Sujet Précédent Sujet Suivant

Infection Cid +antivir impossible Maj

Raf -  
 Raf2 -
Bonjour,
Je vien d'installer antivir mais impossible de faire une maj +j'ai une pub cid qui s'affiche
Merci de votre aide
A voir également:

37 réponses

  • 1
  • 2
Réponse 1 / 37
eZula Messages postés 3509 Statut Contributeur 392
 
Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
1
Raf
 
et maintenant je suis la procédure<?
0
Réponse 2 / 37
Raf
 
merci
voila le rapport:
Rapport GenProc 2.650 [1] - 21/11/2009 à 10:27:04
@ Windows VISTA Service Pack 2 - Compaq-Presario - Mode normal
@ Mozilla Firefox 3.5.5 (fr) [Navigateur par défaut]

~~ CM DISK ERROR ~~

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Lauriane *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).

# Etape 2/

Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport lopR.txt situé dans C:\ ;
- Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~

# Détections [1] GenProc 2.650 21/11/2009 à 10:27:15
Lop:le 21/11/2009 à 10:27:53 "C:\ProgramData\Settings axis axis.937pp"

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 10:28:14 ~~
0
Réponse 3 / 37
eZula Messages postés 3509 Statut Contributeur 392
 
suis la procédure ci-dessus, elle devrait résoudre le problème "CID" (qui à priori n'est pas le seul)
0
Raf
 
oui le pc étais deja infecté par cette pub ,ma soeur avait avast et je lui est installé antir mais impossible de mettre à jour
0
Réponse 4 / 37
Raf
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:16, on 21/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\vVX3000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lauriane\AppData\Local\Temp\Rar$EX00.168\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lauriane\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_SC84D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [Store file readme bash] "C:\ProgramData\Eq Dvd Mp3.om4rusz"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
Raf
 
Rapport GenProc 2.650 [2] - 21/11/2009 à 11:02:23
@ Windows VISTA Service Pack 2 - Compaq-Presario - Mode normal
@ Mozilla Firefox 3.5.5 (fr) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :

C:\ProgramData\Eq Dvd Mp3.om4rusz"

"
et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:10, on 21/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\vVX3000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Lauriane\AppData\Local\Temp\Rar$EX00.168\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\GenProc\Outil\Lauriane_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_SC84D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [Store file readme bash] "C:\ProgramData\Eq Dvd Mp3.om4rusz"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
0
Réponse 6 / 37
Raf
 
