Ordinateur infecté
biia
-
flo-91 Messages postés 5973 Statut Contributeur sécurité -
flo-91 Messages postés 5973 Statut Contributeur sécurité -
Bonjour,
mon ordinateur est sûrement infecté par un virus, ou cookie, ... je sais pas quoi mais en tout cas, internet m'ouvre de pages de pub très souvent et se ferme tout seul parfois.
si vous pouvez m'aider ....
merci d'avance en tout cas
j'ai fait un scan avec GenProc, rapport ci après:
----------------------------------------------------
Rapport GenProc 2.650 [1] - 26/11/2009 à 21:17:50
@ Windows VISTA Service Pack 2 - Packard Bell BV - Mode normal
@ Internet Explorer 7.0.6002.18005 [Navigateur par défaut]
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :
C:\ProgramData\QuestService\questservice125.exe
"
et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:03, on 26/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1170359850\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\cmd.exe
C:\GenProc\Outil\Benji_GenProc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1380\TCPIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1800\wso.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170359850\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1090\InternetToday.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.isketch.net/isketch.shtml"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.pixum.fr/?p_ref=crm_umleitung_photoreflex_1113
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcVistaBeta.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c962ce146bab0f) (gupdate1c962ce146bab0f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice125.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
mon ordinateur est sûrement infecté par un virus, ou cookie, ... je sais pas quoi mais en tout cas, internet m'ouvre de pages de pub très souvent et se ferme tout seul parfois.
si vous pouvez m'aider ....
merci d'avance en tout cas
j'ai fait un scan avec GenProc, rapport ci après:
----------------------------------------------------
Rapport GenProc 2.650 [1] - 26/11/2009 à 21:17:50
@ Windows VISTA Service Pack 2 - Packard Bell BV - Mode normal
@ Internet Explorer 7.0.6002.18005 [Navigateur par défaut]
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :
C:\ProgramData\QuestService\questservice125.exe
"
et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:03, on 26/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1170359850\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\cmd.exe
C:\GenProc\Outil\Benji_GenProc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1380\TCPIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1800\wso.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170359850\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1090\InternetToday.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.isketch.net/isketch.shtml"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.pixum.fr/?p_ref=crm_umleitung_photoreflex_1113
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcVistaBeta.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c962ce146bab0f) (gupdate1c962ce146bab0f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice125.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
A voir également:
- Ordinateur infecté
- Ordinateur qui rame - Guide
- Réinitialiser ordinateur - Guide
- Clavier de l'ordinateur - Guide
- # Sur ordinateur - Guide
- Pad ordinateur bloqué - Guide
5 réponses
Bonsoir,
Fait ce que dit Genproc puis :
>Telecharge Combofix ici et enregistre le sur ton bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
# Ferme toutes les fenêtres de programme ouvertes, y compris celle-ci.
# Ferme ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.
#Double clic sur l'icône de ComboFix située sur le Bureau. Note bien que, une fois que tu as lancé ComboFix, tu ne dois pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme. En fait, lorsque ComboFix tourne, ne touche plus du tout à ton pc. L'analyse peut prendre un certain temps, donc soit patient.
#Une fenêtre présentant les différents sites autorisés de téléchargement de ComboFix s'affiche. Dans cette fenêtre, clique sur le bouton OK.
#Après la fin de la sauvegarde du Registre Windows, ComboFix va essayer de savoir si la Console de récupération est installée. Si tu ne l'a pas déja fait accepte.
#Ceci peut durer un certain temps, donc surtout soit patient. Si tu vois ton Bureau Windows disparaître, ne t'inquiete pas. C'est normal, et ComboFix restaurera votre Bureau avant de se terminer. Finalement, tu verras un nouvel affichage déclarant que le programme a presque fini et vous annonçant que le fichier rapport, ou log, se trouvera dans C:\ComboFix.txt.
#Poste ce rapport.
