aide hijackthis svp Résolu/Fermé

Question

Bonjour, 

j'ai téléchargé hHJT mais je ne sais pas m'en servir, quelqu'un pourrait-il m'aider. J'ai mon pc qui fait des choses bizarres et j'ai fait les analyses anti virus, anti malware, spy boot , ils ne m'ont rien détecté. Alors peut-être avec HJT on peut trouver quelque chose?

Configuration: windows XP

archet9 · Answer

Bonjour,

Poste ton rapport hijack stp...

giéldé · Answer

Bonjour et merci,
mais comment fait on SVP.?

archet9 · Answer

Pas grand chose de visible sur ce rapport...mais hijack est un peu dépassé !

 fais ceci pour un diagnostic complet du PC : 

Télécharge ZHPDiag ( de Nicolas coolman ). 
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 

Double clique sur le fichier d'installation, puis installe le avec les? paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " ) 

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista ) 

Clique sur la loupe? en haut à gauche, puis laisse l'outil scanner. 

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau. 

Rend toi sur Cjoint :? http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message

giéldé · Answer

je me suis un peu paumé, mais enfin....

http://www.cijoint.fr/cjlink.php?file=cj201009/cijOfDRj7g.txt

archet9 · Answer

"je me suis un peu paumé, mais enfin.... "   

Pas grave...(mais lis bien et jusqu'au bout ce qui est demandé !!!)   

                         -------------   

Bon,ce rapport est un peu plus parlant !!!   

Dans l'ordre : (poste les rapports un par un stp)   

1)    
* Télécharge USBFIX sur ton bureau (Merci à El Desaparecido/C_XX)    

https://www.ionos.fr/?affiliate_id=77097    

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.    

- Double-clique sur l'icône Usbfix située sur ton Bureau.    
- Sur la page, clique sur le bouton :    

    
suppression    

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir    
- puis clique sur OK    
- Laisse travailler l'outil.    
- Poste le rapport qui apparaît à la fin.    
le rapport se trouve sur C:\ UsbFix.txt    


2)   
*   Télécharge  AD-Remover sur ton Bureau. (Merci à C_XX)   
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe   

Miroir:    

https://www.androidworld.fr/   

/!\ Ferme toutes applications en cours /!\    

/!\ Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.    
    
- Double-clique sur l'icône Ad-remover située sur ton Bureau.    
- Sur la page, clique sur le bouton « Nettoyer » 
- Confirme lancement du scan   
- Laisse travailler l'outil.   
- Poste le rapport qui apparaît à la fin.    

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)    


3)   
Fais un scan avec cet antispyware :    
Malwarebytes + tutoriel    
    
Tu l'installes; mets le a jour...(onglet mise a jour)   
Click maintenant sur l'onglet recherche et coche la case :   
 "Executer un examen rapide".   
Puis click sur "rechercher".    
Laisses le scanner le pc...   
A la fin du scan, clique sur Afficher les résultats    
Si des elements on ete trouvés :    
> click sur supprimer la selection.   
si il t'es demandé de redemarrer > click sur "oui".   
A la fin un rapport va s'ouvrir;    
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.   
Copies et colles le rapport stp.   


                           -----------------   


A l'issue de cela,si tout va bien, on fera les mises à jour nécessaires pour ton pc (notemment JAVA)   

a+

giéldé · Answer

############################## | UsbFix 7.025 | [Suppression]

Utilisateur: HP_Propriétaire (Administrateur) # NOM-B0A1C0A3909 [ ]
Mis à jour le 15/09/10 par El Desaparecido / C_XX
Lancé à 21:12:14 | 24/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: AMD Sempron(tm) 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | Updated]
RAM -> 959 Mo 
C:\ (%systemdrive%) -> Disque fixe # 71 Go (48 Go libre(s) - 68%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 4 Go (329 Mo libre(s) - 8%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM
F:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\IXP000.TMP
Supprimé! C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Supprimé! C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
Supprimé! D:\Autorun.inf
Supprimé! C:	mp

################## | Registre |

Supprimé! HKCU\Software\JRMX9X1GML
Supprimé! HKCU\Software\Microsoft\Handle
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	core_ebook.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