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 8600 Triple-Core Processor )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Lauriane ( Administrator )
BOOT : Fail-safe boot
C:\ (Local Disk) - NTFS - Total:453 Go (Free:332 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go)
E:\ (CD or DVD) - UDF - Total:5 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 21/11/2009|10:54 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\city about store file\About one.dat
Supprime! - C:\ProgramData\city about store file\About one.exe
Supprime! - C:\Users\Lauriane\AppData\Roaming\MICROS~1\Windows\Cookies\lauriane@www.adserver5[1].txt
Supprime! - C:\ProgramData\Settings axis axis.937pp
Supprime! - C:\ProgramData\Settings axis axis.l5odr5
Supprime! - C:\ProgramData\city about store file
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[20/11/2009|17:25] C:\Users\Lauriane\AppData\Local\Adobe
[13/02/2009|15:52] C:\Users\Lauriane\AppData\Local\Apple
[23/09/2009|15:33] C:\Users\Lauriane\AppData\Local\Apple Computer
[13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Application Data
[23/05/2009|14:18] C:\Users\Lauriane\AppData\Local\d3d9caps.dat
[04/11/2009|14:10] C:\Users\Lauriane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[05/10/2009|07:26] C:\Users\Lauriane\AppData\Local\DVDPlay
[20/11/2009|18:16] C:\Users\Lauriane\AppData\Local\GDIPFONTCACHEV1.DAT
[13/02/2009|16:43] C:\Users\Lauriane\AppData\Local\Hewlett-Packard
[13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Historique
[21/11/2009|10:41] C:\Users\Lauriane\AppData\Local\IconCache.db
[05/09/2009|15:47] C:\Users\Lauriane\AppData\Local\Microsoft
[20/04/2009|14:37] C:\Users\Lauriane\AppData\Local\Microsoft Games
[13/02/2009|17:03] C:\Users\Lauriane\AppData\Local\Microsoft Help
[13/02/2009|14:36] C:\Users\Lauriane\AppData\Local\Mozilla
[21/11/2009|10:54] C:\Users\Lauriane\AppData\Local\Temp
[13/02/2009|13:41] C:\Users\Lauriane\AppData\Local\Temporary Internet Files
[16/04/2009|20:43] C:\Users\Lauriane\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[21/11/2009 09:45][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
[21/11/2009 10:50][--ah-----] C:\Windows\tasks\SA.DAT
[21/11/2009 10:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[15/03/2009|10:54] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[12/05/2009|10:29] C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[12/09/2009|09:54] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[06/04/2009|21:00] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[18/11/2009|17:58] C:\ProgramData\aboutthunkcity
[20/11/2009|17:25] C:\ProgramData\Adobe
[13/02/2009|15:51] C:\ProgramData\Apple
[13/02/2009|15:53] C:\ProgramData\Apple Computer
[02/11/2006|13:59] C:\ProgramData\Application Data
[20/11/2009|18:20] C:\ProgramData\Avira
[13/02/2009|15:48] C:\ProgramData\Azureus
[13/02/2009|13:41] C:\ProgramData\Bureau
[13/02/2009|16:52] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[06/11/2009|08:09] C:\ProgramData\Electronic Arts
[06/11/2009|21:24] C:\ProgramData\Eq Dvd Mp3.om4rusz
[13/02/2009|13:41] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[08/07/2009|08:19] C:\ProgramData\Hewlett-Packard
[03/11/2008|16:54] C:\ProgramData\HP
[03/11/2008|16:54] C:\ProgramData\hpzinstall.log
[24/02/2009|14:19] C:\ProgramData\InterAction studios
[20/11/2009|18:11] C:\ProgramData\Malwarebytes
[13/02/2009|13:41] C:\ProgramData\Menu D‚marrer
[20/11/2009|18:51] C:\ProgramData\Messenger Plus!
[28/03/2009|12:56] C:\ProgramData\Microsoft
[12/11/2009|19:37] C:\ProgramData\Microsoft Help
[13/02/2009|13:41] C:\ProgramData\ModŠles
[03/11/2008|16:52] C:\ProgramData\muvee Technologies
[06/09/2009|08:28] C:\ProgramData\ntuser.pol
[18/09/2009|08:52] C:\ProgramData\NVIDIA
[03/11/2008|16:59] C:\ProgramData\PC-Doctor
[03/11/2008|16:59] C:\ProgramData\PC-Doctor for Windows
[20/11/2009|17:34] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[13/02/2009|14:01] C:\ProgramData\Symantec
[25/02/2009|17:08] C:\ProgramData\TEMP
[02/11/2006|13:59] C:\ProgramData\Templates
[13/02/2009|16:18] C:\ProgramData\TuneUp Software
[21/02/2009|16:29] C:\ProgramData\WildTangent
[13/02/2009|15:59] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[20/11/2009|17:24] C:\Program Files\Adobe
[28/04/2009|13:02] C:\Program Files\AGEIA Technologies
[13/02/2009|14:39] C:\Program Files\Alwil Software
