Infection Cid +antivir impossible Maj
Raf2 -
Je vien d'installer antivir mais impossible de faire une maj +j'ai une pub cid qui s'affiche
Merci de votre aide
Configuration: Windows Vista Firefox 3.5.5
37 réponses
- 1
- 2
Problème rencontré lors de l'installation d'Antivir sur Windows Vista et Firefox 3.5.5 : impossibilité de mettre à jour le logiciel et affichage d'une publicité CID. Des réponses proposent des outils de diagnostic et des rapports pour évaluer l'infection et les causes des mises à jour bloquées, notamment GenProc pour générer un rapport et ComboFix pour les analyses. D'autres conseils suggèrent des mesures comme réinstaller Antivir ou désactiver temporairement l'antivirus afin de laisser tourner certains outils de détection et de récupérer des rapports à coller dans les réponses. Les échanges incluent des instructions détaillées sur la création et le dépôt de rapports, des manifestations de malwares détectés et des chemins d'accès aux fichiers pour localiser les rapports générés.
-
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre -
merci
voila le rapport:
Rapport GenProc 2.650 [1] - 21/11/2009 à 10:27:04
@ Windows VISTA Service Pack 2 - Compaq-Presario - Mode normal
@ Mozilla Firefox 3.5.5 (fr) [Navigateur par défaut]
~~ CM DISK ERROR ~~
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Lauriane *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).
# Etape 2/
Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport lopR.txt situé dans C:\ ;
- Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.650 21/11/2009 à 10:27:15
Lop:le 21/11/2009 à 10:27:53 "C:\ProgramData\Settings axis axis.937pp"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 10:28:14 ~~ -
suis la procédure ci-dessus, elle devrait résoudre le problème "CID" (qui à priori n'est pas le seul)
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:16, on 21/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\vVX3000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lauriane\AppData\Local\Temp\Rar$EX00.168\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lauriane\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_SC84D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [Store file readme bash] "C:\ProgramData\Eq Dvd Mp3.om4rusz"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Rapport GenProc 2.650 [2] - 21/11/2009 à 11:02:23
@ Windows VISTA Service Pack 2 - Compaq-Presario - Mode normal
@ Mozilla Firefox 3.5.5 (fr) [Navigateur par défaut]
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :
C:\ProgramData\Eq Dvd Mp3.om4rusz"
"
et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:10, on 21/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\vVX3000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lauriane\AppData\Local\Temp\Rar$EX00.168\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\GenProc\Outil\Lauriane_GenProc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_SC84D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [Store file readme bash] "C:\ProgramData\Eq Dvd Mp3.om4rusz"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
-
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 8600 Triple-Core Processor )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Lauriane ( Administrator )
BOOT : Fail-safe boot
C:\ (Local Disk) - NTFS - Total:453 Go (Free:332 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go)
E:\ (CD or DVD) - UDF - Total:5 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 21/11/2009|10:54 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\city about store file\About one.dat
