Lire hijack rapport
Guillaume
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Je suspecte depuis qq temps la présence d'un Trojan ou spyware sur mon ordinateur. Malgré l'utilisation de Trojanhunter, de spybot je n'ai toujours pas résolu mon problème ( ouverture de fenetres publicitaires intempestives, UC ralenti...)
J'ai donc fait un rapport hijack que voici ci dessous, est-ce que quelq'un pourrait me l'interpréter?
Merci beaucoup
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:40, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Norton AntiVirus\NAVW32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {483F1D5A-7AC7-411F-AF7A-784F3F49987F} - C:\WINDOWS\system32\diskcop.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messager Wanadoo - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://support.lenovo.com/fr/en/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing)
O21 - SSODL: syshelps - {85D18D33-7CD0-4125-99AB-95F9D96E2BE9} - syshelps.dll (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
Je suspecte depuis qq temps la présence d'un Trojan ou spyware sur mon ordinateur. Malgré l'utilisation de Trojanhunter, de spybot je n'ai toujours pas résolu mon problème ( ouverture de fenetres publicitaires intempestives, UC ralenti...)
J'ai donc fait un rapport hijack que voici ci dessous, est-ce que quelq'un pourrait me l'interpréter?
Merci beaucoup
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:40, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Norton AntiVirus\NAVW32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {483F1D5A-7AC7-411F-AF7A-784F3F49987F} - C:\WINDOWS\system32\diskcop.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messager Wanadoo - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://support.lenovo.com/fr/en/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing)
O21 - SSODL: syshelps - {85D18D33-7CD0-4125-99AB-95F9D96E2BE9} - syshelps.dll (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
A voir également:
- Lire hijack rapport
- Lire le coran en français pdf - Télécharger - Histoire & Religion
- Lire epub - Guide
- Lire fichier bin - Guide
- Lire iso - Guide
- Comment lire un message supprimé sur whatsapp - Guide
6 réponses
bonsoir
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Bonjour.
Cà va du méchant à l'inutile
A fixer
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr .cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing
Par politesse ne laisse pas la personne qui t'as aidé sans réponse.Un petit mot çà encourage.
Cà va du méchant à l'inutile
A fixer
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr .cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing
Par politesse ne laisse pas la personne qui t'as aidé sans réponse.Un petit mot çà encourage.
Merci Cesel45, mais c'est curieux maintenant je ne retrouve plus le deuxième et dernier truc que tu m'a dit de fixer... enfin...
en espérant une amélioration de la situation....
en espérant une amélioration de la situation....
ouhouh?!
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
voila voila, ce fut un peu long mais cela est du a mon unité centrale : en permanence a 100% ... la aussi il doit bien y avoir un pb
donc voici le rapport que tu ma demandé
ComboFix 07-11-08.1 - test 2007-11-17 22:52:27.1 - NTFSx86
Running from: C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\2APAVNPX\ComboFix[1].exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\test\Application Data\inst.exe
C:\Documents and Settings\test\new.txt
C:\WINDOWS\photos.zip
C:\WINDOWS\system32\diskcop.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 22:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 22:06 <REP> d-------- C:\Program Files\Trend Micro
2007-11-17 20:42 <REP> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-17 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-08 19:47 <REP> d-------- C:\Program Files\Sony Ericsson
2007-11-08 19:20 18,688 C:\WINDOWS\system32\drivers\nwiczbjh.dat
2007-11-08 19:20 5,120 C:\WINDOWS\system32\drivers\zzyaamwa.dat
2007-11-08 19:19 93,696 --a------ C:\WINDOWS\system32\diskcop.dll
2007-11-08 19:10 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-11-08 19:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-06 16:37 <REP> d-------- C:\WINDOWS\system32\Inetsrv6
2007-11-06 14:19 <REP> d-------- C:\Program Files\Steinberg
2007-11-05 13:35 65,024 --a------ C:\WINDOWS\system32\spads.dll
2007-11-04 21:23 <REP> d-------- C:\Documents and Settings\test\Application Data\Nero
2007-11-04 21:17 <REP> d-------- C:\Program Files\Nero
2007-11-04 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-11-04 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-04 20:04 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-11-04 20:04 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-11-04 20:04 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-11-04 20:04 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-11-04 20:04 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-11-04 17:58 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-11-04 17:51 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2007-11-04 17:51 <REP> d-------- C:\Documents and Settings\test\Application Data\TuneUp Software