[13/02/2009|15:52] C:\Program Files\Apple Software Update
[20/11/2009|18:20] C:\Program Files\Avira
[24/02/2009|16:22] C:\Program Files\bfgclient
[16/02/2009|20:54] C:\Program Files\Bonjour
[20/11/2009|17:13] C:\Program Files\CCleaner
[25/02/2009|17:18] C:\Program Files\Chicken Invaders
[20/11/2009|19:12] C:\Program Files\Chicken Invaders 2
[22/02/2009|14:48] C:\Program Files\Chicken Invaders 3
[24/02/2009|16:18] C:\Program Files\Chicken Invaders 3 Christmas Edition
[04/03/2009|10:53] C:\Program Files\ChickenInvaders2_at
[20/02/2009|20:41] C:\Program Files\ChickenInvadersROTYdemo
[03/03/2009|16:00] C:\Program Files\ChickenInvadersTNWdemo
[03/03/2009|16:12] C:\Program Files\ChickenInvadersTNWXmasdemo
[20/11/2009|17:24] C:\Program Files\Common Files
[03/11/2008|16:52] C:\Program Files\CyberLink
[13/02/2009|14:25] C:\Program Files\DIFX
[28/04/2009|12:43] C:\Program Files\DivX
[27/02/2009|20:08] C:\Program Files\EA GAMES
[03/11/2008|17:06] C:\Program Files\EasyBits For Kids
[05/11/2009|19:34] C:\Program Files\Electronic Arts
[20/05/2009|09:52] C:\Program Files\EPSON
[13/02/2009|13:41] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/11/2009|17:15] C:\Program Files\FileHippo.com
[19/10/2009|18:44] C:\Program Files\Hewlett-Packard
[03/11/2008|16:55] C:\Program Files\HP
[03/11/2008|17:05] C:\Program Files\HP Games
[20/11/2009|18:13] C:\Program Files\InstallShield Installation Information
[16/10/2009|07:05] C:\Program Files\Internet Explorer
[01/11/2009|18:09] C:\Program Files\iPod
[12/09/2009|09:53] C:\Program Files\iPod(78)
[01/11/2009|18:10] C:\Program Files\iTunes
[12/09/2009|09:54] C:\Program Files\iTunes(79)
[13/02/2009|16:12] C:\Program Files\Java
[28/04/2009|12:46] C:\Program Files\K-Lite Codec Pack
[07/07/2009|14:53] C:\Program Files\LETMIN
[06/07/2009|12:32] C:\Program Files\LG Electronics
[06/07/2009|12:59] C:\Program Files\LG PC Suite II
[11/06/2009|17:38] C:\Program Files\LGInternetKit
[12/08/2009|10:35] C:\Program Files\LimeWire
[20/11/2009|18:11] C:\Program Files\Malwarebytes' Anti-Malware
[20/11/2009|17:17] C:\Program Files\Messenger Plus! Live
[28/03/2009|12:57] C:\Program Files\Microsoft
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[05/05/2009|12:57] C:\Program Files\Microsoft LifeCam
[13/02/2009|17:07] C:\Program Files\Microsoft Office
[05/09/2009|20:22] C:\Program Files\Microsoft Office Outlook Connector
[10/09/2009|07:07] C:\Program Files\Microsoft Silverlight
[28/03/2009|12:55] C:\Program Files\Microsoft SQL Server Compact Edition
[28/03/2009|12:56] C:\Program Files\Microsoft Sync Framework
[13/02/2009|17:07] C:\Program Files\Microsoft Visual Studio
[13/02/2009|17:04] C:\Program Files\Microsoft Visual Studio 8
[11/06/2009|06:10] C:\Program Files\Microsoft Works
[05/11/2009|19:27] C:\Program Files\Microsoft WSE
[13/02/2009|17:06] C:\Program Files\Microsoft.NET
[17/09/2009|19:51] C:\Program Files\Movie Maker
[21/11/2009|10:53] C:\Program Files\Mozilla Firefox
[13/02/2009|17:08] C:\Program Files\MSBuild
[13/02/2009|14:39] C:\Program Files\MSXML 4.0
[19/10/2009|18:45] C:\Program Files\Online Services
[03/11/2008|16:59] C:\Program Files\PC-Doctor for Windows
[21/03/2009|19:00] C:\Program Files\PhotoFiltre
[14/09/2009|19:33] C:\Program Files\QuickTime
[12/09/2009|09:51] C:\Program Files\QuickTime(88)
[03/11/2008|16:41] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[22/02/2009|14:48] C:\Program Files\ReflexiveArcade
[14/11/2009|19:19] C:\Program Files\Spybot - Search & Destroy
[13/02/2009|16:10] C:\Program Files\SystemRequirementsLab
[18/11/2009|17:34] C:\Program Files\TuneUp Utilities 2009
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[14/09/2009|19:37] C:\Program Files\Utilitaire de configuration iPhone
[12/05/2009|10:26] C:\Program Files\Vuze
[17/09/2009|19:51] C:\Program Files\Windows Calendar
[17/09/2009|19:51] C:\Program Files\Windows Collaboration
[17/09/2009|19:51] C:\Program Files\Windows Defender
[20/11/2009|17:08] C:\Program Files\Windows Live
[28/03/2009|12:53] C:\Program Files\Windows Live SkyDrive
[17/09/2009|19:51] C:\Program Files\Windows Mail
[17/09/2009|19:51] C:\Program Files\Windows Media Player
[13/02/2009|13:41] C:\Program Files\Windows NT
[17/09/2009|19:51] C:\Program Files\Windows Photo Gallery
[17/09/2009|19:51] C:\Program Files\Windows Sidebar
[07/07/2009|08:35] C:\Program Files\Winletmin
[13/02/2009|16:48] C:\Program Files\WinRAR
[01/08/2009|15:00] C:\Program Files\Winsudate