Supprime! - C:\ProgramData\city about store file\About one.exe
Supprime! - C:\Users\Lauriane\AppData\Roaming\MICROS~1\Windows\Cookies\lauriane@www.adserver5[1].txt
Supprime! - C:\ProgramData\Settings axis axis.937pp
Supprime! - C:\ProgramData\Settings axis axis.l5odr5
Supprime! - C:\ProgramData\city about store file
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[20/11/2009|17:25] C:\Users\Lauriane\AppData\Local\Adobe
[13/02/2009|15:52] C:\Users\Lauriane\AppData\Local\Apple
[23/09/2009|15:33] C:\Users\Lauriane\AppData\Local\Apple Computer
[13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Application Data
[23/05/2009|14:18] C:\Users\Lauriane\AppData\Local\d3d9caps.dat
[04/11/2009|14:10] C:\Users\Lauriane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[05/10/2009|07:26] C:\Users\Lauriane\AppData\Local\DVDPlay
[20/11/2009|18:16] C:\Users\Lauriane\AppData\Local\GDIPFONTCACHEV1.DAT
[13/02/2009|16:43] C:\Users\Lauriane\AppData\Local\Hewlett-Packard
[13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Historique
[21/11/2009|10:41] C:\Users\Lauriane\AppData\Local\IconCache.db
[05/09/2009|15:47] C:\Users\Lauriane\AppData\Local\Microsoft
[20/04/2009|14:37] C:\Users\Lauriane\AppData\Local\Microsoft Games
[13/02/2009|17:03] C:\Users\Lauriane\AppData\Local\Microsoft Help
[13/02/2009|14:36] C:\Users\Lauriane\AppData\Local\Mozilla
[21/11/2009|10:54] C:\Users\Lauriane\AppData\Local\Temp
[13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Temporary Internet Files
[16/04/2009|20:43] C:\Users\Lauriane\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[21/11/2009 09:45][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
[21/11/2009 10:50][--ah-----] C:\Windows\tasks\SA.DAT
[21/11/2009 10:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[15/03/2009|10:54] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[12/05/2009|10:29] C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[12/09/2009|09:54] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[06/04/2009|21:00] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[18/11/2009|17:58] C:\ProgramData\aboutthunkcity
[20/11/2009|17:25] C:\ProgramData\Adobe
[13/02/2009|15:51] C:\ProgramData\Apple
[13/02/2009|15:53] C:\ProgramData\Apple Computer
[02/11/2006|13:59] C:\ProgramData\Application Data
[20/11/2009|18:20] C:\ProgramData\Avira
[13/02/2009|15:48] C:\ProgramData\Azureus
[13/02/2009|13:41] C:\ProgramData\Bureau
[13/02/2009|16:52] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[06/11/2009|08:09] C:\ProgramData\Electronic Arts
[06/11/2009|21:24] C:\ProgramData\Eq Dvd Mp3.om4rusz
[13/02/2009|13:41] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[08/07/2009|08:19] C:\ProgramData\Hewlett-Packard
[03/11/2008|16:54] C:\ProgramData\HP
[03/11/2008|16:54] C:\ProgramData\hpzinstall.log
[24/02/2009|14:19] C:\ProgramData\InterAction studios
[20/11/2009|18:11] C:\ProgramData\Malwarebytes
[13/02/2009|13:41] C:\ProgramData\Menu D‚marrer
[20/11/2009|18:51] C:\ProgramData\Messenger Plus!
[28/03/2009|12:56] C:\ProgramData\Microsoft
[12/11/2009|19:37] C:\ProgramData\Microsoft Help
[13/02/2009|13:41] C:\ProgramData\ModŠles
[03/11/2008|16:52] C:\ProgramData\muvee Technologies
[06/09/2009|08:28] C:\ProgramData\ntuser.pol
[18/09/2009|08:52] C:\ProgramData\NVIDIA
[03/11/2008|16:59] C:\ProgramData\PC-Doctor
[03/11/2008|16:59] C:\ProgramData\PC-Doctor for Windows
[20/11/2009|17:34] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[13/02/2009|14:01] C:\ProgramData\Symantec
[25/02/2009|17:08] C:\ProgramData\TEMP