2007-11-04 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-11-04 17:51 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-11-02 14:10 <REP> d-------- C:\Program Files\eMule
2007-10-29 19:08 <REP> d-------- C:\Program Files\AVS4YOU
2007-10-29 19:08 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-10-29 11:04 <REP> d-------- C:\Documents and Settings\test\Application Data\Nvu
2007-10-29 11:03 <REP> d-------- C:\Program Files\Nvu
2007-10-25 15:42 <REP> d-------- C:\Program Files\Solid Edge 2D Drafting V19
2007-10-19 17:52 <REP> d-------- C:\Program Files\IcoFX 1.5
2007-10-19 17:52 <REP> d-------- C:\Documents and Settings\test\Application Data\IcoFX
2007-10-17 18:23 10,752 --a------ C:\WINDOWS\system32\WhoisCL.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:46 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-13 18:55 38,200 ----a-w C:\Documents and Settings\test\Application Data\wklnhst.dat
2007-11-12 19:32 --------- d-----w C:\Program Files\Wanadoo
2007-11-08 18:37 --------- d-----w C:\Program Files\LimeWire
2007-11-06 17:05 --------- d-----w C:\Program Files\PCFriendly
2007-11-04 20:03 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-04 20:03 --------- d-----w C:\Program Files\Ahead
2007-11-04 18:31 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-04 16:50 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-25 16:38 --------- d-----w C:\Program Files\Syncrosoft
2007-10-25 13:48 --------- d-----w C:\Program Files\Microsoft Games
2007-10-25 13:32 --------- d-----w C:\Program Files\UBISOFT
2007-10-25 13:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 13:28 --------- d-----w C:\Program Files\VirginMega
2007-10-13 10:54 --------- d-----w C:\Documents and Settings\test\Application Data\Graphe Easy
2007-10-13 10:53 --------- d-----w C:\Program Files\Graphe Easy 2.23
2007-10-07 16:28 286,720 ------w C:\WINDOWS\Setup1.exe
2007-10-06 19:25 --------- d-----w C:\Documents and Settings\test\Application Data\uTorrent
2007-10-05 16:31 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-05 16:31 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-05 16:31 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-05 16:31 --------- d-----w C:\Program Files\Symantec
2007-09-29 17:52 --------- d-----w C:\Program Files\Evariste
2007-09-24 08:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 08:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-22 12:57 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-09-21 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-05-27 17:50 47,360 ----a-w C:\Documents and Settings\test\Application Data\pcouffin.sys
2006-10-14 14:24 104,984 ----a-w C:\Documents and Settings\test\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 15:22 91,265 ----a-w C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 15:22 49,149 ----a-w C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 15:21 41,996 ----a-w C:\Program Files\dxdllreg_x86.cab
2006-09-28 15:21 183,321 ----a-w C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 15:21 138,977 ----a-w C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 15:21 1,413,862 ----a-w C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 15:21 1,128,177 ----a-w C:\Program Files\OCT2006_d3dx9_31_x86.cab
2006-09-28 14:55 976,020 ------w C:\Program Files\BDAXP.cab
2006-09-28 14:55 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2006-09-28 14:55 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2006-09-28 14:55 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2006-09-28 14:55 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2006-09-28 14:55 82,374 ----a-w C:\Program Files\dxupdate.cab
2006-09-28 14:55 74,520 ----a-w C:\Program Files\DSETUP.dll
2006-09-28 14:55 703,080 ------w C:\Program Files\BDA.cab
2006-09-28 14:55 484,632 ----a-w C:\Program Files\DXSETUP.exe
2006-09-28 14:55 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2006-09-28 14:55 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2006-09-28 14:55 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2006-09-28 14:55 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 14:55 2,248,984 ----a-w C:\Program Files\dsetup32.dll
2006-09-28 14:55 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2006-09-28 14:55 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2006-09-28 14:55 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2006-09-28 14:55 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2006-09-28 14:55 15,493,481 -c----w C:\Program Files\DirectX.cab
2006-09-28 14:55 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab
2006-09-28 14:55 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab
2006-09-28 14:55 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
2006-09-28 14:55 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab
2006-09-28 14:55 13,265,040 ------w C:\Program Files\dxnt.cab
