disk) - NTFS - Total:453 Go (Free:332 Go)
    D:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go)
    E:\ (CD or DVD) - UDF - Total:5 Go (Free:0 Go)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 21/11/2009|10:54 )

    [ UAC => 1 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\ProgramData\city about store file\About one.dat
    Supprime! - C:\ProgramData\city about store file\About one.exe
    Supprime! - C:\Users\Lauriane\AppData\Roaming\MICROS~1\Windows\Cookies\lauriane@www.adserver5[1].txt
    Supprime! - C:\ProgramData\Settings axis axis.937pp
    Supprime! - C:\ProgramData\Settings axis axis.l5odr5
    Supprime! - C:\ProgramData\city about store file
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans Local

    [20/11/2009|17:25] C:\Users\Lauriane\AppData\Local\Adobe
    [13/02/2009|15:52] C:\Users\Lauriane\AppData\Local\Apple
    [23/09/2009|15:33] C:\Users\Lauriane\AppData\Local\Apple Computer
    [13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Application Data
    [23/05/2009|14:18] C:\Users\Lauriane\AppData\Local\d3d9caps.dat
    [04/11/2009|14:10] C:\Users\Lauriane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [05/10/2009|07:26] C:\Users\Lauriane\AppData\Local\DVDPlay
    [20/11/2009|18:16] C:\Users\Lauriane\AppData\Local\GDIPFONTCACHEV1.DAT
    [13/02/2009|16:43] C:\Users\Lauriane\AppData\Local\Hewlett-Packard
    [13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Historique
    [21/11/2009|10:41] C:\Users\Lauriane\AppData\Local\IconCache.db
    [05/09/2009|15:47] C:\Users\Lauriane\AppData\Local\Microsoft
    [20/04/2009|14:37] C:\Users\Lauriane\AppData\Local\Microsoft Games
    [13/02/2009|17:03] C:\Users\Lauriane\AppData\Local\Microsoft Help
    [13/02/2009|14:36] C:\Users\Lauriane\AppData\Local\Mozilla
    [21/11/2009|10:54] C:\Users\Lauriane\AppData\Local\Temp
    [13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Temporary Internet Files
    [16/04/2009|20:43] C:\Users\Lauriane\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [21/11/2009 09:45][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
    [21/11/2009 10:50][--ah-----] C:\Windows\tasks\SA.DAT
    [21/11/2009 10:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [15/03/2009|10:54] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [12/05/2009|10:29] C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
    [12/09/2009|09:54] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [06/04/2009|21:00] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [18/11/2009|17:58] C:\ProgramData\aboutthunkcity
    [20/11/2009|17:25] C:\ProgramData\Adobe
    [13/02/2009|15:51] C:\ProgramData\Apple
    [13/02/2009|15:53] C:\ProgramData\Apple Computer
    [02/11/2006|13:59] C:\ProgramData\Application Data
    [20/11/2009|18:20] C:\ProgramData\Avira
    [13/02/2009|15:48] C:\ProgramData\Azureus
    [13/02/2009|13:41] C:\ProgramData\Bureau
    [13/02/2009|16:52] C:\ProgramData\CyberLink
    [02/11/2006|13:59] C:\ProgramData\Desktop
    [02/11/2006|13:59] C:\ProgramData\Documents
    [06/11/2009|08:09] C:\ProgramData\Electronic Arts
    [06/11/2009|21:24] C:\ProgramData\Eq Dvd Mp3.om4rusz
    [13/02/2009|13:41] C:\ProgramData\Favoris
    [02/11/2006|13:59] C:\ProgramData\Favorites
    [08/07/2009|08:19] C:\ProgramData\Hewlett-Packard
    [03/11/2008|16:54] C:\ProgramData\HP
    [03/11/2008|16:54] C:\ProgramData\hpzinstall.log
    [24/02/2009|14:19] C:\ProgramData\InterAction studios
    [20/11/2009|18:11] C:\ProgramData\Malwarebytes
    [13/02/2009|13:41] C:\ProgramData\Menu D‚marrer
    [20/11/2009|18:51] C:\ProgramData\Messenger Plus!
    [28/03/2009|12:56] C:\ProgramData\Microsoft
    [12/11/2009|19:37] C:\ProgramData\Microsoft Help
    [13/02/2009|13:41] C:\ProgramData\ModŠles
    [03/11/2008|16:52] C:\ProgramData\muvee Technologies
    [06/09/2009|08:28] C:\ProgramData\ntuser.pol
    [18/09/2009|08:52] C:\ProgramData\NVIDIA
    [03/11/2008|16:59] C:\ProgramData\PC-Doctor
    [03/11/2008|16:59] C:\ProgramData\PC-Doctor for Windows
    [20/11/2009|17:34] C:\ProgramData\Spybot - Search & Destroy
    [02/11/2006|13:59] C:\ProgramData\Start Menu
    [13/02/2009|14:01] C:\ProgramData\Symantec
    [25/02/2009|17:08] C:\ProgramData\TEMP
    [02/11/2006|13:59] C:\ProgramData\Templates
    [13/02/2009|16:18] C:\ProgramData\TuneUp Software
    [21/02/2009|16:29] C:\ProgramData\WildTangent
    [13/02/2009|15:59] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [20/11/2009|17:24] C:\Program Files\Adobe
    [28/04/2009|13:02] C:\Program Files\AGEIA Technologies
    [13/02/2009|14:39] C:\Program Files\Alwil Software
    [13/02/2009|15:52] C:\Program Files\Apple Software Update
    [20/11/2009|18:20] C:\Program Files\Avira