[02/11/2006|13:59] C:\ProgramData\Templates
[13/02/2009|16:18] C:\ProgramData\TuneUp Software
[21/02/2009|16:29] C:\ProgramData\WildTangent
[13/02/2009|15:59] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[20/11/2009|17:24] C:\Program Files\Adobe
[28/04/2009|13:02] C:\Program Files\AGEIA Technologies
[13/02/2009|14:39] C:\Program Files\Alwil Software
[13/02/2009|15:52] C:\Program Files\Apple Software Update
[20/11/2009|18:20] C:\Program Files\Avira
[24/02/2009|16:22] C:\Program Files\bfgclient
[16/02/2009|20:54] C:\Program Files\Bonjour
[20/11/2009|17:13] C:\Program Files\CCleaner
[25/02/2009|17:18] C:\Program Files\Chicken Invaders
[20/11/2009|19:12] C:\Program Files\Chicken Invaders 2
[22/02/2009|14:48] C:\Program Files\Chicken Invaders 3
[24/02/2009|16:18] C:\Program Files\Chicken Invaders 3 Christmas Edition
[04/03/2009|10:53] C:\Program Files\ChickenInvaders2_at
[20/02/2009|20:41] C:\Program Files\ChickenInvadersROTYdemo
[03/03/2009|16:00] C:\Program Files\ChickenInvadersTNWdemo
[03/03/2009|16:12] C:\Program Files\ChickenInvadersTNWXmasdemo
[20/11/2009|17:24] C:\Program Files\Common Files
[03/11/2008|16:52] C:\Program Files\CyberLink
[13/02/2009|14:25] C:\Program Files\DIFX
[28/04/2009|12:43] C:\Program Files\DivX
[27/02/2009|20:08] C:\Program Files\EA GAMES
[03/11/2008|17:06] C:\Program Files\EasyBits For Kids
[05/11/2009|19:34] C:\Program Files\Electronic Arts
[20/05/2009|09:52] C:\Program Files\EPSON
[13/02/2009|13:41] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/11/2009|17:15] C:\Program Files\FileHippo.com
[19/10/2009|18:44] C:\Program Files\Hewlett-Packard
[03/11/2008|16:55] C:\Program Files\HP
[03/11/2008|17:05] C:\Program Files\HP Games
[20/11/2009|18:13] C:\Program Files\InstallShield Installation Information
[16/10/2009|07:05] C:\Program Files\Internet Explorer
[01/11/2009|18:09] C:\Program Files\iPod
[12/09/2009|09:53] C:\Program Files\iPod(78)
[01/11/2009|18:10] C:\Program Files\iTunes
[12/09/2009|09:54] C:\Program Files\iTunes(79)
[13/02/2009|16:12] C:\Program Files\Java
[28/04/2009|12:46] C:\Program Files\K-Lite Codec Pack
[07/07/2009|14:53] C:\Program Files\LETMIN
[06/07/2009|12:32] C:\Program Files\LG Electronics
[06/07/2009|12:59] C:\Program Files\LG PC Suite II
[11/06/2009|17:38] C:\Program Files\LGInternetKit
[12/08/2009|10:35] C:\Program Files\LimeWire
[20/11/2009|18:11] C:\Program Files\Malwarebytes' Anti-Malware
[20/11/2009|17:17] C:\Program Files\Messenger Plus! Live
[28/03/2009|12:57] C:\Program Files\Microsoft
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[05/05/2009|12:57] C:\Program Files\Microsoft LifeCam
[13/02/2009|17:07] C:\Program Files\Microsoft Office
[05/09/2009|20:22] C:\Program Files\Microsoft Office Outlook Connector
[10/09/2009|07:07] C:\Program Files\Microsoft Silverlight
[28/03/2009|12:55] C:\Program Files\Microsoft SQL Server Compact Edition
[28/03/2009|12:56] C:\Program Files\Microsoft Sync Framework
[13/02/2009|17:07] C:\Program Files\Microsoft Visual Studio
[13/02/2009|17:04] C:\Program Files\Microsoft Visual Studio 8
[11/06/2009|06:10] C:\Program Files\Microsoft Works
[05/11/2009|19:27] C:\Program Files\Microsoft WSE
[13/02/2009|17:06] C:\Program Files\Microsoft.NET
[17/09/2009|19:51] C:\Program Files\Movie Maker
[21/11/2009|10:53] C:\Program Files\Mozilla Firefox
[13/02/2009|17:08] C:\Program Files\MSBuild
[13/02/2009|14:39] C:\Program Files\MSXML 4.0
[19/10/2009|18:45] C:\Program Files\Online Services
[03/11/2008|16:59] C:\Program Files\PC-Doctor for Windows
[21/03/2009|19:00] C:\Program Files\PhotoFiltre
[14/09/2009|19:33] C:\Program Files\QuickTime