2006-09-28 14:55 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-09-28 14:55 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-09-28 14:55 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-09-28 14:55 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-09-28 14:55 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-09-28 14:55 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-09-28 14:55 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-09-28 14:55 1,156,363 ------w C:\Program Files\BDANT.cab
2006-09-28 14:55 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-09-28 14:55 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-09-28 14:55 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-09-28 14:55 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-09-28 14:55 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-09-28 14:55 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-09-28 14:55 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2006-06-10 10:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-06-18 17:45 284 ----a-w C:\Documents and Settings\test\Application Data\ViewerApp.dat
2002-03-31 03:35 6,144 ----a-w C:\Program Files\DLL16.DLL
2002-03-21 08:20 204,849 ----a-w C:\Program Files\DLL32.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{483F1D5A-7AC7-411F-AF7A-784F3F49987F}]
2001-08-28 04:00 93696 --a------ C:\WINDOWS\system32\diskcop.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
2007-11-05 13:35 65024 --a------ C:\WINDOWS\system32\spads.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 13:47]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26]
"nwiz"="nwiz.exe" [2005-11-11 13:47 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 13:47]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-19 20:51]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-09-11 15:20]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 16:51]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 18:42]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFEHOME Agent]
C:\Program Files\Steganos Safe Home\SteganosAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFEHOME HotKeys]
C:\Program Files\Steganos Safe Home\SteganosHotKeyService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Wlancfg"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
"spa_start"=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{863397c1-22fa-11dc-9780-00032f487afe}]
\shell\start\command - C:\Program Files\Samsung\Samsung Media Studio 5\SMSMain.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97af18fc-7654-11dc-97dd-00032f487afe}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}]
rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-04 16:52:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-09 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - test.job"
"2007-11-17 22:30:59 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C6A628F1-549A-4E76-B9B9-07D072459A5F}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 23:29:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-17 23:35:59 - machine was rebooted
.
--- E O F ---
voila voila, ce fut un peu long mais cela est du a mon unité centrale : en permanence a 100% ... la aussi il doit bien y avoir un pb
donc voici le rapport que tu ma demandé
ComboFix 07-11-08.1 - test 2007-11-17 22:52:27.1 - NTFSx86
Running from: C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\2APAVNPX\ComboFix[1].exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\test\Application Data\inst.exe
C:\Documents and Settings\test\new.txt
C:\WINDOWS\photos.zip
C:\WINDOWS\system32\diskcop.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 22:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 22:06 <REP> d-------- C:\Program Files\Trend Micro
2007-11-17 20:42 <REP> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-17 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-08 19:47 <REP> d-------- C:\Program Files\Sony Ericsson
2007-11-08 19:20 18,688 C:\WINDOWS\system32\drivers\nwiczbjh.dat
2007-11-08 19:20 5,120 C:\WINDOWS\system32\drivers\zzyaamwa.dat
2007-11-08 19:19 93,696 --a------ C:\WINDOWS\system32\diskcop.dll
2007-11-08 19:10 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-11-08 19:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-06 16:37 <REP> d-------- C:\WINDOWS\system32\Inetsrv6
2007-11-06 14:19 <REP> d-------- C:\Program Files\Steinberg
2007-11-05 13:35 65,024 --a------ C:\WINDOWS\system32\spads.dll
2007-11-04 21:23 <REP> d-------- C:\Documents and Settings\test\Application Data\Nero
2007-11-04 21:17 <REP> d-------- C:\Program Files\Nero
2007-11-04 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-11-04 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-04 20:04 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-11-04 20:04 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-11-04 20:04 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-11-04 20:04 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-11-04 20:04 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-11-04 17:58 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-11-04 17:51 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2007-11-04 17:51 <REP> d-------- C:\Documents and Settings\test\Application Data\TuneUp Software