################## | Mountpoints2 |


################## | Listing |

[18/06/2010 - 18:56:29 | D ] 	C:\9b07e1bd7da6b2cf9044e362
[01/01/2005 - 10:44:55 | A | 0] 	C:\AUTOEXEC.BAT
[24/05/2010 - 17:41:59 | RASH | 218] 	C:\BOOT.BAK
[24/05/2010 - 17:56:29 | RASH | 298] 	C:\boot.ini
[04/08/2004 - 20:00:00 | RASH | 4952] 	C:\Bootfont.bin
[24/05/2010 - 17:56:29 | RSHD ] 	C:\cmdcons
[04/08/2004 - 20:00:00 | RSH | 263488] 	C:\cmldr
[24/09/2010 - 20:24:02 | HD ] 	C:\Config.Msi
[01/01/2005 - 10:44:55 | A | 0] 	C:\CONFIG.SYS
[24/05/2010 - 17:45:29 | D ] 	C:\Documents and Settings
[24/05/2010 - 20:14:56 | D ] 	C:\DRIVERS
[24/09/2010 - 20:24:07 | ASH | 1006161920] 	C:\hiberfil.sys
[24/05/2010 - 17:42:23 | HD ] 	C:\hp
[01/01/2005 - 11:00:20 | AH | 2] 	C:\hpbi.log
[01/01/2005 - 10:44:55 | RASH | 0] 	C:\IO.SYS
[23/08/2010 - 14:16:56 | D ] 	C:\logs
[28/06/2010 - 17:01:20 | D ] 	C:\MagellanDrivers
[01/01/2005 - 10:44:55 | RASH | 0] 	C:\MSDOS.SYS
[04/08/2004 - 20:00:00 | RASH | 47564] 	C:\NTDETECT.COM
[25/05/2010 - 08:54:54 | RASH | 252240] 	C:
tldr
[31/05/2010 - 15:40:30 | A | 304160] 	C:\PA207.DAT
[24/09/2010 - 20:24:02 | ASH | 1509949440] 	C:\pagefile.sys
[24/09/2010 - 20:05:08 | RD ] 	C:\Program Files
[01/01/2005 - 11:00:41 | HD ] 	C:\Python22
[24/05/2010 - 17:56:58 | SHD ] 	C:\RECYCLER
[24/05/2010 - 18:23:02 | A | 159] 	C:\Setup.log
[24/05/2010 - 17:44:43 | D ] 	C:\sysprep
[24/05/2010 - 19:41:02 | SHD ] 	C:\System Volume Information
[01/01/2005 - 11:00:20 | HD ] 	C:\system.sav
[04/09/2010 - 11:44:16 | D ] 	C:	emp
[24/08/2010 - 16:30:31 | D ] 	C:	empocapt
[24/09/2010 - 21:14:46 | D ] 	C:\UsbFix
[24/09/2010 - 21:14:47 | A | 1052] 	C:\UsbFix.txt
[23/09/2010 - 12:13:25 | D ] 	C:\WINDOWS
[13/07/2010 - 19:41:52 | D ] 	C:\zapman_softwares
[27/07/2001 - 22:07:38 | SH | 0] 	D:\AUTOEXEC.BAT
[09/01/2002 - 11:52:30 | SH | 244] 	D:\BOOT.INI
[02/11/2004 - 22:21:44 | SHD ] 	D:\cmdcons
[17/08/2001 - 01:26:26 | SH | 237728] 	D:\CMLDR
[27/07/2001 - 22:07:38 | SH | 0] 	D:\CONFIG.SYS
[09/09/2002 - 15:14:14 | SH | 100] 	D:\Desktop.ini
[30/04/2004 - 14:00:38 | SH | 73728] 	D:\Info.exe
[27/07/2001 - 22:07:38 | SH | 0] 	D:\IO.SYS
[02/11/2004 - 22:16:26 | SHD ] 	D:\MiniNT
[27/07/2001 - 22:07:38 | SH | 0] 	D:\MSDOS.SYS
[25/07/2001 - 14:00:00 | SH | 45124] 	D:\NTDETECT.COM
[25/07/2001 - 14:00:00 | SH | 222880] 	D:\NTLDR
[02/12/2004 - 02:14:00 | SHD ] 	D:\PRELOAD
[29/04/2004 - 15:37:18 | SH | 4096] 	D:\Thumbs.db
[08/02/2002 - 16:44:24 | SH | 88038] 	D:\Warning.bmp
[01/12/2004 - 10:13:56 | SH | 26] 	D:\BLOCK.RIN
[10/09/2002 - 00:21:08 | SH | 7850] 	D:\Folder.htt
[25/01/2002 - 01:21:24 | SH | 0] 	D:\GRAPH16
[30/04/2001 - 03:16:46 | SH | 14] 	D:\Graph
[24/05/2010 - 17:48:46 | SHD ] 	D:\I386
[16/08/2001 - 22:32:24 | SH | 0] 	D:\NTFS
[30/04/2001 - 03:16:46 | SH | 14] 	D:\SVGA
[01/12/2004 - 09:35:32 | SH | 36] 	D:\SaveFile.Dir
[17/08/2001 - 22:00:00 | SH | 10] 	D:\WIN51
[21/01/2001 - 22:00:00 | SH | 11] 	D:\WIN51.B2
[24/07/2001 - 22:00:00 | SH | 11] 	D:\WIN51.RC1
[25/07/2001 - 03:47:04 | SH | 11] 	D:\WIN51.RC2
[17/08/2001 - 22:00:00 | SH | 10] 	D:\WIN51IC
[19/03/2001 - 22:00:00 | SH | 11] 	D:\WIN51IC.B2
[24/07/2001 - 22:00:00 | SH | 11] 	D:\WIN51IC.RC1
[24/07/2001 - 22:00:00 | SH | 11] 	D:\WIN51IC.RC2
[16/08/2001 - 22:00:00 | SH | 10] 	D:\WIN51IP
[21/01/2001 - 22:00:00 | SH | 11] 	D:\WIN51IP.B2
[25/07/2001 - 03:47:04 | SH | 11] 	D:\WIN51IP.RC2
[16/08/2001 - 20:17:02 | SH | 184] 	D:\WINBOM.INI
[09/09/2002 - 21:58:12 | SH | 181616] 	D:\protect.ed
[10/10/2005 - 11:29:32 | SH | 0] 	D:\HPCD.sys
[10/10/2005 - 10:47:36 | SH | 1178] 	D:\Master.log
[24/05/2010 - 18:21:34 | SHD ] 	D:\Tools
[24/05/2010 - 18:22:22 | SHD ] 	D:\hp
[24/05/2010 - 18:22:34 | RD ] 	D:\Réinstallation Système
[24/05/2010 - 18:22:34 | AH | 18] 	D:\USER
[24/05/2010 - 17:46:22 | SHD ] 	D:\System Volume Information
[24/05/2010 - 18:00:00 | SHD ] 	D:\Recycled

