A voir également:
- Bloquer de nouveau
- Bloquer pub youtube - Accueil - Streaming
- Créer un nouveau compte gmail - Guide
- Créer un nouveau compte google - Guide
- Comment créer un nouveau groupe sur whatsapp - Guide
- Nouveau site coco chat - Accueil - Réseaux sociaux
9 réponses
yop,
Sauvegarde tes documents importants.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
et donne le lien ici :)
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
Sauvegarde tes documents importants.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
et donne le lien ici :)
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
excusez moi mais il detecte anti vir et je n arives pas a arreter antivir je suis en mode sans échec car sinon je ne peux rien faire
ComboFix 10-10-07.02 - OEM 08/10/2010 18:22:45.1.2 - x86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.462 [GMT 2:00]
Lancé depuis: c:\documents and settings\OEM\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\OEM\Application Data\PriceGong
c:\documents and settings\OEM\Application Data\PriceGong\Data\1.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\a.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\b.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\c.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\d.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\e.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\f.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\g.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\h.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\i.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\J.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\k.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\l.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\m.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\n.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\o.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\p.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\q.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\r.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\s.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\t.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\u.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\v.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\w.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\x.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\y.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\z.xml
c:\documents and settings\OEM\Local Settings\Application Data\syssvc.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFPANSI
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-08 au 2010-10-08 ))))))))))))))))))))))))))))))))))))
.
2010-10-08 14:15 . 2010-10-08 14:16 -------- d-----w- c:\program files\ZHPDiag
2010-10-08 14:07 . 2010-10-08 14:28 -------- d---a-w- C:\Navilog1
2010-10-08 14:07 . 2010-10-08 14:28 -------- d-----w- c:\program files\Navilog1
2010-09-26 19:53 . 2010-09-26 19:53 -------- d-----w- c:\windows\Sun
2010-09-16 18:04 . 2010-09-16 18:04 -------- d-----w- c:\program files\Defraggler
2010-09-16 17:51 . 2010-09-28 16:53 -------- d-----w- c:\program files\CCleaner
2010-09-16 14:41 . 2010-09-16 14:41 -------- d-----w- c:\program files\FileHippo.com
2010-09-16 14:34 . 2010-09-16 14:34 503808 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a9c7a72-n\msvcp71.dll
2010-09-16 14:34 . 2010-09-16 14:34 499712 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a9c7a72-n\jmc.dll
2010-09-16 14:34 . 2010-09-16 14:34 348160 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a9c7a72-n\msvcr71.dll
2010-09-16 14:34 . 2010-09-16 14:34 12800 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-180baca3-n\decora-d3d.dll
2010-09-16 14:34 . 2010-09-16 14:34 61440 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-180baca3-n\decora-sse.dll
2010-09-16 14:34 . 2010-09-16 14:34 -------- d-----w- c:\program files\Fichiers communs\Java
2010-09-16 14:34 . 2010-09-16 14:33 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-16 14:33 . 2010-09-16 14:33 -------- d-----w- c:\program files\Java
2010-09-15 14:32 . 2010-09-15 14:32 59816 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 10:20 . 2010-09-15 18:28 -------- d-----w- c:\documents and settings\OEM\Local Settings\Application Data\slhrstnlw
2010-09-10 16:40 . 2010-09-10 16:40 -------- d-----w- c:\program files\Fichiers communs\Skype
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 15:08 . 2006-11-03 16:54 -------- d-----w- c:\documents and settings\OEM\Application Data\Image Zone Express
2010-10-07 11:04 . 2004-11-12 21:32 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-10-06 06:39 . 2004-08-05 12:00 80648 ----a-w- c:\windows\system32\perfc00C.dat
2010-10-06 06:39 . 2004-08-05 12:00 501734 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-29 12:10 . 2009-05-05 09:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-25 21:50 . 2009-09-05 17:34 -------- d-----w- c:\documents and settings\OEM\Application Data\Skype
2010-09-25 20:19 . 2009-09-05 17:39 -------- d-----w- c:\documents and settings\OEM\Application Data\skypePM
2010-09-16 17:57 . 2008-01-12 14:01 -------- d-----w- c:\documents and settings\OEM\Application Data\Media Player Classic
2010-09-16 17:20 . 2007-09-27 19:06 -------- d-----w- c:\program files\Google
2010-09-16 17:13 . 2008-03-23 17:51 -------- d-----w- c:\program files\Windows Live
2010-09-16 16:01 . 2004-11-27 19:52 -------- d-----w- c:\program files\QuickTime
2010-09-16 14:34 . 2006-04-13 15:15 -------- d-----w- c:\documents and settings\OEM\Application Data\ZipGenius
2010-09-16 14:23 . 2007-01-05 18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-16 14:23 . 2006-03-29 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-15 20:10 . 2009-11-12 07:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-20 11:22 . 2007-10-06 18:09 -------- d-----w- c:\documents and settings\OEM\Application Data\U3
2010-08-17 13:17 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-02 11:14 . 2010-07-29 15:13 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-22 15:48 . 2004-08-05 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2006-10-22 14:30 . 2006-10-22 14:30 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-09-02 4608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\OEM\Menu D'marrer\Programmes\D'marrage\
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-6-26 368640]
Outil de d'tection de support Picture Motion Browser.lnk.disabled [2008-7-2 2011]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
MioSync.lnk.disabled [2008-3-15 1721]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" /hide
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EEventManager"=c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lauyan\\TOWeb V3\\TOWeb.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [05/05/2009 12:21 108289]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/08/2010 13:17 135664]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [12/02/2006 18:22 28704]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/01/2007 17:09 639224]
.