2007-11-04 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-11-04 17:51 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-11-02 14:10 <REP> d-------- C:\Program Files\eMule
2007-10-29 19:08 <REP> d-------- C:\Program Files\AVS4YOU
2007-10-29 19:08 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-10-29 11:04 <REP> d-------- C:\Documents and Settings\test\Application Data\Nvu
2007-10-29 11:03 <REP> d-------- C:\Program Files\Nvu
2007-10-25 15:42 <REP> d-------- C:\Program Files\Solid Edge 2D Drafting V19
2007-10-19 17:52 <REP> d-------- C:\Program Files\IcoFX 1.5
2007-10-19 17:52 <REP> d-------- C:\Documents and Settings\test\Application Data\IcoFX
2007-10-17 18:23 10,752 --a------ C:\WINDOWS\system32\WhoisCL.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:46 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-13 18:55 38,200 ----a-w C:\Documents and Settings\test\Application Data\wklnhst.dat
2007-11-12 19:32 --------- d-----w C:\Program Files\Wanadoo
2007-11-08 18:37 --------- d-----w C:\Program Files\LimeWire
2007-11-06 17:05 --------- d-----w C:\Program Files\PCFriendly
2007-11-04 20:03 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-04 20:03 --------- d-----w C:\Program Files\Ahead
2007-11-04 18:31 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-04 16:50 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-25 16:38 --------- d-----w C:\Program Files\Syncrosoft
2007-10-25 13:48 --------- d-----w C:\Program Files\Microsoft Games
2007-10-25 13:32 --------- d-----w C:\Program Files\UBISOFT
2007-10-25 13:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 13:28 --------- d-----w C:\Program Files\VirginMega
2007-10-13 10:54 --------- d-----w C:\Documents and Settings\test\Application Data\Graphe Easy
2007-10-13 10:53 --------- d-----w C:\Program Files\Graphe Easy 2.23
2007-10-07 16:28 286,720 ------w C:\WINDOWS\Setup1.exe
2007-10-06 19:25 --------- d-----w C:\Documents and Settings\test\Application Data\uTorrent
2007-10-05 16:31 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-05 16:31 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-05 16:31 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-05 16:31 --------- d-----w C:\Program Files\Symantec
2007-09-29 17:52 --------- d-----w C:\Program Files\Evariste
2007-09-24 08:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 08:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-22 12:57 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-09-21 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-05-27 17:50 47,360 ----a-w C:\Documents and Settings\test\Application Data\pcouffin.sys
2006-10-14 14:24 104,984 ----a-w C:\Documents and Settings\test\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 15:22 91,265 ----a-w C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 15:22 49,149 ----a-w C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 15:21 41,996 ----a-w C:\Program Files\dxdllreg_x86.cab
2006-09-28 15:21 183,321 ----a-w C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 15:21 138,977 ----a-w C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 15:21 1,413,862 ----a-w C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 15:21 1,128,177 ----a-w C:\Program Files\OCT2006_d3dx9_31_x86.cab
2006-09-28 14:55 976,020 ------w C:\Program Files\BDAXP.cab
2006-09-28 14:55 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2006-09-28 14:55 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2006-09-28 14:55 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2006-09-28 14:55 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2006-09-28 14:55 82,374 ----a-w C:\Program Files\dxupdate.cab
2006-09-28 14:55 74,520 ----a-w C:\Program Files\DSETUP.dll
2006-09-28 14:55 703,080 ------w C:\Program Files\BDA.cab
2006-09-28 14:55 484,632 ----a-w C:\Program Files\DXSETUP.exe
2006-09-28 14:55 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2006-09-28 14:55 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2006-09-28 14:55 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2006-09-28 14:55 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 14:55 2,248,984 ----a-w C:\Program Files\dsetup32.dll
2006-09-28 14:55 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2006-09-28 14:55 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2006-09-28 14:55 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2006-09-28 14:55 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2006-09-28 14:55 15,493,481 -c----w C:\Program Files\DirectX.cab
2006-09-28 14:55 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab
2006-09-28 14:55 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab
2006-09-28 14:55 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
2006-09-28 14:55 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab
2006-09-28 14:55 13,265,040 ------w C:\Program Files\dxnt.cab
2006-09-28 14:55 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-09-28 14:55 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-09-28 14:55 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-09-28 14:55 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-09-28 14:55 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-09-28 14:55 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-09-28 14:55 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-09-28 14:55 1,156,363 ------w C:\Program Files\BDANT.cab