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_NOM-B0A1C0A3909.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.

################## | E.O.F |

archet9 · Answer

Parfait, continues...

giéldé · Answer

############################## | UsbFix 7.025 | [Suppression]

Utilisateur: HP_Propriétaire (Administrateur) # NOM-B0A1C0A3909 [ ]
Mis à jour le 15/09/10 par El Desaparecido / C_XX
Lancé à 21:12:14 | 24/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: AMD Sempron(tm) 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | Updated]
RAM -> 959 Mo 
C:\ (%systemdrive%) -> Disque fixe # 71 Go (48 Go libre(s) - 68%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 4 Go (329 Mo libre(s) - 8%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM
F:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\IXP000.TMP
Supprimé! C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Supprimé! C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
Supprimé! D:\Autorun.inf
Supprimé! C:	mp

################## | Registre |

Supprimé! HKCU\Software\JRMX9X1GML
Supprimé! HKCU\Software\Microsoft\Handle
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	core_ebook.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

################## | Mountpoints2 |


################## | Listing |

[18/06/2010 - 18:56:29 | D ] 	C:\9b07e1bd7da6b2cf9044e362
[01/01/2005 - 10:44:55 | A | 0] 	C:\AUTOEXEC.BAT
[24/05/2010 - 17:41:59 | RASH | 218] 	C:\BOOT.BAK
[24/05/2010 - 17:56:29 | RASH | 298] 	C:\boot.ini
[04/08/2004 - 20:00:00 | RASH | 4952] 	C:\Bootfont.bin
[24/05/2010 - 17:56:29 | RSHD ] 	C:\cmdcons
[04/08/2004 - 20:00:00 | RSH | 263488] 	C:\cmldr
[24/09/2010 - 20:24:02 | HD ] 	C:\Config.Msi
[01/01/2005 - 10:44:55 | A | 0] 	C:\CONFIG.SYS
[24/05/2010 - 17:45:29 | D ] 	C:\Documents and Settings
[24/05/2010 - 20:14:56 | D ] 	C:\DRIVERS
[24/09/2010 - 20:24:07 | ASH | 1006161920] 	C:\hiberfil.sys
[24/05/2010 - 17:42:23 | HD ] 	C:\hp
[01/01/2005 - 11:00:20 | AH | 2] 	C:\hpbi.log
[01/01/2005 - 10:44:55 | RASH | 0] 	C:\IO.SYS
[23/08/2010 - 14:16:56 | D ] 	C:\logs
[28/06/2010 - 17:01:20 | D ] 	C:\MagellanDrivers
[01/01/2005 - 10:44:55 | RASH | 0] 	C:\MSDOS.SYS
[04/08/2004 - 20:00:00 | RASH | 47564] 	C:\NTDETECT.COM
[25/05/2010 - 08:54:54 | RASH | 252240] 	C:
tldr
[31/05/2010 - 15:40:30 | A | 304160] 	C:\PA207.DAT
[24/09/2010 - 20:24:02 | ASH | 1509949440] 	C:\pagefile.sys
[24/09/2010 - 20:05:08 | RD ] 	C:\Program Files
[01/01/2005 - 11:00:41 | HD ] 	C:\Python22
[24/05/2010 - 17:56:58 | SHD ] 	C:\RECYCLER
[24/05/2010 - 18:23:02 | A | 159] 	C:\Setup.log
[24/05/2010 - 17:44:43 | D ] 	C:\sysprep
[24/05/2010 - 19:41:02 | SHD ] 	C:\System Volume Information
[01/01/2005 - 11:00:20 | HD ] 	C:\system.sav
[04/09/2010 - 11:44:16 | D ] 	C:	emp
[24/08/2010 - 16:30:31 | D ] 	C:	empocapt
[24/09/2010 - 21:14:46 | D ] 	C:\UsbFix