[12/09/2009|09:51] C:\Program Files\QuickTime(88)
[03/11/2008|16:41] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[22/02/2009|14:48] C:\Program Files\ReflexiveArcade
[14/11/2009|19:19] C:\Program Files\Spybot - Search & Destroy
[13/02/2009|16:10] C:\Program Files\SystemRequirementsLab
[18/11/2009|17:34] C:\Program Files\TuneUp Utilities 2009
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[14/09/2009|19:37] C:\Program Files\Utilitaire de configuration iPhone
[12/05/2009|10:26] C:\Program Files\Vuze
[17/09/2009|19:51] C:\Program Files\Windows Calendar
[17/09/2009|19:51] C:\Program Files\Windows Collaboration
[17/09/2009|19:51] C:\Program Files\Windows Defender
[20/11/2009|17:08] C:\Program Files\Windows Live
[28/03/2009|12:53] C:\Program Files\Windows Live SkyDrive
[17/09/2009|19:51] C:\Program Files\Windows Mail
[17/09/2009|19:51] C:\Program Files\Windows Media Player
[13/02/2009|13:41] C:\Program Files\Windows NT
[17/09/2009|19:51] C:\Program Files\Windows Photo Gallery
[17/09/2009|19:51] C:\Program Files\Windows Sidebar
[07/07/2009|08:35] C:\Program Files\Winletmin
[13/02/2009|16:48] C:\Program Files\WinRAR
[01/08/2009|15:00] C:\Program Files\Winsudate
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[20/11/2009|17:25] C:\Program Files\Common Files\Adobe
[01/11/2009|18:09] C:\Program Files\Common Files\Apple
[13/02/2009|17:07] C:\Program Files\Common Files\DESIGNER
[03/11/2008|16:54] C:\Program Files\Common Files\HP
[03/11/2008|16:44] C:\Program Files\Common Files\InstallShield
[03/11/2008|16:55] C:\Program Files\Common Files\Java
[01/08/2009|19:05] C:\Program Files\Common Files\LightScribe
[03/11/2008|16:52] C:\Program Files\Common Files\LS Getting Started
[12/07/2009|17:51] C:\Program Files\Common Files\microsoft shared
[24/02/2009|13:52] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[13/02/2009|14:03] C:\Program Files\Common Files\Symantec Shared
[17/09/2009|19:51] C:\Program Files\Common Files\System
[28/03/2009|12:38] C:\Program Files\Common Files\Windows Live
[13/02/2009|16:00] C:\Program Files\Common Files\WindowsLiveInstaller
[28/04/2009|13:02] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 21 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 10:54:35
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 103
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:9][D:8]-> C:\Users\Lauriane\AppData\Local\Temp
[F:42][D:1]-> C:\Users\Lauriane\AppData\Roaming\MICROS~1\Windows\Cookies
[F:251][D:4]-> C:\Users\Lauriane\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:7]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 21/11/2009|10:55 - Option : [2]
--------------------\\ Fin du rapport a 10:55:28
[ UAC => 1 ] -
et voila juste un soucis que j'avais lorsque je lance lop S&D y avais le choix entre suppression Host+ ou Host- j'ai fait le HOSt+
merci -
Un bon début, mais ça ne suffira pas pour être tranquille.
Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt -
-
-
-
-
tu dois désactiver ton antivirus pour le laisser tourner
-
ComboFix 09-11-20.02 - Lauriane 21/11/2009 11:33.1.3 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2942.1855 [GMT 1:00]
Lancé depuis: c:\users\Lauriane\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2735200289-1753316297-3505708831-500
c:\$recycle.bin\S-1-5-21-3213520390-330048417-2416552161-500
c:\$recycle.bin\S-1-5-21-379578684-575248035-2863804450-1000
c:\windows\system32\drivers\pciide.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-21 au 2009-11-21 ))))))))))))))))))))))))))))))))))))
.