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[20/11/2009|17:25] C:\Program Files\Common Files\Adobe
[01/11/2009|18:09] C:\Program Files\Common Files\Apple
[13/02/2009|17:07] C:\Program Files\Common Files\DESIGNER
[03/11/2008|16:54] C:\Program Files\Common Files\HP
[03/11/2008|16:44] C:\Program Files\Common Files\InstallShield
[03/11/2008|16:55] C:\Program Files\Common Files\Java
[01/08/2009|19:05] C:\Program Files\Common Files\LightScribe
[03/11/2008|16:52] C:\Program Files\Common Files\LS Getting Started
[12/07/2009|17:51] C:\Program Files\Common Files\microsoft shared
[24/02/2009|13:52] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[13/02/2009|14:03] C:\Program Files\Common Files\Symantec Shared
[17/09/2009|19:51] C:\Program Files\Common Files\System
[28/03/2009|12:38] C:\Program Files\Common Files\Windows Live
[13/02/2009|16:00] C:\Program Files\Common Files\WindowsLiveInstaller
[28/04/2009|13:02] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 21 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 10:54:35
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 103

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:9][D:8]-> C:\Users\Lauriane\AppData\Local\Temp
[F:42][D:1]-> C:\Users\Lauriane\AppData\Roaming\MICROS~1\Windows\Cookies
[F:251][D:4]-> C:\Users\Lauriane\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:7]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 21/11/2009|10:55 - Option : [2]

--------------------\\ Fin du rapport a 10:55:28
[ UAC => 1 ]
0
Réponse 7 / 37
Raf
 
et voila juste un soucis que j'avais lorsque je lance lop S&D y avais le choix entre suppression Host+ ou Host- j'ai fait le HOSt+
merci
0
Réponse 8 / 37
eZula Messages postés 3509 Statut Contributeur 392
 
Un bon début, mais ça ne suffira pas pour être tranquille.

Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
Double clique combofix.exe et suis les instructions.
Installe la console de récupération si proposé et continue.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
Réponse 9 / 37
Raf
 
Ok antivir à detecté 3 virus que doist-je faire
0
Réponse 10 / 37
eZula Messages postés 3509 Statut Contributeur 392
 
C:\Combofix.txt
0
Réponse 11 / 37
raf
 
ben je peut pas le lancer lorsque je le lance antir m'affiche 3 virus
0
Réponse 12 / 37
raf
 
enfin non il me dit forcelibrary.dll contient cheval de troie
0
Réponse 13 / 37
eZula Messages postés 3509 Statut Contributeur 392
 
tu dois désactiver ton antivirus pour le laisser tourner
0
Réponse 14 / 37
Raf
 
ComboFix 09-11-20.02 - Lauriane 21/11/2009 11:33.1.3 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2942.1855 [GMT 1:00]
Lancé depuis: c:\users\Lauriane\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2735200289-1753316297-3505708831-500
c:\$recycle.bin\S-1-5-21-3213520390-330048417-2416552161-500
c:\$recycle.bin\S-1-5-21-379578684-575248035-2863804450-1000
c:\windows\system32\drivers\pciide.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-21 au 2009-11-21 ))))))))))))))))))))))))))))))))))))
.