[24/09/2010 - 21:14:47 | A | 1052] 	C:\UsbFix.txt
[23/09/2010 - 12:13:25 | D ] 	C:\WINDOWS
[13/07/2010 - 19:41:52 | D ] 	C:\zapman_softwares
[27/07/2001 - 22:07:38 | SH | 0] 	D:\AUTOEXEC.BAT
[09/01/2002 - 11:52:30 | SH | 244] 	D:\BOOT.INI
[02/11/2004 - 22:21:44 | SHD ] 	D:\cmdcons
[17/08/2001 - 01:26:26 | SH | 237728] 	D:\CMLDR
[27/07/2001 - 22:07:38 | SH | 0] 	D:\CONFIG.SYS
[09/09/2002 - 15:14:14 | SH | 100] 	D:\Desktop.ini
[30/04/2004 - 14:00:38 | SH | 73728] 	D:\Info.exe
[27/07/2001 - 22:07:38 | SH | 0] 	D:\IO.SYS
[02/11/2004 - 22:16:26 | SHD ] 	D:\MiniNT
[27/07/2001 - 22:07:38 | SH | 0] 	D:\MSDOS.SYS
[25/07/2001 - 14:00:00 | SH | 45124] 	D:\NTDETECT.COM
[25/07/2001 - 14:00:00 | SH | 222880] 	D:\NTLDR
[02/12/2004 - 02:14:00 | SHD ] 	D:\PRELOAD
[29/04/2004 - 15:37:18 | SH | 4096] 	D:\Thumbs.db
[08/02/2002 - 16:44:24 | SH | 88038] 	D:\Warning.bmp
[01/12/2004 - 10:13:56 | SH | 26] 	D:\BLOCK.RIN
[10/09/2002 - 00:21:08 | SH | 7850] 	D:\Folder.htt
[25/01/2002 - 01:21:24 | SH | 0] 	D:\GRAPH16
[30/04/2001 - 03:16:46 | SH | 14] 	D:\Graph
[24/05/2010 - 17:48:46 | SHD ] 	D:\I386
[16/08/2001 - 22:32:24 | SH | 0] 	D:\NTFS
[30/04/2001 - 03:16:46 | SH | 14] 	D:\SVGA
[01/12/2004 - 09:35:32 | SH | 36] 	D:\SaveFile.Dir
[17/08/2001 - 22:00:00 | SH | 10] 	D:\WIN51
[21/01/2001 - 22:00:00 | SH | 11] 	D:\WIN51.B2
[24/07/2001 - 22:00:00 | SH | 11] 	D:\WIN51.RC1
[25/07/2001 - 03:47:04 | SH | 11] 	D:\WIN51.RC2
[17/08/2001 - 22:00:00 | SH | 10] 	D:\WIN51IC
[19/03/2001 - 22:00:00 | SH | 11] 	D:\WIN51IC.B2
[24/07/2001 - 22:00:00 | SH | 11] 	D:\WIN51IC.RC1
[24/07/2001 - 22:00:00 | SH | 11] 	D:\WIN51IC.RC2
[16/08/2001 - 22:00:00 | SH | 10] 	D:\WIN51IP
[21/01/2001 - 22:00:00 | SH | 11] 	D:\WIN51IP.B2
[25/07/2001 - 03:47:04 | SH | 11] 	D:\WIN51IP.RC2
[16/08/2001 - 20:17:02 | SH | 184] 	D:\WINBOM.INI
[09/09/2002 - 21:58:12 | SH | 181616] 	D:\protect.ed
[10/10/2005 - 11:29:32 | SH | 0] 	D:\HPCD.sys
[10/10/2005 - 10:47:36 | SH | 1178] 	D:\Master.log
[24/05/2010 - 18:21:34 | SHD ] 	D:\Tools
[24/05/2010 - 18:22:22 | SHD ] 	D:\hp
[24/05/2010 - 18:22:34 | RD ] 	D:\Réinstallation Système
[24/05/2010 - 18:22:34 | AH | 18] 	D:\USER
[24/05/2010 - 17:46:22 | SHD ] 	D:\System Volume Information
[24/05/2010 - 18:00:00 | SHD ] 	D:\Recycled

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_NOM-B0A1C0A3909.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.

################## | E.O.F |

archet9 · Answer

Décidément...tu ne lis pas les instructions...!!!  

Concernant les instructions pour Malwarebytes:  

""Fais un scan avec cet antispyware :   
Malwarebytes + tutoriel   
Tu l'installes; mets le a jour...(onglet mise a jour)"   

Version de ta base de données: 846  

                             ---------------- 

La base de données actuelle se situe autour de 4600 et des brouettes !!!!  