Contenu du dossier 'Tâches planifiées'
2010-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 11:17]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 11:17]
2010-10-07 c:\windows\Tasks\User_Feed_Synchronization-{30AE1C13-F01A-4922-8E1B-4F3BB970D807}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://portail.free.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:33921
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{5CC384BB-1326-11D5-F4AE-00C04923F885}
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.hostingpics.net/membres/aurigma/Scripts/ImageUploader6.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-725345543-179605362-2147187605-1004\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0OE0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-725345543-179605362-2147187605-1004\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0OE0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState]
"008b-06a9"=dword:00000001
"008b-06ab"=dword:00000000
"008b-0514"="Format ARW"
"008b-0580"=""
"008b-0583"="c:\\Documents and Settings\\OEM\\Mes documents\\Image Data Converter SR\\Collections"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(6192)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\carpserv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-10-08 18:36:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-08 16:36
Avant-CF: 61 832 151 040 octets libres
Après-CF: 60 997 337 088 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EB8C1DA034CBF1C25C880BB82C2E86E9
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.462 [GMT 2:00]
Lancé depuis: c:\documents and settings\OEM\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\OEM\Application Data\PriceGong
c:\documents and settings\OEM\Application Data\PriceGong\Data\1.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\a.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\b.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\c.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\d.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\e.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\f.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\g.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\h.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\i.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\J.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\k.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\l.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\m.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\n.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\o.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\p.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\q.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\r.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\s.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\t.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\u.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\v.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\w.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\x.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\y.xml
c:\documents and settings\OEM\Application Data\PriceGong\Data\z.xml
c:\documents and settings\OEM\Local Settings\Application Data\syssvc.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFPANSI
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-08 au 2010-10-08 ))))))))))))))))))))))))))))))))))))
.
2010-10-08 14:15 . 2010-10-08 14:16 -------- d-----w- c:\program files\ZHPDiag
2010-10-08 14:07 . 2010-10-08 14:28 -------- d---a-w- C:\Navilog1
2010-10-08 14:07 . 2010-10-08 14:28 -------- d-----w- c:\program files\Navilog1
2010-09-26 19:53 . 2010-09-26 19:53 -------- d-----w- c:\windows\Sun
2010-09-16 18:04 . 2010-09-16 18:04 -------- d-----w- c:\program files\Defraggler
2010-09-16 17:51 . 2010-09-28 16:53 -------- d-----w- c:\program files\CCleaner
2010-09-16 14:41 . 2010-09-16 14:41 -------- d-----w- c:\program files\FileHippo.com
2010-09-16 14:34 . 2010-09-16 14:34 503808 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a9c7a72-n\msvcp71.dll
2010-09-16 14:34 . 2010-09-16 14:34 499712 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a9c7a72-n\jmc.dll
2010-09-16 14:34 . 2010-09-16 14:34 348160 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1a9c7a72-n\msvcr71.dll
2010-09-16 14:34 . 2010-09-16 14:34 12800 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-180baca3-n\decora-d3d.dll
2010-09-16 14:34 . 2010-09-16 14:34 61440 ----a-w- c:\documents and settings\OEM\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-180baca3-n\decora-sse.dll
2010-09-16 14:34 . 2010-09-16 14:34 -------- d-----w- c:\program files\Fichiers communs\Java
2010-09-16 14:34 . 2010-09-16 14:33 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-16 14:33 . 2010-09-16 14:33 -------- d-----w- c:\program files\Java
2010-09-15 14:32 . 2010-09-15 14:32 59816 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 10:20 . 2010-09-15 18:28 -------- d-----w- c:\documents and settings\OEM\Local Settings\Application Data\slhrstnlw
2010-09-10 16:40 . 2010-09-10 16:40 -------- d-----w- c:\program files\Fichiers communs\Skype
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 15:08 . 2006-11-03 16:54 -------- d-----w- c:\documents and settings\OEM\Application Data\Image Zone Express
2010-10-07 11:04 . 2004-11-12 21:32 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-10-06 06:39 . 2004-08-05 12:00 80648 ----a-w- c:\windows\system32\perfc00C.dat