    [24/02/2009|16:22] C:\Program Files\bfgclient
    [16/02/2009|20:54] C:\Program Files\Bonjour
    [20/11/2009|17:13] C:\Program Files\CCleaner
    [25/02/2009|17:18] C:\Program Files\Chicken Invaders
    [20/11/2009|19:12] C:\Program Files\Chicken Invaders 2
    [22/02/2009|14:48] C:\Program Files\Chicken Invaders 3
    [24/02/2009|16:18] C:\Program Files\Chicken Invaders 3 Christmas Edition
    [04/03/2009|10:53] C:\Program Files\ChickenInvaders2_at
    [20/02/2009|20:41] C:\Program Files\ChickenInvadersROTYdemo
    [03/03/2009|16:00] C:\Program Files\ChickenInvadersTNWdemo
    [03/03/2009|16:12] C:\Program Files\ChickenInvadersTNWXmasdemo
    [20/11/2009|17:24] C:\Program Files\Common Files
    [03/11/2008|16:52] C:\Program Files\CyberLink
    [13/02/2009|14:25] C:\Program Files\DIFX
    [28/04/2009|12:43] C:\Program Files\DivX
    [27/02/2009|20:08] C:\Program Files\EA GAMES
    [03/11/2008|17:06] C:\Program Files\EasyBits For Kids
    [05/11/2009|19:34] C:\Program Files\Electronic Arts
    [20/05/2009|09:52] C:\Program Files\EPSON
    [13/02/2009|13:41] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [20/11/2009|17:15] C:\Program Files\FileHippo.com
    [19/10/2009|18:44] C:\Program Files\Hewlett-Packard
    [03/11/2008|16:55] C:\Program Files\HP
    [03/11/2008|17:05] C:\Program Files\HP Games
    [20/11/2009|18:13] C:\Program Files\InstallShield Installation Information
    [16/10/2009|07:05] C:\Program Files\Internet Explorer
    [01/11/2009|18:09] C:\Program Files\iPod
    [12/09/2009|09:53] C:\Program Files\iPod(78)
    [01/11/2009|18:10] C:\Program Files\iTunes
    [12/09/2009|09:54] C:\Program Files\iTunes(79)
    [13/02/2009|16:12] C:\Program Files\Java
    [28/04/2009|12:46] C:\Program Files\K-Lite Codec Pack
    [07/07/2009|14:53] C:\Program Files\LETMIN
    [06/07/2009|12:32] C:\Program Files\LG Electronics
    [06/07/2009|12:59] C:\Program Files\LG PC Suite II
    [11/06/2009|17:38] C:\Program Files\LGInternetKit
    [12/08/2009|10:35] C:\Program Files\LimeWire
    [20/11/2009|18:11] C:\Program Files\Malwarebytes' Anti-Malware
    [20/11/2009|17:17] C:\Program Files\Messenger Plus! Live
    [28/03/2009|12:57] C:\Program Files\Microsoft
    [02/11/2006|13:35] C:\Program Files\Microsoft Games
    [05/05/2009|12:57] C:\Program Files\Microsoft LifeCam
    [13/02/2009|17:07] C:\Program Files\Microsoft Office
    [05/09/2009|20:22] C:\Program Files\Microsoft Office Outlook Connector
    [10/09/2009|07:07] C:\Program Files\Microsoft Silverlight
    [28/03/2009|12:55] C:\Program Files\Microsoft SQL Server Compact Edition
    [28/03/2009|12:56] C:\Program Files\Microsoft Sync Framework
    [13/02/2009|17:07] C:\Program Files\Microsoft Visual Studio
    [13/02/2009|17:04] C:\Program Files\Microsoft Visual Studio 8
    [11/06/2009|06:10] C:\Program Files\Microsoft Works
    [05/11/2009|19:27] C:\Program Files\Microsoft WSE
    [13/02/2009|17:06] C:\Program Files\Microsoft.NET
    [17/09/2009|19:51] C:\Program Files\Movie Maker
    [21/11/2009|10:53] C:\Program Files\Mozilla Firefox
    [13/02/2009|17:08] C:\Program Files\MSBuild
    [13/02/2009|14:39] C:\Program Files\MSXML 4.0
    [19/10/2009|18:45] C:\Program Files\Online Services
    [03/11/2008|16:59] C:\Program Files\PC-Doctor for Windows
    [21/03/2009|19:00] C:\Program Files\PhotoFiltre
    [14/09/2009|19:33] C:\Program Files\QuickTime
    [12/09/2009|09:51] C:\Program Files\QuickTime(88)
    [03/11/2008|16:41] C:\Program Files\Realtek
    [02/11/2006|13:35] C:\Program Files\Reference Assemblies
    [22/02/2009|14:48] C:\Program Files\ReflexiveArcade
    [14/11/2009|19:19] C:\Program Files\Spybot - Search & Destroy
    [13/02/2009|16:10] C:\Program Files\SystemRequirementsLab
    [18/11/2009|17:34] C:\Program Files\TuneUp Utilities 2009
    [02/11/2006|13:58] C:\Program Files\Uninstall Information
    [14/09/2009|19:37] C:\Program Files\Utilitaire de configuration iPhone
    [12/05/2009|10:26] C:\Program Files\Vuze
    [17/09/2009|19:51] C:\Program Files\Windows Calendar
    [17/09/2009|19:51] C:\Program Files\Windows Collaboration
    [17/09/2009|19:51] C:\Program Files\Windows Defender
    [20/11/2009|17:08] C:\Program Files\Windows Live
    [28/03/2009|12:53] C:\Program Files\Windows Live SkyDrive
    [17/09/2009|19:51] C:\Program Files\Windows Mail
    [17/09/2009|19:51] C:\Program Files\Windows Media Player
    [13/02/2009|13:41] C:\Program Files\Windows NT
    [17/09/2009|19:51] C:\Program Files\Windows Photo Gallery
    [17/09/2009|19:51] C:\Program Files\Windows Sidebar
    [07/07/2009|08:35] C:\Program Files\Winletmin
    [13/02/2009|16:48] C:\Program Files\WinRAR
    [01/08/2009|15:00] C:\Program Files\Winsudate