==> Relance MBAM en l'ayant mis à jour ...==> Examen rapide  ==> Colle le rapport.....  

a+

giéldé · Answer

OK, mais pas moyen de faire la MAj, j'ai beau désactiver mon pare feu et ma protection, rien n'y fait ...?

archet9 · Answer

Ok ,on va procèder autrement...    

==> ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :     
http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

A l'enregistrement choisis de rennomer combofix en giéldé.exe    
comme indiqué sur ce tuto:    
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/renommer-combofix-sujet_199165_1.htm    


/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\     

---> Double-clique sur Combofix.exe    

---> Installe la console de récupération si l'outil te le propose.      

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\     

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.     

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu     

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\     

Note : Le rapport se trouve également là : C:\ComboFix.txt

giéldé · Answer

ComboFix 10-09-24.03 - HP_Propriétaire 24/09/2010  23:00:05.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.959.744 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_PRO~1\MESDOC~1\ELMENT~1\GALLER~1\WE_Web~1.exe
c:\program files\Internet Explorer\SET10.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET72.tmp
c:\program files\Internet Explorer\SET73.tmp
c:\program files\Internet Explorer\SET74.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\windows\system32\Ijl11.dll

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


(((((((((((((((((((((((((((((   Fichiers créés du 2010-08-24 au 2010-09-24  ))))))))))))))))))))))))))))))))))))
.

2010-09-24 20:29 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:19 . 2010-09-24 19:24	--------	d-----w-	c:\program files\Ad-Remover
2010-09-24 19:14 . 2010-09-24 19:14	953512	----a-w-	C:\UsbFix_Upload_Me_NOM-B0A1C0A3909.zip
2010-09-24 19:11 . 2010-09-24 19:14	--------	d-----w-	C:\UsbFix
2010-09-24 18:05 . 2010-09-24 18:30	--------	d-----w-	c:\program files\ZHPDiag
2010-09-24 17:28 . 2010-09-24 17:28	--------	d-----w-	c:\program files\Trend Micro
2010-09-23 12:52 . 2010-09-23 12:52	--------	d-----w-	c:\program files\JRE
2010-09-11 17:14 . 2010-09-11 17:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\ThumbnailCache4R
2010-09-04 09:50 . 2010-09-04 09:50	--------	d-----w-	c:\program files\FrontPage Express 2.02
2010-09-04 09:44 . 2010-09-06 15:06	--------	d-----w-	c:\program files\Microsoft FrontPage Express
2010-09-04 09:44 . 2010-09-04 09:46	--------	d-----w-	c:	emp\ext48948
2010-09-04 09:44 . 2010-09-04 09:44	--------	d-----w-	C:	emp
2010-09-02 17:55 . 2010-09-22 16:29	--------	d--h--w-	c:\windows\msdownld.tmp
2010-09-02 17:48 . 2010-06-23 12:06	13824	-c----w-	c:\windows\system32\dllcache\ieudinit.exe
2010-09-02 17:48 . 2009-02-06 19:07	3698584	-c--a-w-	c:\windows\system32\dllcache\ieapfltr.dat
2010-09-02 17:48 . 2009-03-08 02:31	59904	----a-w-	c:\windows\system32\dllcache\icardie.dll
2010-09-02 17:48 . 2009-03-08 02:11	445952	----a-w-	c:\windows\system32\dllcache\ieapfltr.dll
2010-09-01 17:09 . 2010-09-01 17:09	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-08-30 15:30 . 2010-08-30 15:30	--------	d-----w-	c:\program files\EwisoftWeb
2010-08-30 15:30 . 2010-08-30 15:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\EwisoftWeb
2010-08-28 13:21 . 2010-09-15 07:00	--------	d-----w-	c:\program files\KompoZer
2010-08-28 12:57 . 2010-07-11 05:54	57344	----a-w-	c:\windows\system32\CleanMem.exe
2010-08-28 12:57 . 2008-09-19 16:37	121856	----a-w-	c:\windows\system32\schtasks.exe
2010-08-28 12:57 . 2010-08-28 12:57	--------	d-----w-	c:\program files\CleanMem
2010-08-28 12:57 . 2010-08-28 12:57	--------	d-----w-	c:\windows\CleanMem