Fait ce que dit Genproc puis :
>Telecharge Combofix ici et enregistre le sur ton bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
# Ferme toutes les fenêtres de programme ouvertes, y compris celle-ci.
# Ferme ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.
#Double clic sur l'icône de ComboFix située sur le Bureau. Note bien que, une fois que tu as lancé ComboFix, tu ne dois pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme. En fait, lorsque ComboFix tourne, ne touche plus du tout à ton pc. L'analyse peut prendre un certain temps, donc soit patient.
#Une fenêtre présentant les différents sites autorisés de téléchargement de ComboFix s'affiche. Dans cette fenêtre, clique sur le bouton OK.
#Après la fin de la sauvegarde du Registre Windows, ComboFix va essayer de savoir si la Console de récupération est installée. Si tu ne l'a pas déja fait accepte.
#Ceci peut durer un certain temps, donc surtout soit patient. Si tu vois ton Bureau Windows disparaître, ne t'inquiete pas. C'est normal, et ComboFix restaurera votre Bureau avant de se terminer. Finalement, tu verras un nouvel affichage déclarant que le programme a presque fini et vous annonçant que le fichier rapport, ou log, se trouvera dans C:\ComboFix.txt.
#Poste ce rapport.
si tu veux le meilleur conseil prent iolo systeme mechanic il va tout nettoyer en 10 m tu vera j'lai testé il ma mis un super coup de boost . je croyait qu'il marchait bien mais il etais infecté a bloc
Ok,
Supprime ce fichier :
C:\ProgramData\QuestService\questservice125.exe
Puis :
>Ad-Remover<
>Telecharge Ad-Remover et enregistre-le sur ton bureau :
https://www.commentcamarche.net/telecharger/securite/2547-ad-remover/
>Désactive ton antivirus le temps de la manip
>Déconnecte-toi d'Internet et ferme toutes applications en cours
>Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
>Au menu principal, choisis l'option S ( scanner )
>Poste le rapport généré (C:\Ad-Report-CLEAN.log).
>N'oublie pas de réactiver ton anti-virus
Supprime ce fichier :
C:\ProgramData\QuestService\questservice125.exe
Puis :
>Ad-Remover<
>Telecharge Ad-Remover et enregistre-le sur ton bureau :
https://www.commentcamarche.net/telecharger/securite/2547-ad-remover/
>Désactive ton antivirus le temps de la manip
>Déconnecte-toi d'Internet et ferme toutes applications en cours
>Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
>Au menu principal, choisis l'option S ( scanner )
>Poste le rapport généré (C:\Ad-Report-CLEAN.log).
>N'oublie pas de réactiver ton anti-virus
bonsoir
voila j'ai bien lu tous ce que vous avez écrit j'ai aussi un gros problème de page de pub qui s'affiche j'ai télécharger ad remover mais en voulant l'exécuté il me dit que le controle du compte utilisateur est activé et je ne sais pas le désactiver est ce que vous pourriez m'aider s'il vous plais pour que je puisse poster le rapport et me débarrasser de ces pubs
merci d'avance
et bonne année a tous
voila j'ai bien lu tous ce que vous avez écrit j'ai aussi un gros problème de page de pub qui s'affiche j'ai télécharger ad remover mais en voulant l'exécuté il me dit que le controle du compte utilisateur est activé et je ne sais pas le désactiver est ce que vous pourriez m'aider s'il vous plais pour que je puisse poster le rapport et me débarrasser de ces pubs
merci d'avance
et bonne année a tous
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
si tu peux m'indiquer la marche à suivre
merci bcp
et j'ai aussi fait System mechanic qui booste l'ordi. merci
Benji
ComboFix 09-11-26.01 - Benji 26/11/2009 23:33.1.1 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2814.2038 [GMT 1:00]
Lancé depuis: c:\users\Benji\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081124-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1686980332-131546395-1129773313-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Automated Content Enhancer\4.1.0.5050\ACEIeaddon.dll
c:\program files\Content Management Wizard\1.1.0.1820\CMWIe.dll
c:\program files\Customized Platform Advancer\3.1.0.1540\CPAIeaddon.dll
c:\program files\Textual Content Provider\1.1.0.1380\TCPIe.dll
c:\program files\Web Search Operator\3.1.0.1800\wsO.dll
c:\users\Benji\AppData\Local\Microsoft\Windows\Temporary Internet Files\output.xml
c:\users\Benji\AppData\Local\Microsoft\Windows\Temporary Internet Files\Scanner.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-26 au 2009-11-26 ))))))))))))))))))))))))))))))))))))
.