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [20/11/2009|17:25] C:\Program Files\Common Files\Adobe
    [01/11/2009|18:09] C:\Program Files\Common Files\Apple
    [13/02/2009|17:07] C:\Program Files\Common Files\DESIGNER
    [03/11/2008|16:54] C:\Program Files\Common Files\HP
    [03/11/2008|16:44] C:\Program Files\Common Files\InstallShield
    [03/11/2008|16:55] C:\Program Files\Common Files\Java
    [01/08/2009|19:05] C:\Program Files\Common Files\LightScribe
    [03/11/2008|16:52] C:\Program Files\Common Files\LS Getting Started
    [12/07/2009|17:51] C:\Program Files\Common Files\microsoft shared
    [24/02/2009|13:52] C:\Program Files\Common Files\PX Storage Engine
    [02/11/2006|12:18] C:\Program Files\Common Files\Services
    [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
    [13/02/2009|14:03] C:\Program Files\Common Files\Symantec Shared
    [17/09/2009|19:51] C:\Program Files\Common Files\System
    [28/03/2009|12:38] C:\Program Files\Common Files\Windows Live
    [13/02/2009|16:00] C:\Program Files\Common Files\WindowsLiveInstaller
    [28/04/2009|13:02] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 21 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-21 10:54:35
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 103

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:9][D:8]-> C:\Users\Lauriane\AppData\Local\Temp
    [F:42][D:1]-> C:\Users\Lauriane\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:251][D:4]-> C:\Users\Lauriane\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:6][D:7]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 21/11/2009|10:55 - Option : [2]

    --------------------\\ Fin du rapport a 10:55:28
    [ UAC => 1 ]
    0
  8. Raf
     
    et voila juste un soucis que j'avais lorsque je lance lop S&D y avais le choix entre suppression Host+ ou Host- j'ai fait le HOSt+
    merci
    0
  9. eZula Messages postés 3509 Statut Contributeur 392
     
    Un bon début, mais ça ne suffira pas pour être tranquille.

    Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
    Double clique combofix.exe et suis les instructions.
    Installe la console de récupération si proposé et continue.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    0
  10. Raf
     
    Ok antivir à detecté 3 virus que doist-je faire
    0
  11. eZula Messages postés 3509 Statut Contributeur 392
     
    C:\Combofix.txt
    0
  12. raf
     
    ben je peut pas le lancer lorsque je le lance antir m'affiche 3 virus
    0
  13. raf
     
    enfin non il me dit forcelibrary.dll contient cheval de troie
    0
  14. eZula Messages postés 3509 Statut Contributeur 392
     
    tu dois désactiver ton antivirus pour le laisser tourner
    0
  15. Raf
     
    ComboFix 09-11-20.02 - Lauriane 21/11/2009 11:33.1.3 - x86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2942.1855 [GMT 1:00]
    Lancé depuis: c:\users\Lauriane\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-2735200289-1753316297-3505708831-500
    c:\$recycle.bin\S-1-5-21-3213520390-330048417-2416552161-500
    c:\$recycle.bin\S-1-5-21-379578684-575248035-2863804450-1000
    c:\windows\system32\drivers\pciide.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-21 au 2009-11-21 ))))))))))))))))))))))))))))))))))))
    .

    2009-11-21 10:29 . 2009-11-21 10:30 49152 d-----w- C:\32788R22FWJFW.2.tmp
    2009-11-21 10:24 . 2009-11-21 10:24 -------- d-----w- C:\32788R22FWJFW.1.tmp
    2009-11-21 09:53 . 2009-11-21 09:55 8192 d-----w- C:\Lop SD
    2009-11-21 09:27 . 2009-11-21 10:02 4096 d-----w- C:\GenProc
    2009-11-20 17:20 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-11-20 17:20 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Avira
    2009-11-20 17:11 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-20 17:11 . 2009-11-20 17:11 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-20 17:11 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-20 16:24 . 2009-11-20 16:25 -------- d-----w- c:\program files\Common Files\Adobe
    2009-11-20 16:15 . 2009-11-20 16:15 -------- d-----w- c:\program files\FileHippo.com
    2009-11-20 16:13 . 2009-11-20 16:13 -------- d-----w- c:\program files\CCleaner
    2009-11-18 16:34 . 2009-11-18 16:34 604488 ----a-w- c:\windows\system32\TUProgSt.exe
    2009-11-18 16:34 . 2009-11-18 16:34 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
    2009-11-18 16:34 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
    2009-11-18 16:34 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
    2009-11-14 12:07 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2009-11-11 09:24 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
    2009-11-11 09:24 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
    2009-11-05 18:27 . 2009-11-05 18:27 -------- d-----w- c:\program files\Microsoft WSE
    2009-11-05 18:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2009-11-05 18:15 . 2009-11-05 18:34 -------- d-----w- c:\program files\Electronic Arts
    2009-11-01 17:09 . 2009-11-01 17:09 -------- d-----w- c:\program files\iPod
    2009-11-01 17:09 . 2009-11-01 17:10 4096 d-----w- c:\program files\iTunes