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 20:30 . 2010-08-12 15:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-23 12:52 . 2010-06-02 10:09	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-09-23 12:49 . 2005-01-01 09:09	--------	d-----w-	c:\program files\Java
2010-09-23 10:13 . 2010-08-12 15:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 16:31 . 2010-05-26 18:02	--------	d-----w-	c:\program files\Glary Utilities
2010-09-22 16:27 . 2010-09-20 06:56	--------	d-----w-	c:\program files\Mozilla Thunderbird(2)
2010-09-22 16:26 . 2010-09-20 16:00	--------	d-----w-	c:\program files\EMA
2010-09-20 16:22 . 2010-09-20 16:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\EMA
2010-09-15 14:32 . 2005-01-01 16:32	624104	----a-w-	c:\windows\system32\perfh00C.dat
2010-09-15 14:32 . 2005-01-01 16:32	122962	----a-w-	c:\windows\system32\perfc00C.dat
2010-09-02 16:56 . 2005-01-01 15:18	--------	d-----w-	c:\program files\PC-Doctor for Windows
2010-08-23 10:18 . 2010-08-23 10:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-22 14:26 . 2010-08-22 14:26	--------	d-----w-	c:\program files\Capturino V212
2010-08-21 08:34 . 2010-08-21 08:33	--------	d-----w-	c:\program files\IZArc
2010-08-20 15:29 . 2010-08-20 15:29	--------	d-----w-	c:\program files\CDBurnerXP
2010-08-19 16:56 . 2010-08-19 16:56	--------	d-----w-	c:\program files\Auslogics
2010-08-19 16:48 . 2005-01-01 10:11	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-19 16:48 . 2005-01-01 10:11	--------	d-----w-	c:\program files\InterVideo
2010-08-19 16:48 . 2010-05-25 08:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2010-08-19 08:00 . 2005-01-01 09:09	--------	d-----w-	c:\program files\Fichiers communs\Java
2010-08-18 13:19 . 2010-05-28 15:22	--------	d-----w-	c:\program files\Notepad++
2010-08-18 09:48 . 2010-08-18 09:41	--------	d-----w-	c:\program files\Microsoft SQL Server
2010-08-18 09:45 . 2010-08-16 18:08	--------	d-----w-	c:\program files\Microsoft.NET
2010-08-18 09:43 . 2010-08-18 09:43	--------	d-----w-	c:\program files\MSXML 6.0
2010-08-18 09:39 . 2010-08-18 09:39	--------	d-----w-	c:\program files\SWsoft
2010-08-17 13:27 . 2010-08-17 13:27	--------	d-----w-	c:\program files\VirginMega
2010-08-17 13:27 . 2010-08-17 13:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Downloaded Installations
2010-08-17 13:17 . 2005-01-01 16:32	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 15:53 . 2010-08-16 15:53	--------	d-----w-	c:\program files\XWebDesignor
2010-08-12 15:45 . 2010-08-12 15:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-12 15:30 . 2010-08-12 15:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 08:18 . 2010-08-06 08:18	--------	d-----w-	c:\program files\Lame for Audacity
2010-08-06 07:29 . 2010-08-06 07:28	--------	d-----w-	c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-02 10:42 . 2010-08-02 10:42	--------	d-----w-	c:\program files\SmartFTP Client 4.0 Setup Files
2010-07-31 17:30 . 2010-07-31 17:29	--------	d-----w-	c:\program files\odigiimmo1.2
2010-07-22 15:48 . 2005-01-01 16:32	590848	----a-w-	c:\windows\system32pcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-24 16:29	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-16 09:24 . 2010-07-16 09:24	201947	----a-w-	c:\windows\XHeader Uninstaller.exe
2010-06-30 12:32 . 2005-01-01 16:32	149504	----a-w-	c:\windows\system32\schannel.dll
2005-10-10 18:29 . 2010-05-25 01:33	0	--sha-w-	c:\windows\SMINST\HPCD.SYS
.

------- Sigcheck -------

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\929204477dc4deabc58aeda98ffd7adb\sp3qfe\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\929204477dc4deabc58aeda98ffd7adb\sp3gdr\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2004-08-05 . B4EF928E4FAD79364A80ACBA6D999934 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"news-1tpe"="c:\documents and settings\HP_Propriétaire\Mes documents\Téléchargements
ews-1tpe.exe" [2010-05-27 783360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Google Update"="c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-01 98304]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Orange\Connectivity\ConnectivityManager.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\lxdvcoms.exe"=
"c:\Program Files\Lexmark X5400 Series\lxdvmon.exe"=
"c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvpswx.exe"=
"c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvtime.exe"=
"c:\Program Files\Lexmark X5400 Series\LXDVFax.exe"=
"c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvjswx.exe"=
"c:\Program Files\Lexmark X5400 Series\frun.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/05/2010 18:10 108289]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [25/05/2010 11:29 611584]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [30/05/2010 10:05 72704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [25/05/2010 11:09 98984]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/05/2010 11:34 271728]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10/04/2010 17:05 266544]
S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [06/02/2008 17:51 51200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
2009-03-08 02:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'

2010-09-24 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-08-28 05:54]

2010-09-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-05-26 09:21]
.
.
------- Examen supplémentaire -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gzzbu4qq.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q=
FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gzzbu4qq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gzzbu4qq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Java\jre6\bin
ew_plugin
pdeployJava1.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 23:07
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\VTTimer.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\lxdvcoms.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Heure de fin: 2010-09-24  23:13:30 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-09-24 21:13

Avant-CF: 51 800 649 728 octets libres
Après-CF: 51 751 342 080 octets libres

- - End Of File - - 441C7CB0367BA12A7BAFEB6197ED184F

giéldé · Answer

ComboFix 10-09-24.03 - HP_Propriétaire 24/09/2010  23:00:05.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.959.744 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_PRO~1\MESDOC~1\ELMENT~1\GALLER~1\WE_Web~1.exe
c:\program files\Internet Explorer\SET10.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET72.tmp
c:\program files\Internet Explorer\SET73.tmp
c:\program files\Internet Explorer\SET74.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\windows\system32\Ijl11.dll

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


(((((((((((((((((((((((((((((   Fichiers créés du 2010-08-24 au 2010-09-24  ))))))))))))))))))))))))))))))))))))
.