2009-11-26 22:54 . 2009-11-26 23:04 -------- d-----w- c:\users\Benji\AppData\Local\temp
2009-11-26 22:54 . 2009-11-26 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-26 22:54 . 2009-11-26 22:54 -------- d-----w- c:\users\pccity\AppData\Local\temp
2009-11-26 22:06 . 2009-11-26 22:06 518 ----a-w- c:\users\Benji\AppData\Roaming\iolo\Registry\Last\restore.bat
2009-11-26 21:13 . 2009-11-26 21:13 1295 ----a-w- c:\users\Benji\AppData\Roaming\iolo\restore.bat
2009-11-26 20:59 . 2009-09-08 08:40 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2009-11-26 20:59 . 2009-11-25 16:58 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-11-26 20:59 . 2009-11-25 16:57 2118568 ----a-w- c:\windows\system32\Incinerator.dll
2009-11-26 20:59 . 2009-08-26 13:42 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-11-26 20:59 . 2009-08-26 13:42 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-11-26 20:59 . 2009-11-26 20:59 -------- d-----w- c:\program files\iolo
2009-11-26 20:32 . 2009-11-26 20:41 4096 d-----w- c:\windows\BDOSCAN8
2009-11-26 20:17 . 2009-11-26 20:17 4096 d-----w- C:\GenProc
2009-11-26 19:01 . 2009-11-26 20:55 -------- d-----w- c:\programdata\Norton
2009-11-26 19:00 . 2009-11-26 19:00 -------- d-----w- c:\programdata\NortonInstaller
2009-11-26 18:50 . 2009-11-26 18:50 -------- d-----w- c:\users\pccity\AppData\Local\Web Search Operator
2009-11-26 18:49 . 2009-11-26 18:49 -------- d-----w- c:\users\pccity\AppData\Local\Textual Content Provider
2009-11-26 18:35 . 2009-11-04 13:31 58744 ----a-w- c:\programdata\QuestService\questservice125.exe
2009-11-26 18:33 . 2009-11-26 18:33 -------- d-----w- c:\users\Benji\AppData\Local\Textual Content Provider
2009-11-26 18:32 . 2009-11-26 21:05 4096 d-----w- c:\program files\QuestService
2009-11-26 18:32 . 2009-11-26 18:35 -------- d-----w- c:\programdata\QuestService
2009-11-26 18:32 . 2009-11-26 18:32 -------- d-----w- c:\program files\Textual Content Provider
2009-11-26 18:32 . 2009-11-26 18:32 -------- d-----w- c:\program files\Content Management Wizard
2009-11-26 18:31 . 2009-11-26 18:31 -------- d-----w- c:\program files\Customized Platform Advancer
2009-11-26 18:31 . 2009-11-26 18:31 -------- d-----w- c:\program files\Automated Content Enhancer
2009-11-26 18:31 . 2009-11-26 18:31 -------- d-----w- c:\users\Benji\AppData\Local\Web Search Operator
2009-11-26 18:31 . 2009-11-26 18:31 -------- d-----w- c:\program files\Web Search Operator
2009-11-26 18:31 . 2009-11-24 08:36 3058028 -c----w- c:\programdata\{73E0095D-24DB-442B-A7B7-45B559A23529}\Setup.exe
2009-11-26 18:30 . 2009-11-26 18:34 -------- d-----w- c:\program files\HottieStar Toolbar
2009-11-26 18:30 . 2009-11-26 18:34 -------- dc-h--w- c:\programdata\{73E0095D-24DB-442B-A7B7-45B559A23529}
2009-11-25 20:19 . 2009-11-25 20:24 -------- d-----w- c:\program files\SopCast
2009-11-24 22:35 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 18:52 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 18:52 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 18:45 . 2009-11-24 18:49 -------- d-----w- c:\users\Default\AppData\Local\Adobe
2009-11-12 17:20 . 2009-11-20 06:45 -------- d-----w- c:\users\Benji\AppData\Roaming\HpUpdate
2009-11-11 12:55 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 12:54 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 23:12 . 2007-02-02 04:31 678718 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-26 23:12 . 2007-02-02 04:31 127798 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-26 22:16 . 2007-04-28 15:32 4096 d-----w- c:\program files\Club-Internet