2009-11-21 10:29 . 2009-11-21 10:30 49152 d-----w- C:\32788R22FWJFW.2.tmp
2009-11-21 10:24 . 2009-11-21 10:24 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-11-21 09:53 . 2009-11-21 09:55 8192 d-----w- C:\Lop SD
2009-11-21 09:27 . 2009-11-21 10:02 4096 d-----w- C:\GenProc
2009-11-20 17:20 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-20 17:20 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Avira
2009-11-20 17:11 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 17:11 . 2009-11-20 17:11 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 17:11 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 16:24 . 2009-11-20 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-20 16:15 . 2009-11-20 16:15 -------- d-----w- c:\program files\FileHippo.com
2009-11-20 16:13 . 2009-11-20 16:13 -------- d-----w- c:\program files\CCleaner
2009-11-18 16:34 . 2009-11-18 16:34 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-11-18 16:34 . 2009-11-18 16:34 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-18 16:34 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-11-18 16:34 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-14 12:07 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-11 09:24 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 09:24 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-05 18:27 . 2009-11-05 18:27 -------- d-----w- c:\program files\Microsoft WSE
2009-11-05 18:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-05 18:15 . 2009-11-05 18:34 -------- d-----w- c:\program files\Electronic Arts
2009-11-01 17:09 . 2009-11-01 17:09 -------- d-----w- c:\program files\iPod
2009-11-01 17:09 . 2009-11-01 17:10 4096 d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 10:33 . 2008-11-04 00:06 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-21 10:33 . 2008-11-04 00:06 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-21 10:26 . 2009-06-14 19:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-20 18:12 . 2009-02-24 15:25 8192 d-----w- c:\program files\Chicken Invaders 2
2009-11-20 17:13 . 2008-11-03 15:41 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-20 16:30 . 2009-02-13 15:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 16:17 . 2009-02-13 15:05 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-20 16:08 . 2009-02-13 13:42 4096 d-----w- c:\program files\Windows Live
2009-11-18 16:34 . 2009-02-13 15:18 49152 d-----w- c:\program files\TuneUp Utilities 2009
2009-11-14 18:19 . 2009-02-13 15:16 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 19:42 . 2009-10-02 17:03 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 17:09 . 2009-02-13 14:51 4096 d-----w- c:\program files\Common Files\Apple
2009-10-19 17:44 . 2008-11-03 15:43 4096 d-----w- c:\program files\Hewlett-Packard
2009-09-17 18:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-14 09:29 . 2009-10-15 17:06 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 17:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-15 17:06 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-15 17:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-15 11:08 . 2009-05-15 11:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Store file readme bash"="c:\programdata\Eq Dvd Mp3.om4rusz" [X]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WinUsr"="c:\program files\Winsudate\gibusr.exe" [2009-08-01 88304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ce,d1,93,03,35,38,ca,01

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/11/2009 18:20 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18/11/2009 17:34 604488]
R2 WinSvc;Gestionnaire de mise à jour Winsudate;c:\program files\Winsudate\gibsvc.exe [07/07/2009 08:35 70896]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [05/09/2009 13:17 218112]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/11/2009 13:07 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Lauriane\AppData\Roaming\Mozilla\Firefox\Profiles\mxa2ywfb.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 11:43
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-11-21 11:46
ComboFix-quarantined-files.txt 2009-11-21 10:46

Avant-CF: 356 557 070 336 octets libres
Après-CF: 356 484 710 400 octets libres

- - End Of File - - 0D3E73EBDB5DD1E22C6733253AE11BC2
0
Réponse 15 / 37
Raf
 
voilou
0
Réponse 16 / 37
Raf
 
ezula..:((
0
Réponse 17 / 37
eZula Messages postés 3509 Statut Contributeur 392
 
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 

Driver::
WinSvc

File::
C:\ProgramData\Eq Dvd Mp3.om4rusz
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp 
c:\program files\Winsudate\gibusr.exe

Folder::
C:\ProgramData\aboutthunkcity
c:\program files\Winsudate

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Store file readme bash"=-
"WinUsr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000


Enregistre ce fichier sous le nom CFScript

[*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
[*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 18 / 37
raf
 
ComboFix 09-11-20.02 - Lauriane 21/11/2009 12:09.2.3 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2942.1845 [GMT 1:00]
Lancé depuis: c:\users\Lauriane\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lauriane\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\32788R22FWJFW.1.tmp"
"C:\32788R22FWJFW.2.tmp"
"c:\program files\Winsudate\gibusr.exe"
"c:\programdata\Eq Dvd Mp3.om4rusz"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Winsudate
c:\program files\Winsudate\gibcom.dll
c:\program files\Winsudate\gibidl.dll
c:\program files\Winsudate\gibsvc.exe
c:\program files\Winsudate\gibupt.exe
c:\program files\Winsudate\gibusr.exe
c:\programdata\aboutthunkcity
c:\programdata\aboutthunkcity\Blue long view bend.exe
c:\programdata\aboutthunkcity\smusaogz.exe
c:\programdata\Eq Dvd Mp3.om4rusz

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_WinSvc

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-21 au 2009-11-21 ))))))))))))))))))))))))))))))))))))
.