2010-09-24 20:29 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:19 . 2010-09-24 19:24	--------	d-----w-	c:\program files\Ad-Remover
2010-09-24 19:14 . 2010-09-24 19:14	953512	----a-w-	C:\UsbFix_Upload_Me_NOM-B0A1C0A3909.zip
2010-09-24 19:11 . 2010-09-24 19:14	--------	d-----w-	C:\UsbFix
2010-09-24 18:05 . 2010-09-24 18:30	--------	d-----w-	c:\program files\ZHPDiag
2010-09-24 17:28 . 2010-09-24 17:28	--------	d-----w-	c:\program files\Trend Micro
2010-09-23 12:52 . 2010-09-23 12:52	--------	d-----w-	c:\program files\JRE
2010-09-11 17:14 . 2010-09-11 17:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\ThumbnailCache4R
2010-09-04 09:50 . 2010-09-04 09:50	--------	d-----w-	c:\program files\FrontPage Express 2.02
2010-09-04 09:44 . 2010-09-06 15:06	--------	d-----w-	c:\program files\Microsoft FrontPage Express
2010-09-04 09:44 . 2010-09-04 09:46	--------	d-----w-	c:	emp\ext48948
2010-09-04 09:44 . 2010-09-04 09:44	--------	d-----w-	C:	emp
2010-09-02 17:55 . 2010-09-22 16:29	--------	d--h--w-	c:\windows\msdownld.tmp
2010-09-02 17:48 . 2010-06-23 12:06	13824	-c----w-	c:\windows\system32\dllcache\ieudinit.exe
2010-09-02 17:48 . 2009-02-06 19:07	3698584	-c--a-w-	c:\windows\system32\dllcache\ieapfltr.dat
2010-09-02 17:48 . 2009-03-08 02:31	59904	----a-w-	c:\windows\system32\dllcache\icardie.dll
2010-09-02 17:48 . 2009-03-08 02:11	445952	----a-w-	c:\windows\system32\dllcache\ieapfltr.dll
2010-09-01 17:09 . 2010-09-01 17:09	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-08-30 15:30 . 2010-08-30 15:30	--------	d-----w-	c:\program files\EwisoftWeb
2010-08-30 15:30 . 2010-08-30 15:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\EwisoftWeb
2010-08-28 13:21 . 2010-09-15 07:00	--------	d-----w-	c:\program files\KompoZer
2010-08-28 12:57 . 2010-07-11 05:54	57344	----a-w-	c:\windows\system32\CleanMem.exe
2010-08-28 12:57 . 2008-09-19 16:37	121856	----a-w-	c:\windows\system32\schtasks.exe
2010-08-28 12:57 . 2010-08-28 12:57	--------	d-----w-	c:\program files\CleanMem
2010-08-28 12:57 . 2010-08-28 12:57	--------	d-----w-	c:\windows\CleanMem

