Virus system32

ju082000 -  
sherred Messages postés 8605 Statut Membre -
Bonjour,

j'ai un petit problème avec mon ordinateur, je crois avoir un virus, internet explorer se ferme tout seul etc..., voici mon rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 14:50:11, on 16/07/2010
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent .exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\julien\AppData\Local\Temp\Rar$EX00.992\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: CCAB - {C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - C:\Windows\system32\iR44AVGO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EWABQAF7KL] C:\Users\julien\AppData\Local\Temp\Ng1.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate1c95d61978e5c30) (gupdate1c95d61978e5c30) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Merci de votre aide

7 réponses

  1. sherred Messages postés 8605 Statut Membre 351
     
    Télécharge combofix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    clique combofix.exe.
    touche 1 (Yes) pour démarrer le scan.
    une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve également ici : C:\Combofix.txt

    Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
    arrete les anti virus et autres protection pendand l'analyse
    Pendant la durée de l'analyse ne te sert pas de ton pc

    une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
    0
  2. ju082000
     
    voici le rapport:

    ComboFix 10-07-15.03 - julien 16/07/2010 15:13:20.1.2 - x86
    Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3066.1843 [GMT 2:00]
    Lancé depuis: c:\users\julien\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\DAEMON Tools Lite\daemon.exe
    c:\program files\Mozilla Firefox\components\npclntax.xpt
    c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe
    c:\program files\Windows Live\Messenger\MsnMsgr.Exe
    c:\programdata\da3YB2g4.exe
    c:\programdata\da3YB2g4.exe_
    c:\users\julien\AppData\Roaming\0C5165E354C399EDB5D71D5E4A3D3F2A
    c:\users\julien\AppData\Roaming\0C5165E354C399EDB5D71D5E4A3D3F2A\enemies-names.txt
    c:\users\julien\AppData\Roaming\0C5165E354C399EDB5D71D5E4A3D3F2A\local.ini
    c:\users\julien\AppData\Roaming\0C5165E354C399EDB5D71D5E4A3D3F2A\lsrslt.ini
    c:\users\julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
    c:\users\julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
    c:\users\julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
    c:\windows\Nzacoa.exe
    c:\windows\SEC
    c:\windows\SEC\172100logo.bmp
    c:\windows\SEC\banner.png
    c:\windows\SEC\Computer.png
    c:\windows\SEC\Media _S_ Logo.png
    c:\windows\SEC\Samsung.png
    c:\windows\SEC\Samsung2.png
    c:\windows\SEC\SamsungLogo.png
    c:\windows\SEC\Wallpapers\wallpaper.jpg
    c:\windows\SEC\Wallpapers\wallpaper1.jpg
    c:\windows\SEC\Wallpapers\Wallpaper2.jpg
    c:\windows\system32\%appdata%
    c:\windows\system32\driVERs\cbjsy.sys
    c:\windows\system32\iR44avgo.dll

    [code] <pre>
    c:\program files\DAEMON Tools Lite\daemon .exe ---^> c:\program files\DAEMON Tools Lite\daemon.exe
    c:\program files\Samsung\Samsung New PC Studio\NPSAgent .exe ---^> c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
    c:\program files\Synaptics\SynTP\SynTPEnh .exe ---^> c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\Windows Live\Messenger\MsnMsgr .exe ---^> c:\program files\Windows Live\Messenger\MsnMsgr.exe
    </pre> /code
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_cbjsy
    -------\Service_cbjsy

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-06-16 au 2010-07-16 ))))))))))))))))))))))))))))))))))))
    .