2010-10-06 06:39 . 2004-08-05 12:00 501734 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-29 12:10 . 2009-05-05 09:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-25 21:50 . 2009-09-05 17:34 -------- d-----w- c:\documents and settings\OEM\Application Data\Skype
2010-09-25 20:19 . 2009-09-05 17:39 -------- d-----w- c:\documents and settings\OEM\Application Data\skypePM
2010-09-16 17:57 . 2008-01-12 14:01 -------- d-----w- c:\documents and settings\OEM\Application Data\Media Player Classic
2010-09-16 17:20 . 2007-09-27 19:06 -------- d-----w- c:\program files\Google
2010-09-16 17:13 . 2008-03-23 17:51 -------- d-----w- c:\program files\Windows Live
2010-09-16 16:01 . 2004-11-27 19:52 -------- d-----w- c:\program files\QuickTime
2010-09-16 14:34 . 2006-04-13 15:15 -------- d-----w- c:\documents and settings\OEM\Application Data\ZipGenius
2010-09-16 14:23 . 2007-01-05 18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-16 14:23 . 2006-03-29 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-15 20:10 . 2009-11-12 07:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-20 11:22 . 2007-10-06 18:09 -------- d-----w- c:\documents and settings\OEM\Application Data\U3
2010-08-17 13:17 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-02 11:14 . 2010-07-29 15:13 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-22 15:48 . 2004-08-05 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2006-10-22 14:30 . 2006-10-22 14:30 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-09-02 4608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\OEM\Menu D'marrer\Programmes\D'marrage\
Outil de d'tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-6-26 368640]
Outil de d'tection de support Picture Motion Browser.lnk.disabled [2008-7-2 2011]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
MioSync.lnk.disabled [2008-3-15 1721]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" /hide
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EEventManager"=c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lauyan\\TOWeb V3\\TOWeb.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [05/05/2009 12:21 108289]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/08/2010 13:17 135664]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [12/02/2006 18:22 28704]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/01/2007 17:09 639224]
.
Contenu du dossier 'Tâches planifiées'
2010-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 11:17]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 11:17]
2010-10-07 c:\windows\Tasks\User_Feed_Synchronization-{30AE1C13-F01A-4922-8E1B-4F3BB970D807}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://portail.free.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:33921
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{5CC384BB-1326-11D5-F4AE-00C04923F885}
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.hostingpics.net/membres/aurigma/Scripts/ImageUploader6.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-725345543-179605362-2147187605-1004\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0OE0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-725345543-179605362-2147187605-1004\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0OE0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState]
"008b-06a9"=dword:00000001
"008b-06ab"=dword:00000000
"008b-0514"="Format ARW"
"008b-0580"=""
"008b-0583"="c:\\Documents and Settings\\OEM\\Mes documents\\Image Data Converter SR\\Collections"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(6192)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\carpserv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-10-08 18:36:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-08 16:36
Avant-CF: 61 832 151 040 octets libres
Après-CF: 60 997 337 088 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EB8C1DA034CBF1C25C880BB82C2E86E9
dégage ça : c:\documents and settings\OEM\Local Settings\Application Data\slhrstnlw
vois s'il se manifeste encore et surf un peu voir si tu as d'autres soucis.
vois s'il se manifeste encore et surf un peu voir si tu as d'autres soucis.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
OK si t'as des prb, reviens sonner :)
Quelques liens.
Maintiens tes logiciel à jour c'est important, utilise ce programme : /faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
Absolument à faire.
Pour désinstaller Combofix :
- Menu Démarrer / exécuter et tape : Combofix /uninstall puis OK (attention il y a pas d'espace entre le / et le uninstall)
Un peu de lecture pour éviter les infections :
- connaitre et éviter les infections : https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
- sécuriser son PC : http://forum.malekal.com/comment-securiser-son-ordinateur.html
Fonctionnement malwares :
https://forums.commentcamarche.net/forum/affich-17725521-virus-programme-troyen
https://forums.commentcamarche.net/forum/affich-17746390-concernant-la-propagation-des-virus
Quelques liens.
Maintiens tes logiciel à jour c'est important, utilise ce programme : /faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
Absolument à faire.
Pour désinstaller Combofix :
- Menu Démarrer / exécuter et tape : Combofix /uninstall puis OK (attention il y a pas d'espace entre le / et le uninstall)
Un peu de lecture pour éviter les infections :
- connaitre et éviter les infections : https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
- sécuriser son PC : http://forum.malekal.com/comment-securiser-son-ordinateur.html
Fonctionnement malwares :
https://forums.commentcamarche.net/forum/affich-17725521-virus-programme-troyen
https://forums.commentcamarche.net/forum/affich-17746390-concernant-la-propagation-des-virus