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 20:30 . 2010-08-12 15:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-23 12:52 . 2010-06-02 10:09	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-09-23 12:49 . 2005-01-01 09:09	--------	d-----w-	c:\program files\Java
2010-09-23 10:13 . 2010-08-12 15:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 16:31 . 2010-05-26 18:02	--------	d-----w-	c:\program files\Glary Utilities
2010-09-22 16:27 . 2010-09-20 06:56	--------	d-----w-	c:\program files\Mozilla Thunderbird(2)
2010-09-22 16:26 . 2010-09-20 16:00	--------	d-----w-	c:\program files\EMA
2010-09-20 16:22 . 2010-09-20 16:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\EMA
2010-09-15 14:32 . 2005-01-01 16:32	624104	----a-w-	c:\windows\system32\perfh00C.dat
2010-09-15 14:32 . 2005-01-01 16:32	122962	----a-w-	c:\windows\system32\perfc00C.dat
2010-09-02 16:56 . 2005-01-01 15:18	--------	d-----w-	c:\program files\PC-Doctor for Windows
2010-08-23 10:18 . 2010-08-23 10:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-22 14:26 . 2010-08-22 14:26	--------	d-----w-	c:\program files\Capturino V212
2010-08-21 08:34 . 2010-08-21 08:33	--------	d-----w-	c:\program files\IZArc
2010-08-20 15:29 . 2010-08-20 15:29	--------	d-----w-	c:\program files\CDBurnerXP
2010-08-19 16:56 . 2010-08-19 16:56	--------	d-----w-	c:\program files\Auslogics
2010-08-19 16:48 . 2005-01-01 10:11	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-19 16:48 . 2005-01-01 10:11	--------	d-----w-	c:\program files\InterVideo
2010-08-19 16:48 . 2010-05-25 08:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2010-08-19 08:00 . 2005-01-01 09:09	--------	d-----w-	c:\program files\Fichiers communs\Java
2010-08-18 13:19 . 2010-05-28 15:22	--------	d-----w-	c:\program files\Notepad++
2010-08-18 09:48 . 2010-08-18 09:41	--------	d-----w-	c:\program files\Microsoft SQL Server
2010-08-18 09:45 . 2010-08-16 18:08	--------	d-----w-	c:\program files\Microsoft.NET
2010-08-18 09:43 . 2010-08-18 09:43	--------	d-----w-	c:\program files\MSXML 6.0
2010-08-18 09:39 . 2010-08-18 09:39	--------	d-----w-	c:\program files\SWsoft
2010-08-17 13:27 . 2010-08-17 13:27	--------	d-----w-	c:\program files\VirginMega
2010-08-17 13:27 . 2010-08-17 13:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Downloaded Installations
2010-08-17 13:17 . 2005-01-01 16:32	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 15:53 . 2010-08-16 15:53	--------	d-----w-	c:\program files\XWebDesignor
2010-08-12 15:45 . 2010-08-12 15:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-12 15:30 . 2010-08-12 15:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-06 08:18 . 2010-08-06 08:18	--------	d-----w-	c:\program files\Lame for Audacity
2010-08-06 07:29 . 2010-08-06 07:28	--------	d-----w-	c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-02 10:42 . 2010-08-02 10:42	--------	d-----w-	c:\program files\SmartFTP Client 4.0 Setup Files
2010-07-31 17:30 . 2010-07-31 17:29	--------	d-----w-	c:\program files\odigiimmo1.2
2010-07-22 15:48 . 2005-01-01 16:32	590848	----a-w-	c:\windows\system32pcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-24 16:29	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-16 09:24 . 2010-07-16 09:24	201947	----a-w-	c:\windows\XHeader Uninstaller.exe
2010-06-30 12:32 . 2005-01-01 16:32	149504	----a-w-	c:\windows\system32\schannel.dll
2005-10-10 18:29 . 2010-05-25 01:33	0	--sha-w-	c:\windows\SMINST\HPCD.SYS
.

------- Sigcheck -------

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\929204477dc4deabc58aeda98ffd7adb\sp3qfe\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\SoftwareDistribution\Download\929204477dc4deabc58aeda98ffd7adb\sp3gdr\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2004-08-05 . B4EF928E4FAD79364A80ACBA6D999934 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"news-1tpe"="c:\documents and settings\HP_Propriétaire\Mes documents\Téléchargements
ews-1tpe.exe" [2010-05-27 783360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Google Update"="c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-01 98304]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Orange\Connectivity\ConnectivityManager.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\lxdvcoms.exe"=
"c:\Program Files\Lexmark X5400 Series\lxdvmon.exe"=
"c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvpswx.exe"=
"c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvtime.exe"=
"c:\Program Files\Lexmark X5400 Series\LXDVFax.exe"=
"c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvjswx.exe"=
"c:\Program Files\Lexmark X5400 Series\frun.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/05/2010 18:10 108289]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [25/05/2010 11:29 611584]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [30/05/2010 10:05 72704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [25/05/2010 11:09 98984]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/05/2010 11:34 271728]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10/04/2010 17:05 266544]
S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [06/02/2008 17:51 51200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
2009-03-08 02:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'

2010-09-24 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-08-28 05:54]

2010-09-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-05-26 09:21]
.
.
------- Examen supplémentaire -------
.
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gzzbu4qq.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q=
FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gzzbu4qq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gzzbu4qq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Java\jre6\bin
ew_plugin
pdeployJava1.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 23:07
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\VTTimer.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\lxdvcoms.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Heure de fin: 2010-09-24  23:13:30 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-09-24 21:13

Avant-CF: 51 800 649 728 octets libres
Après-CF: 51 751 342 080 octets libres

- - End Of File - - 441C7CB0367BA12A7BAFEB6197ED184F

archet9 · Answer

Donne poi des nouvelles  du pc maintenant ...?

giéldé · Answer

item ???

archet9 · Answer

Ca devient vraiment pénible .... Tu ne fais rien comme demandé !!! ==> Je t'avais demandé de renommer Combofix oui ou non ? ==> Result: Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\Downloads\ComboFix.exe ********************* Ou tu reprends ici: https://forums.commentcamarche.net/forum/affich-19282794-aide-hijackthis-svp#15 Ou j'arrete e te suivre ...

Aide hijackthis svp

16 réponses

Discussions similaires