2006-09-28 14:55 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-09-28 14:55 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-09-28 14:55 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-09-28 14:55 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-09-28 14:55 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-09-28 14:55 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-09-28 14:55 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2006-06-10 10:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-06-18 17:45 284 ----a-w C:\Documents and Settings\test\Application Data\ViewerApp.dat
2002-03-31 03:35 6,144 ----a-w C:\Program Files\DLL16.DLL
2002-03-21 08:20 204,849 ----a-w C:\Program Files\DLL32.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{483F1D5A-7AC7-411F-AF7A-784F3F49987F}]
2001-08-28 04:00 93696 --a------ C:\WINDOWS\system32\diskcop.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
2007-11-05 13:35 65024 --a------ C:\WINDOWS\system32\spads.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 13:47]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26]
"nwiz"="nwiz.exe" [2005-11-11 13:47 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 13:47]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-19 20:51]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-09-11 15:20]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 16:51]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 18:42]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFEHOME Agent]
C:\Program Files\Steganos Safe Home\SteganosAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFEHOME HotKeys]
C:\Program Files\Steganos Safe Home\SteganosHotKeyService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Wlancfg"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
"spa_start"=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{863397c1-22fa-11dc-9780-00032f487afe}]
\shell\start\command - C:\Program Files\Samsung\Samsung Media Studio 5\SMSMain.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97af18fc-7654-11dc-97dd-00032f487afe}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}]
rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-04 16:52:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-09 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - test.job"
"2007-11-17 22:30:59 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C6A628F1-549A-4E76-B9B9-07D072459A5F}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 23:29:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-17 23:35:59 - machine was rebooted
.
--- E O F ---
bonsoir guillaume,
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.
1/Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
2/FAIS UN CLIC-DROIT sur le lien suivant
http://perso.orange.fr/Chercheur-perso/scrïpts/toolbar.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger Toolbar.bfu de Chercheur
Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utilises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Toolbar.bfu et BFU.exe (très important).
3/ Redémarre en mode Sans Échec :
au redémarrage, tapote immédiatement la touche F8 ou F5;
tu verras un écran avec choix de démarrages apparaitre.
Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée".
Choisis ton compte usuel, et non Administrateur.
4/ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
Clique sur le petit dossier jaune, à la droite de la boîte scrïptline to execute, et
double-clique sur :
Toolbar.bfu
Dans la boîte "scrïptline to execute", tu devrais maintenant voir ceci :
C:\BFU\Toolbar.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete scrïpt execution apparaisse et clique sur OK.
Clique Exit pour fermer le programme BFU.
5/Redémarre normalement et post in nouveau hijack this stp
@+
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.
1/Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
2/FAIS UN CLIC-DROIT sur le lien suivant
http://perso.orange.fr/Chercheur-perso/scrïpts/toolbar.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger Toolbar.bfu de Chercheur
Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utilises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Toolbar.bfu et BFU.exe (très important).
3/ Redémarre en mode Sans Échec :
au redémarrage, tapote immédiatement la touche F8 ou F5;
tu verras un écran avec choix de démarrages apparaitre.
Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée".
Choisis ton compte usuel, et non Administrateur.
4/ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
Clique sur le petit dossier jaune, à la droite de la boîte scrïptline to execute, et
double-clique sur :
Toolbar.bfu
Dans la boîte "scrïptline to execute", tu devrais maintenant voir ceci :
C:\BFU\Toolbar.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete scrïpt execution apparaisse et clique sur OK.
Clique Exit pour fermer le programme BFU.
5/Redémarre normalement et post in nouveau hijack this stp
@+