    2010-07-16 13:25 . 2010-07-16 13:28 -------- d-----w- c:\users\julien\AppData\Local\temp
    2010-07-16 13:25 . 2010-07-16 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-07-16 12:49 . 2010-07-16 12:49 -------- d-----w- C:\hijackthis
    2010-07-07 19:19 . 2010-07-07 19:19 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
    2010-07-07 16:20 . 2010-07-07 16:20 -------- d-----w- c:\program files\Wondershare
    2010-07-05 16:17 . 2010-07-05 16:19 -------- d-----w- c:\users\julien\AppData\Roaming\Apple Computer
    2010-07-05 16:17 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-07-05 16:17 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-07-05 16:17 . 2010-07-05 16:17 -------- d-----w- c:\program files\iPod
    2010-07-05 16:17 . 2010-07-07 19:19 -------- d-----w- c:\program files\iTunes
    2010-07-05 16:17 . 2010-07-05 16:17 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-05 16:16 . 2010-07-05 16:17 -------- d-----w- c:\programdata\Apple Computer
    2010-07-05 16:15 . 2010-07-05 16:15 -------- d-----w- c:\program files\Apple Software Update
    2010-07-05 16:14 . 2010-07-05 16:14 -------- d-----w- c:\program files\Bonjour
    2010-07-03 10:00 . 2010-07-03 10:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-03 09:53 . 2010-07-15 20:49 -------- d-----w- c:\programdata\Lavasoft
    2010-07-03 09:40 . 2010-07-15 20:49 -------- d-----w- c:\program files\Lavasoft
    2010-06-30 19:39 . 2010-07-06 18:04 776 ----a-w- c:\windows\system32\dmlg.dat
    2010-06-30 09:12 . 2010-06-30 09:12 -------- d-----w- c:\users\julien\AppData\Roaming\Malwarebytes
    2010-06-30 09:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-30 09:11 . 2010-06-30 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-30 09:11 . 2010-06-30 09:11 -------- d-----w- c:\programdata\Malwarebytes
    2010-06-30 09:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-29 21:11 . 2010-06-30 11:11 -------- d-----w- c:\users\julien\AppData\Local\svkhkiljg
    2010-06-26 07:29 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2010-06-26 07:29 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
    2010-06-24 08:12 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-06-24 08:12 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-06-24 08:12 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-06-24 08:12 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-06-24 08:12 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-06-23 07:58 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-06-23 07:57 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-16 13:28 . 2009-11-10 21:23 -------- d-----w- c:\users\julien\AppData\Roaming\LimeWire
    2010-07-16 13:27 . 2008-09-08 02:23 121828 ----a-w- c:\programdata\nvModes.dat
    2010-07-16 13:27 . 2008-12-15 18:10 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-07-16 13:26 . 2008-09-08 18:00 12 ----a-w- c:\windows\bthservsdp.dat
    2010-07-16 12:17 . 2010-06-30 09:26 112 ----a-w- c:\programdata\Asq2J4H.dat
    2010-07-15 21:15 . 2008-09-07 23:58 736666 ----a-w- c:\windows\system32\perfh00C.dat
    2010-07-15 21:15 . 2008-09-07 23:58 150728 ----a-w- c:\windows\system32\perfc00C.dat
    2010-07-15 13:42 . 2008-12-09 15:42 -------- d-----w- c:\programdata\Google Updater
    2010-07-06 18:14 . 2008-12-28 11:24 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-07-05 16:17 . 2009-10-26 20:03 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-05 16:16 . 2009-10-26 20:04 -------- d-----w- c:\program files\QuickTime
    2010-06-25 08:01 . 2008-09-08 02:27 -------- d-----w- c:\program files\Microsoft.NET
    2010-06-17 12:39 . 2009-05-11 12:23 1 ----a-w- c:\users\julien\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
    2010-06-11 21:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-06-06 08:27 . 2009-11-05 22:59 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-05-26 18:40 . 2008-09-08 02:06 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-05-26 16:16 . 2010-06-10 18:09 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 14:25 . 2010-06-10 18:09 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-21 12:14 . 2009-10-02 16:42 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-04 05:59 . 2010-06-10 18:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55 . 2010-06-10 18:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 05:55 . 2010-06-10 18:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 04:31 . 2010-06-10 18:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-05-01 13:53 . 2010-06-10 18:07 2036224 ----a-w- c:\windows\system32\win32k.sys
    2010-04-23 13:55 . 2010-05-26 08:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-04-19 18:47 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-04-19 18:47 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    .
    [code]<pre>
    c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\Java\jre6\bin\jusched .exe
    c:\program files\Microsoft IntelliPoint\ipoint .exe
    c:\program files\QuickTime\QTTask .exe
    c:\windows\WindowsMobile\wmdc .exe
    </pre>/code

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr .exe" [N/A]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
    "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [N/A]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [N/A]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
    "NPSStartup"="" [N/A]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [N/A]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
    "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

    c:\users\julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=""
    "FirewallOverride"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ylokavgw
    .
    Contenu du dossier 'Tâches planifiées'

    2010-07-16 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 12:04]

    2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-13 17:50]

    2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-13 17:50]