2009-11-21 10:29 . 2009-11-21 10:30 49152 d-----w- C:\32788R22FWJFW.2.tmp
2009-11-21 10:24 . 2009-11-21 10:24 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-11-21 09:53 . 2009-11-21 09:55 8192 d-----w- C:\Lop SD
2009-11-21 09:27 . 2009-11-21 10:02 4096 d-----w- C:\GenProc
2009-11-20 17:20 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-20 17:20 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Avira
2009-11-20 17:11 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 17:11 . 2009-11-20 17:11 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 17:11 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 16:24 . 2009-11-20 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-20 16:15 . 2009-11-20 16:15 -------- d-----w- c:\program files\FileHippo.com
2009-11-20 16:13 . 2009-11-20 16:13 -------- d-----w- c:\program files\CCleaner
2009-11-18 16:34 . 2009-11-18 16:34 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-11-18 16:34 . 2009-11-18 16:34 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-18 16:34 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-11-18 16:34 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-14 12:07 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-11 09:24 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 09:24 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-05 18:27 . 2009-11-05 18:27 -------- d-----w- c:\program files\Microsoft WSE
2009-11-05 18:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-05 18:15 . 2009-11-05 18:34 -------- d-----w- c:\program files\Electronic Arts
2009-11-01 17:09 . 2009-11-01 17:09 -------- d-----w- c:\program files\iPod
2009-11-01 17:09 . 2009-11-01 17:10 4096 d-----w- c:\program files\iTunes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 10:33 . 2008-11-04 00:06 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-21 10:33 . 2008-11-04 00:06 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-21 10:26 . 2009-06-14 19:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-20 18:12 . 2009-02-24 15:25 8192 d-----w- c:\program files\Chicken Invaders 2
2009-11-20 17:13 . 2008-11-03 15:41 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-20 16:30 . 2009-02-13 15:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 16:17 . 2009-02-13 15:05 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-20 16:08 . 2009-02-13 13:42 4096 d-----w- c:\program files\Windows Live
2009-11-18 16:34 . 2009-02-13 15:18 49152 d-----w- c:\program files\TuneUp Utilities 2009
2009-11-14 18:19 . 2009-02-13 15:16 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 19:42 . 2009-10-02 17:03 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 17:09 . 2009-02-13 14:51 4096 d-----w- c:\program files\Common Files\Apple
2009-10-19 17:44 . 2008-11-03 15:43 4096 d-----w- c:\program files\Hewlett-Packard
2009-09-17 18:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-14 09:29 . 2009-10-15 17:06 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 17:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-15 17:06 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-15 17:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-15 11:08 . 2009-05-15 11:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Store file readme bash"="c:\programdata\Eq Dvd Mp3.om4rusz" [X]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WinUsr"="c:\program files\Winsudate\gibusr.exe" [2009-08-01 88304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ce,d1,93,03,35,38,ca,01
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/11/2009 18:20 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18/11/2009 17:34 604488]
R2 WinSvc;Gestionnaire de mise à jour Winsudate;c:\program files\Winsudate\gibsvc.exe [07/07/2009 08:35 70896]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [05/09/2009 13:17 218112]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/11/2009 13:07 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Lauriane\AppData\Roaming\Mozilla\Firefox\Profiles\mxa2ywfb.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 11:43
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-11-21 11:46
ComboFix-quarantined-files.txt 2009-11-21 10:46
Avant-CF: 356 557 070 336 octets libres
Après-CF: 356 484 710 400 octets libres
- - End Of File - - 0D3E73EBDB5DD1E22C6733253AE11BC2 -
-
-
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver:: WinSvc File:: C:\ProgramData\Eq Dvd Mp3.om4rusz C:\32788R22FWJFW.2.tmp C:\32788R22FWJFW.1.tmp c:\program files\Winsudate\gibusr.exe Folder:: C:\ProgramData\aboutthunkcity c:\program files\Winsudate Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Store file readme bash"=- "WinUsr"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000000
Enregistre ce fichier sous le nom CFScript
[*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
[*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt -
ComboFix 09-11-20.02 - Lauriane 21/11/2009 12:09.2.3 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2942.1845 [GMT 1:00]
Lancé depuis: c:\users\Lauriane\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lauriane\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"C:\32788R22FWJFW.1.tmp"
"C:\32788R22FWJFW.2.tmp"
"c:\program files\Winsudate\gibusr.exe"
"c:\programdata\Eq Dvd Mp3.om4rusz"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Winsudate
c:\program files\Winsudate\gibcom.dll
c:\program files\Winsudate\gibidl.dll
c:\program files\Winsudate\gibsvc.exe
c:\program files\Winsudate\gibupt.exe
c:\program files\Winsudate\gibusr.exe
c:\programdata\aboutthunkcity
c:\programdata\aboutthunkcity\Blue long view bend.exe
c:\programdata\aboutthunkcity\smusaogz.exe
c:\programdata\Eq Dvd Mp3.om4rusz
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_WinSvc
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-21 au 2009-11-21 ))))))))))))))))))))))))))))))))))))
.