2009-11-26 22:13 . 2008-11-15 11:26 4096 d-----w- c:\programdata\iolo
2009-11-26 22:08 . 2008-03-23 14:14 4096 d-----w- c:\users\Benji\AppData\Roaming\DNA
2009-11-26 22:08 . 2007-04-29 10:52 4096 d-----w- c:\program files\LED
2009-11-26 22:08 . 2007-02-01 20:10 32768 d-----w- c:\program files\Microsoft Works
2009-11-26 22:08 . 2008-03-23 14:14 36864 d-----w- c:\users\Benji\AppData\Roaming\BitTorrent
2009-11-26 22:07 . 2008-03-27 17:28 4096 d-----w- c:\users\pccity\AppData\Roaming\BitTorrent
2009-11-26 21:13 . 2008-11-15 11:26 -------- d-----w- c:\users\Benji\AppData\Roaming\iolo
2009-11-26 21:06 . 2008-03-23 14:14 -------- d-----w- c:\program files\DNA
2009-11-26 21:05 . 2007-02-01 20:04 12288 d-----w- c:\program files\Common Files\Symantec Shared
2009-11-26 20:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-11-26 20:55 . 2008-10-01 17:45 -------- d-----w- c:\program files\Norton Security Scan
2009-11-26 20:55 . 2008-12-03 17:06 -------- d-----w- c:\programdata\Symantec
2009-11-26 20:51 . 2008-02-24 17:58 4096 d-----w- c:\programdata\Google Updater
2009-11-24 18:47 . 2007-02-01 19:55 4096 d-----w- c:\program files\Common Files\Adobe
2009-11-14 19:30 . 2008-02-24 18:03 4096 d-----w- c:\program files\Picasa2
2009-11-04 14:21 . 2007-05-02 17:33 4096 d-----w- c:\program files\Google
2009-11-02 19:42 . 2009-10-03 17:55 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-25 13:55 . 2007-04-28 19:08 -------- d-----w- c:\programdata\Roxio
2009-10-23 20:40 . 2009-09-21 21:24 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-19 08:49 . 2009-10-19 08:49 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-09 19:17 . 2009-10-09 19:17 -------- d--h--r- c:\users\Benji\AppData\Roaming\SecuROM
2009-10-09 18:26 . 2009-05-13 15:22 -------- d-----w- c:\program files\EA SPORTS
2009-10-09 18:15 . 2009-10-09 18:15 115976 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2278372967 }\fifa_2008_ukfrdeitnl\Setup.exe
2009-10-09 18:15 . 2009-10-09 18:15 188416 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2278372967 }\fifa_2008_ukfrdeitnl\paul.dll
2009-10-09 18:02 . 2009-10-09 18:02 11182080 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2278372967 }\fifa_2008_ukfrdeitnl\FIFA08.exe
2009-10-09 18:02 . 2009-10-09 18:02 386312 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2278372967 }\fifa_2008_ukfrdeitnl\EASetup.exe
2009-10-09 18:02 . 2009-10-09 18:02 402696 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ 2278372967 }\fifa_2008_ukfrdeitnl\AutoRun.exe
2009-10-07 18:43 . 2009-10-07 18:43 -------- d-----w- c:\programdata\Electronic Arts
2009-10-07 18:43 . 2009-10-07 18:43 -------- d-----w- c:\program files\Electronic Arts
2009-10-06 17:46 . 2009-10-06 17:46 -------- d-----w- c:\users\pccity\AppData\Roaming\Printer Info Cache
2009-10-06 17:46 . 2009-10-06 17:46 4096 d-----w- c:\users\pccity\AppData\Roaming\Image Zone Express
2009-09-30 20:53 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-09-30 20:53 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-30 20:53 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-09-30 20:53 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-09-30 20:53 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-09-30 20:53 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-09-30 20:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-30 17:46 . 2007-05-02 17:30 4096 d-----w- c:\program files\Java