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-21 10:33 . 2008-11-04 00:06 672084 ----a-w- c:\windows\system32\perfh00C.dat
    2009-11-21 10:33 . 2008-11-04 00:06 124228 ----a-w- c:\windows\system32\perfc00C.dat
    2009-11-21 10:26 . 2009-06-14 19:01 12 ----a-w- c:\windows\bthservsdp.dat
    2009-11-20 18:12 . 2009-02-24 15:25 8192 d-----w- c:\program files\Chicken Invaders 2
    2009-11-20 17:13 . 2008-11-03 15:41 4096 d--h--w- c:\program files\InstallShield Installation Information
    2009-11-20 16:30 . 2009-02-13 15:13 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-20 16:17 . 2009-02-13 15:05 4096 d-----w- c:\program files\Messenger Plus! Live
    2009-11-20 16:08 . 2009-02-13 13:42 4096 d-----w- c:\program files\Windows Live
    2009-11-18 16:34 . 2009-02-13 15:18 49152 d-----w- c:\program files\TuneUp Utilities 2009
    2009-11-14 18:19 . 2009-02-13 15:16 8192 d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-02 19:42 . 2009-10-02 17:03 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-01 17:09 . 2009-02-13 14:51 4096 d-----w- c:\program files\Common Files\Apple
    2009-10-19 17:44 . 2008-11-03 15:43 4096 d-----w- c:\program files\Hewlett-Packard
    2009-09-17 18:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-09-14 09:29 . 2009-10-15 17:06 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-09-10 16:48 . 2009-10-15 17:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 11:41 . 2009-10-15 17:06 60928 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-08-27 05:22 . 2009-10-15 17:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-27 05:17 . 2009-10-15 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-08-27 05:17 . 2009-10-15 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-08-27 03:42 . 2009-10-15 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-05-15 11:08 . 2009-05-15 11:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Store file readme bash"="c:\programdata\Eq Dvd Mp3.om4rusz" [X]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "WinUsr"="c:\program files\Winsudate\gibusr.exe" [2009-08-01 88304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]
    "VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):ce,d1,93,03,35,38,ca,01

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/11/2009 18:20 108289]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18/11/2009 17:34 604488]
    R2 WinSvc;Gestionnaire de mise à jour Winsudate;c:\program files\Winsudate\gibsvc.exe [07/07/2009 08:35 70896]
    R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [05/09/2009 13:17 218112]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/11/2009 13:07 54632]
    S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    ezSharedSvc
    .
    Contenu du dossier 'Tâches planifiées'

    2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
    - c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\users\Lauriane\AppData\Roaming\Mozilla\Firefox\Profiles\mxa2ywfb.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-21 11:43
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Heure de fin: 2009-11-21 11:46
    ComboFix-quarantined-files.txt 2009-11-21 10:46

    Avant-CF: 356 557 070 336 octets libres
    Après-CF: 356 484 710 400 octets libres

    - - End Of File - - 0D3E73EBDB5DD1E22C6733253AE11BC2
    0
  16. eZula Messages postés 3509 Statut Contributeur 392
     
    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver::
    WinSvc
    
    File::
    C:\ProgramData\Eq Dvd Mp3.om4rusz
    C:\32788R22FWJFW.2.tmp
    C:\32788R22FWJFW.1.tmp 
    c:\program files\Winsudate\gibusr.exe
    
    Folder::
    C:\ProgramData\aboutthunkcity
    c:\program files\Winsudate
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Store file readme bash"=-
    "WinUsr"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000


    Enregistre ce fichier sous le nom CFScript

    [*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
    [*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
    [*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
    Ne touche à rien tant que le scan n'est pas terminé.
    [*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
    [*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  17. raf
     
    ComboFix 09-11-20.02 - Lauriane 21/11/2009 12:09.2.3 - x86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2942.1845 [GMT 1:00]
    Lancé depuis: c:\users\Lauriane\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\Lauriane\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "C:\32788R22FWJFW.1.tmp"
    "C:\32788R22FWJFW.2.tmp"
    "c:\program files\Winsudate\gibusr.exe"
    "c:\programdata\Eq Dvd Mp3.om4rusz"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Winsudate
    c:\program files\Winsudate\gibcom.dll
    c:\program files\Winsudate\gibidl.dll
    c:\program files\Winsudate\gibsvc.exe
    c:\program files\Winsudate\gibupt.exe
    c:\program files\Winsudate\gibusr.exe
    c:\programdata\aboutthunkcity
    c:\programdata\aboutthunkcity\Blue long view bend.exe
    c:\programdata\aboutthunkcity\smusaogz.exe
    c:\programdata\Eq Dvd Mp3.om4rusz

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_WinSvc

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-21 au 2009-11-21 ))))))))))))))))))))))))))))))))))))
    .