2009-11-21 20:21 . 2009-04-11 06:32 14312 ----a-w- c:\windows\system32\drivers\pciide.sys
2009-11-21 10:29 . 2009-11-21 10:30 49152 d-----w- C:\32788R22FWJFW.2.tmp
2009-11-21 10:24 . 2009-11-21 10:24 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-11-21 09:53 . 2009-11-21 09:55 -------- d-----w- C:\Lop SD
2009-11-21 09:27 . 2009-11-21 10:02 4096 d-----w- C:\GenProc
2009-11-20 17:20 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-20 17:20 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-20 17:20 . 2009-11-20 17:20 -------- d-----w- c:\program files\Avira
2009-11-20 17:11 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 17:11 . 2009-11-20 17:11 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 17:11 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 16:24 . 2009-11-20 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-20 16:15 . 2009-11-20 16:15 -------- d-----w- c:\program files\FileHippo.com
2009-11-20 16:13 . 2009-11-20 16:13 -------- d-----w- c:\program files\CCleaner
2009-11-18 16:34 . 2009-11-18 16:34 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-11-18 16:34 . 2009-11-18 16:34 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-18 16:34 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-11-18 16:34 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-14 12:07 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-11 09:24 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 09:24 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-05 18:27 . 2009-11-05 18:27 -------- d-----w- c:\program files\Microsoft WSE
2009-11-05 18:27 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-05 18:15 . 2009-11-05 18:34 -------- d-----w- c:\program files\Electronic Arts
2009-11-01 17:09 . 2009-11-01 17:09 -------- d-----w- c:\program files\iPod
2009-11-01 17:09 . 2009-11-01 17:10 4096 d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 11:19 . 2009-06-14 19:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-21 10:33 . 2008-11-04 00:06 672084 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-21 10:33 . 2008-11-04 00:06 124228 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-20 18:12 . 2009-02-24 15:25 8192 d-----w- c:\program files\Chicken Invaders 2
2009-11-20 17:13 . 2008-11-03 15:41 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-20 16:30 . 2009-02-13 15:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 16:17 . 2009-02-13 15:05 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-20 16:08 . 2009-02-13 13:42 4096 d-----w- c:\program files\Windows Live
2009-11-18 16:34 . 2009-02-13 15:18 49152 d-----w- c:\program files\TuneUp Utilities 2009
2009-11-14 18:19 . 2009-02-13 15:16 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 19:42 . 2009-10-02 17:03 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 17:09 . 2009-02-13 14:51 4096 d-----w- c:\program files\Common Files\Apple
2009-10-19 17:44 . 2008-11-03 15:43 4096 d-----w- c:\program files\Hewlett-Packard
2009-09-17 18:50 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-14 09:29 . 2009-10-15 17:06 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 17:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-15 17:06 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-15 17:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-15 11:08 . 2009-05-15 11:08 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ce,d1,93,03,35,38,ca,01

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/11/2009 18:20 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [18/11/2009 17:34 604488]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [05/09/2009 13:17 218112]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/11/2009 13:07 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{0094F739-E0A3-437E-9DCE-DDDB0951C663}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Lauriane\AppData\Roaming\Mozilla\Firefox\Profiles\mxa2ywfb.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 12:24
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3888)
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2009-11-21 12:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-21 11:28
ComboFix2.txt 2009-11-21 10:46

Avant-CF: 356 526 825 472 octets libres
Après-CF: 356 269 633 536 octets libres

- - End Of File - - 93A60958F0B68D97F66D9005513600E8
0
Réponse 19 / 37
raf
 
depuis cette manip le pc est super lent il bug
0
Réponse 20 / 37
eZula Messages postés 3509 Statut Contributeur 392
 
ça me semble pas trop mal. Juste, une vérification sur ces deux fichiers

C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp

peux-tu les scanner sur le site virustotal et poster les deux rapports ?
0
raf
 
ya pas de fichier
0

Discussions similaires

Inversion des touches Majuscules et Minuscules quand je tape
Caroline -
pistouri -

1 réponse
Où est la touche SHIFT sur mon clavier d'ordi ?
joe! -
fernando-_ytb -

18 réponses
PC HP portable ne démarre pas, Led majuscule clignote.
megamario -
Funkymoh -

10 réponses
Ctrl + Maj + N ne crée pas de nouveau dossier
Remi -
pistouri -

7 réponses
Touches majuscule et minuscule inversées sur mon clavier
popoloko -
person -

27 réponses