2009-09-14 09:29 . 2009-10-14 15:08 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 15:09 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-14 15:08 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-11-05 13:54 . 2009-11-05 13:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-02-02 04:33 . 2007-02-02 04:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 14:04 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-06-02 24264488]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eCarteBleue-CLEO"="c:\program files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe " [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HostManager"="c:\program files\Common Files\AOL\1170359850\ee\AOLSoftware.exe" [2006-11-14 50736]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-05 30192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-05 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-05 7766016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-11-25 346040]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-4 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-9-11 2641920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b0,8b,b5,64,80,42,ca,01
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [06/04/2008 17:20 114768]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\ElRawDsk.sys [26/11/2009 21:59 20392]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [06/04/2008 17:20 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [06/05/2007 19:36 51792]
R3 L6DP;L6DP;c:\windows\System32\drivers\l6dp.sys [07/07/2009 23:00 29312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-11-26 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-02-01 16:38]
2009-11-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-02 17:29]
2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-20 18:09]
2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-20 18:09]
2009-11-26 c:\windows\Tasks\User_Feed_Synchronization-{632F6546-FC0C-48CC-9071-5ED8009236F7}.job
- c:\windows\system32\msfeedssync.exe [2008-06-26 07:33]
2009-11-26 c:\windows\Tasks\User_Feed_Synchronization-{E4C4809E-6CF2-46D7-AC96-045FA9FC7D96}.job
- c:\windows\system32\msfeedssync.exe [2008-06-26 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-internet.fr
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: line6.net
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.orderingmemory.com/controls/cpcVistaBeta.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
FF - ProfilePath - c:\users\Benji\AppData\Roaming\Mozilla\Firefox\Profiles\mamqdbvp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Chercher Malin
FF - prefs.js: browser.startup.homepage - hxxp://www.cherchermalin.com/?t=Q0908231504&s=h
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI
AddRemove-PDFCreator Toolbar - c:\windows\PDFCreator_Toolbar_Uninstaller_4062.exe _?=c:\program files\PDFCreator Toolbar
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 00:06
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\Benji\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8531C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x897aad24
\Driver\ACPI -> acpi.sys @ 0x80744d68
\Driver\atapi -> 0x8531b1f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-354685366-712831841-1673905190-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a8,c9,d1,e6,7d,d4,21,dc,13,c2,96,04,91,d3,61,47,68,86,c8,7e,6a,f4,e3,
19,8d,32,e1,0d,14,10,56,d4,75,af,af,cc,a9,23,3f,9d,8e,c5,f5,b9,9d,09,53,b1,\
"??"=hex:34,00,78,a6,c6,1a,f7,03,64,66,e0,1e,cf,30,a0,c2
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1824)
c:\program files\QuestService\questservice.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\iolo\common\lib\ioloServiceManager.exe