    2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{5B58C6BC-C7E3-41B6-9835-8F56D8C9553B}.job
    - c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride = <local>;*.local
    FF - ProfilePath - c:\users\julien\AppData\Roaming\Mozilla\Firefox\Profiles\l3p5d8jr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-HijackThis - c:\users\julien\AppData\Local\Temp\Rar$EX00.992\HijackThis.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-16 15:27
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87B49EC5]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x8b5ab322
    \Driver\ACPI -> acpi.sys @ 0x8363dd4c
    \Driver\atapi -> ataport.SYS @ 0x8b1569a8
    \Driver\iaStor -> iaStor.sys @ 0x8b0ae4fc
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,c2,c2,5c,0e,86,c9,4f,93,99,c8,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,c2,c2,5c,0e,86,c9,4f,93,99,c8,\

    [HKEY_USERS\S-1-5-21-1900641837-1123327791-3341856947-1003\Software\SecuROM\License information*]
    "datasecu"=hex:bc,df,2f,a8,28,b8,30,44,62,ad,2c,65,ed,b2,7b,52,bf,9f,3b,b8,64,
    c9,e6,29,8d,2b,16,9a,ef,26,93,5f,b3,41,de,63,69,b7,5c,d3,96,18,50,33,42,92,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(1632)
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\conime.exe
    c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    c:\windows\System32\rundll32.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\system32\FsUsbExService.Exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-07-16 15:37:03 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-07-16 13:36

    Avant-CF: 1 782 566 912 octets libres
    Après-CF: 1 573 715 968 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
    - - End Of File - - 4374FC47E53A95DB1466CF52EC0B5EF2
    0
  3. sherred Messages postés 8605 Statut Membre 351
     
    ca doit deja allez mieux ?

    télécharge Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    Click maintenant sur l'onglet recherche et coche la case : "executer un examen rapide".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des éléments on été trouvés > click sur supprimer la sélection.

    si il t'es demandé de redémarrer > click sur "yes".

    A la fin un rapport va s'ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  4. ju082000
     
    malwarebytes n'a detecté aucun éléments nuisible, et le problème semble résolu, j'ai juste quelques fenetres publicitaires qui s'ouvrent mais internet explorer ne se coupe plus. merci beaucoup
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sherred Messages postés 8605 Statut Membre 351
     
    pour voir
    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
    http://pagesperso-orange.fr/NosTools/ad_remover.html

    /!\ Déconnectes toi et fermes toutes applications en cours

    ? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ? Double clique sur l'icône Ad-remover située sur ton bureau
    ? Au menu principal choisi l'option "SCAN"
    ? Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log ) Adreport(scan) et adreport(clean)

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0
  7. ju08200
     
    ======= RAPPORT D'AD-REMOVER 2.0.0.1,C | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par C_XX le 23/06/10 à 19:20
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 11:47:55 le 18/07/2010, Mode normal

    Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 1 (X86)
    julien@PC-DE-JULIEN (SAMSUNG ELECTRONICS CO., LTD. R610)

    ============== RECHERCHE ==============

    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.5.5 (en-US)] **

    -- C:\Users\julien\AppData\Roaming\Mozilla\FireFox\Profiles\l3p5d8jr.default\Prefs.js --
    browser.startup.homepage, hxxp://www.google.fr/
    browser.startup.homepage_override.mstone, rv:1.9.1.5

    ========================================

    ** Internet Explorer Version [8.0.6001.18928] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\Windows\system32\blank.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Show_ToolBar: yes
    Start Page: hxxp://www.google.fr/

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\Windows\system32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 2 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 18/07/2010 (500 Octet(s))

    Fin à: 11:51:20, 18/07/2010

    ============== E.O.F ==============
    0
  8. sherred Messages postés 8605 Statut Membre 351
     
    ok
    Ccleaner https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
    *Décocher dans le menu Options - sous-menu Avancé :
    Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .
    tu fait le nettoyage
    Fichiers temporaires de Windows
    Cookies, cache, historique d'Internet Explorer, Opera et Firefox
    Documents récents de Windows
    et ensuite dans erreurs tu fait une réparation de la base de registre.
    https://www.malekal.com/tutoriel-ccleaner/
    ------------------------------
    sous xp et éventuellement vista
    ToolsCleaner, merci A.Rothstein & Dj Quiou,
    https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

    > http://pc-system.fr/
    qui va désinstaller les outils que l'on a utilisés
    qui peuvent être dangereux pour ton PC
    tu supprime tous ce qu'il trouve,,,,
    et tu en profite pour utiliser ces autre options
    dans cet ordre
    -corbeille
    -fichiers temp
    -pt restauration
    -sauv.registre
    0