2009-11-21 20:21 . 2009-04-11 06:32 14312 ----a-w- c:\windows\system32\drivers\pciide.sys
2009-11-21 10:29 . 2009-11-21 10:30 49152 d-----w- C:\32788R22FWJFW.2.tmp
2009-11-21 10:24 . 2009-11-21 10:24 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-11-21 09:53 . 2009-11-21 09:55 -------- d-----w- C:\Lop SD
2009-11-21 09:27 . 2009-11-21 10:02 4096 d-----w- C:\GenProc
2009-11-20 17:20 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-20 17:20 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Avira
2009-11-20 17:11 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 17:11 . 2009-11-20 17:11 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 17:11 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 16:24 . 2009-11-20 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-20 16:15 . 2009-11-20 16:15 -------- d-----w- c:\program files\FileHippo.com
2009-11-20 16:13 . 2009-11-20 16:13 -------- d-----w- c:\program files\CCleaner
2009-11-18 16:34 . 2009-11-18 16:34 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-11-18 16:34 . 2009-11-18 16:34 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-18 16:34 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-11-18 16:34 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-14 12:07 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-11 09:24 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 09:24 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-05 18:27 . 2009-11-05 18:27 -------- d-----w- c:\program files\Microsoft WSE
2009-11-05 18:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-05 18:15 . 2009-11-05 18:34 -------- d-----w- c:\program files\Electronic Arts
2009-11-01 17:09 . 2009-11-01 17:09 -------- d-----w- c:\program files\iPod
2009-11-01 17:09 . 2009-11-01 17:10 4096 d-----w- c:\program files\iTunes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 11:19 . 2009-06-14 19:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-21 10:33 . 2008-11-04 00:06 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-21 10:33 . 2008-11-04 00:06 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-20 18:12 . 2009-02-24 15:25 8192 d-----w- c:\program files\Chicken Invaders 2
2009-11-20 17:13 . 2008-11-03 15:41 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-20 16:30 . 2009-02-13 15:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 16:17 . 2009-02-13 15:05 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-20 16:08 . 2009-02-13 13:42 4096 d-----w- c:\program files\Windows Live
2009-11-18 16:34 . 2009-02-13 15:18 49152 d-----w- c:\program files\TuneUp Utilities 2009
2009-11-14 18:19 . 2009-02-13 15:16 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 19:42 . 2009-10-02 17:03 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 17:09 . 2009-02-13 14:51 4096 d-----w- c:\program files\Common Files\Apple
2009-10-19 17:44 . 2008-11-03 15:43 4096 d-----w- c:\program files\Hewlett-Packard
2009-09-17 18:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-14 09:29 . 2009-10-15 17:06 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 17:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-15 17:06 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-15 17:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-15 11:08 . 2009-05-15 11:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ce,d1,93,03,35,38,ca,01
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/11/2009 18:20 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18/11/2009 17:34 604488]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [05/09/2009 13:17 218112]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/11/2009 13:07 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Lauriane\AppData\Roaming\Mozilla\Firefox\Profiles\mxa2ywfb.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 12:24
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3888)
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2009-11-21 12:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-21 11:28
ComboFix2.txt 2009-11-21 10:46
Avant-CF: 356 526 825 472 octets libres
Après-CF: 356 269 633 536 octets libres
- - End Of File - - 93A60958F0B68D97F66D9005513600E8 -
-
ça me semble pas trop mal. Juste, une vérification sur ces deux fichiers
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
peux-tu les scanner sur le site virustotal et poster les deux rapports ?
- 1
- 2