c:\programdata\QuestService\questservice125.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\QuestService\questservice.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-11-27 00:21 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-26 23:21
Avant-CF: 45 480 419 328 octets libres
Après-CF: 47 351 230 464 octets libres
- - End Of File - - F64F3066C40A14843B54310ED8CE225E
-----------------------------------------------------------------------------
et aussi le rapport de ce que m'a demandé GenProc
Fichier A42BEFAA7818F1EFE57100105C58E500365E9CE8.exe reçu le 2009.11.26 15:32:19 (UTC)
Situation actuelle: terminé
Résultat: 3/41 (7.32%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.26 -
AhnLab-V3 5.0.0.2 2009.11.26 -
AntiVir 7.9.1.78 2009.11.26 -
Antiy-AVL 2.0.3.7 2009.11.26 -
Authentium 5.2.0.5 2009.11.26 -
Avast 4.8.1351.0 2009.11.26 -
AVG 8.5.0.425 2009.11.26 -
BitDefender 7.2 2009.11.26 -
CAT-QuickHeal 10.00 2009.11.26 -
ClamAV 0.94.1 2009.11.26 -
Comodo 3045 2009.11.26 -
DrWeb 5.0.0.12182 2009.11.26 Adware.Seekser.6
eSafe 7.0.17.0 2009.11.24 -
eTrust-Vet 35.1.7143 2009.11.26 -
F-Prot 4.5.1.85 2009.11.25 -
F-Secure 9.0.15370.0 2009.11.24 -
Fortinet 4.0.14.0 2009.11.26 -
GData 19 2009.11.26 -
Ikarus T3.1.1.74.0 2009.11.26 -
Jiangmin 11.0.800 2009.11.26 -
K7AntiVirus 7.10.905 2009.11.25 -
Kaspersky 7.0.0.125 2009.11.26 -
McAfee 5813 2009.11.25 -
McAfee+Artemis 5813 2009.11.25 -
McAfee-GW-Edition 6.8.5 2009.11.26 -
Microsoft 1.5302 2009.11.26 -
NOD32 4639 2009.11.26 -
Norman 6.03.02 2009.11.25 -
nProtect 2009.1.8.0 2009.11.26 -
Panda 10.0.2.2 2009.11.26 -
PCTools 7.0.3.5 2009.11.26 -
Prevx 3.0 2009.11.26 Medium Risk Malware
Rising 22.23.03.10 2009.11.26 -
Sophos 4.48.0 2009.11.26 -
Sunbelt 3.2.1858.2 2009.11.26 -
Symantec 1.4.4.12 2009.11.26 -
TheHacker 6.5.0.2.079 2009.11.26 -
TrendMicro 9.100.0.1001 2009.11.26 -
VBA32 3.12.12.0 2009.11.26 AdWare.Win32.Zwangi.aa
ViRobot 2009.11.26.2056 2009.11.26 -
VirusBuster 5.0.21.0 2009.11.25 -
Information additionnelle
File size: 58744 bytes
MD5 : 8be9f8a92d391d27e82e19df9305d289
SHA1 : 84d96d076b69d34d2276134a310f876e0851cb82
SHA256: 42436be05ad2f46dd9d8ee1a81783998c3e30446722bbad47eb5e4ff60d1afe0
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4453
timedatestamp.....: 0x4AF18248 (Wed Nov 4 14:31:52 2009)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x74E9 0x8000 6.20 15f42f6635f29aa8ebee9b853351021f
.rdata 0x9000 0x1BCC 0x2000 4.79 866a684b5fdae86daa8f830542181116
.data 0xB000 0x958 0x1000 1.04 378e7f93a61ec4b65377caea584d4378
.rsrc 0xC000 0x10 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
( 1 imports )
> kernel32.dll: lstrcpyA, lstrlenA, UnmapViewOfFile, FlushViewOfFile, MapViewOfFile, CloseHandle, CreateFileMappingA, GetFileSize, CreateFileA, GetProcAddress, LoadLibraryExA, lstrcmpA, RtlUnwind, RaiseException, GetSystemTimeAsFileTime, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersionExA, HeapAlloc, HeapFree, SetUnhandledExceptionFilter, ExitProcess, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, HeapSize, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, GetACP, GetOEMCP, GetCPInfo, LoadLibraryA, InterlockedExchange, VirtualQuery, GetLocaleInfoA, VirtualProtect, GetSystemInfo, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId
( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 768:xrIR6DYCXN3CeWZjce6zv6uBZR06n+ZGzq9bYImlODqWUL9Hxe:lIRBMNzWVcvzDZR046Gzq9kEDqtR4
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=A42BEFAA7818F1EFE57100105C58E500365E9CE8
PEiD : -
RDS : NSRL Reference Data Set
-