    2009-11-21 20:21 . 2009-04-11 06:32 14312 ----a-w- c:\windows\system32\drivers\pciide.sys
    2009-11-21 10:29 . 2009-11-21 10:30 49152 d-----w- C:\32788R22FWJFW.2.tmp
    2009-11-21 10:24 . 2009-11-21 10:24 -------- d-----w- C:\32788R22FWJFW.1.tmp
    2009-11-21 09:53 . 2009-11-21 09:55 -------- d-----w- C:\Lop SD
    2009-11-21 09:27 . 2009-11-21 10:02 4096 d-----w- C:\GenProc
    2009-11-20 17:20 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-11-20 17:20 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Avira
    2009-11-20 17:11 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-20 17:11 . 2009-11-20 17:11 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-20 17:11 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-20 16:24 . 2009-11-20 16:25 -------- d-----w- c:\program files\Common Files\Adobe
    2009-11-20 16:15 . 2009-11-20 16:15 -------- d-----w- c:\program files\FileHippo.com
    2009-11-20 16:13 . 2009-11-20 16:13 -------- d-----w- c:\program files\CCleaner
    2009-11-18 16:34 . 2009-11-18 16:34 604488 ----a-w- c:\windows\system32\TUProgSt.exe
    2009-11-18 16:34 . 2009-11-18 16:34 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
    2009-11-18 16:34 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
    2009-11-18 16:34 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
    2009-11-14 12:07 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2009-11-11 09:24 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
    2009-11-11 09:24 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
    2009-11-05 18:27 . 2009-11-05 18:27 -------- d-----w- c:\program files\Microsoft WSE
    2009-11-05 18:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2009-11-05 18:15 . 2009-11-05 18:34 -------- d-----w- c:\program files\Electronic Arts
    2009-11-01 17:09 . 2009-11-01 17:09 -------- d-----w- c:\program files\iPod
    2009-11-01 17:09 . 2009-11-01 17:10 4096 d-----w- c:\program files\iTunes

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-21 11:19 . 2009-06-14 19:01 12 ----a-w- c:\windows\bthservsdp.dat
    2009-11-21 10:33 . 2008-11-04 00:06 672084 ----a-w- c:\windows\system32\perfh00C.dat
    2009-11-21 10:33 . 2008-11-04 00:06 124228 ----a-w- c:\windows\system32\perfc00C.dat
    2009-11-20 18:12 . 2009-02-24 15:25 8192 d-----w- c:\program files\Chicken Invaders 2
    2009-11-20 17:13 . 2008-11-03 15:41 4096 d--h--w- c:\program files\InstallShield Installation Information
    2009-11-20 16:30 . 2009-02-13 15:13 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-20 16:17 . 2009-02-13 15:05 4096 d-----w- c:\program files\Messenger Plus! Live
    2009-11-20 16:08 . 2009-02-13 13:42 4096 d-----w- c:\program files\Windows Live
    2009-11-18 16:34 . 2009-02-13 15:18 49152 d-----w- c:\program files\TuneUp Utilities 2009
    2009-11-14 18:19 . 2009-02-13 15:16 8192 d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-02 19:42 . 2009-10-02 17:03 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-01 17:09 . 2009-02-13 14:51 4096 d-----w- c:\program files\Common Files\Apple
    2009-10-19 17:44 . 2008-11-03 15:43 4096 d-----w- c:\program files\Hewlett-Packard
    2009-09-17 18:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-09-14 09:29 . 2009-10-15 17:06 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-09-10 16:48 . 2009-10-15 17:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 11:41 . 2009-10-15 17:06 60928 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-08-27 05:22 . 2009-10-15 17:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-27 05:17 . 2009-10-15 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-08-27 05:17 . 2009-10-15 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-08-27 03:42 . 2009-10-15 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-05-15 11:08 . 2009-05-15 11:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]
    "VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):ce,d1,93,03,35,38,ca,01

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/11/2009 18:20 108289]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18/11/2009 17:34 604488]
    R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [05/09/2009 13:17 218112]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/11/2009 13:07 54632]
    S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    ezSharedSvc
    .
    Contenu du dossier 'Tâches planifiées'

    2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
    - c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\users\Lauriane\AppData\Roaming\Mozilla\Firefox\Profiles\mxa2ywfb.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-21 12:24
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(3888)
    c:\windows\system32\nvcpl.dll
    c:\windows\system32\nvapi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2009-11-21 12:28 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-11-21 11:28
    ComboFix2.txt 2009-11-21 10:46

    Avant-CF: 356 526 825 472 octets libres
    Après-CF: 356 269 633 536 octets libres

    - - End Of File - - 93A60958F0B68D97F66D9005513600E8
    0
  18. raf
     
    depuis cette manip le pc est super lent il bug
    0
  19. eZula Messages postés 3509 Statut Contributeur 392
     
    ça me semble pas trop mal. Juste, une vérification sur ces deux fichiers

    C:\32788R22FWJFW.2.tmp
    C:\32788R22FWJFW.1.tmp

    peux-tu les scanner sur le site virustotal et poster les deux rapports ?
    0
    1. raf
       
      ya pas de fichier
      0
  • 1
  • 2