PC blindé de trojan horse help me!!!!
Legreco
Messages postés
3
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, voilà comme dit dans le titre, je suis blindé de trojan et je sais pas trop quoi faire j'ai utilisé ad aware il a rien trouvé, spybot 5 objet corrigés et avast à chaque foie que je démarre mon pc il m'en trouve des nouveaux. De plus je le suspecte de ne pas tout avoir viré quand j'ai fait la recherche :fou: . voilà le log de HJT. Si vous avez besoin d'autre chose prévenez moi je vous remercie d'avance pour votre aide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:45, on 06/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WerCon.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Niko\AppData\Local\Temp\Rar$EX00.433\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomkjkh.dll,#1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Niko\AppData\Local\Temp\ddcdd.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Niko\AppData\Local\Temp\geeeb.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8033 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:45, on 06/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WerCon.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Niko\AppData\Local\Temp\Rar$EX00.433\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomkjkh.dll,#1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Niko\AppData\Local\Temp\ddcdd.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Niko\AppData\Local\Temp\geeeb.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8033 bytes
A voir également:
- PC blindé de trojan horse help me!!!!
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
7 réponses
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomkjkh.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Niko\AppData\Local\Temp\ddcdd.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Niko\AppData\Local\Temp\geeeb.dll,#1
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
__________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\qomkjkh.dll
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
C:\Users\Niko\AppData\Local\Temp\geeeb.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomkjkh.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Niko\AppData\Local\Temp\ddcdd.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Niko\AppData\Local\Temp\geeeb.dll,#1
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
__________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\qomkjkh.dll
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
C:\Users\Niko\AppData\Local\Temp\geeeb.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
tout d'abord merci pour ton aide jlpjlp,
J'ai eu un problème avec lesscans en ligne aucun des deux liens que tu m'avais donné ne marche bien panda ne se lance même pas et bit defender je l'ai lancé 8 fois et à chaque fois il plantais vers la fin de plus je rajoute un log HJK car j'ai l'impression que de nouveaux fichiers dll se sont installés dans mes fichiers temp.
voila le rapport de move it:
DllUnregisterServer procedure not found in C:\Windows\system32\qomkjkh.dll
C:\Windows\system32\qomkjkh.dll NOT unregistered.
File move failed. C:\Windows\system32\qomkjkh.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll NOT unregistered.
File move failed. C:\Users\Niko\AppData\Local\Temp\ddcdd.dll scheduled to be moved on reboot.
File/Folder C:\Users\Niko\AppData\Local\Temp\geeeb.dll not found.
Created on 02/07/2008 15:12:40
Voila le rapport de comboFix
ComboFix 08-02.05.3 - Niko 2008-02-07 15:20:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2148 [GMT 1:00]
Endroit: C:\Users\Niko\Documents\Downloads\Programs\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\qomkjkh.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))))))))
.
2008-02-07 15:12 . 2008-02-07 15:12 <REP> d-------- C:\_OTMoveIt
2008-02-06 03:24 . 2008-02-06 03:24 <REP> d-------- C:\Users\Niko\AppData\Roaming\Media Player Classic
2008-02-06 02:51 . 2008-02-06 02:51 12,176 --a------ C:\Windows\System32\drivers\PROCEXP100.SYS
2008-02-06 01:43 . 2008-02-06 01:43 <REP> d-------- C:\Windows\Avira
2008-02-06 01:43 . 2008-02-06 01:43 <REP> d-------- C:\Program Files\Avira
2008-02-06 01:08 . 2008-02-06 01:09 <REP> d-------- C:\Users\All Users\Lavasoft
2008-02-06 01:08 . 2008-02-06 01:08 <REP> d-------- C:\Program Files\Lavasoft
2008-02-06 01:08 . 2008-02-06 01:09 <REP> d-------- C:\PROGRA~2\Lavasoft
2008-02-06 01:07 . 2008-02-06 02:41 <REP> d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-02-06 00:48 . 2008-02-06 00:48 <REP> d-------- C:\Windows\AU_Log
2008-02-06 00:43 . 2008-02-06 00:43 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-02-06 00:43 . 2008-02-06 00:43 286,720 --a------ C:\Windows\PATCH.EXE
2008-02-06 00:43 . 2008-02-06 00:43 69,689 --a------ C:\Windows\UNZIP.DLL
2008-02-04 11:28 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-04 11:28 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-04 11:28 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-04 11:27 . 2008-02-04 11:27 <REP> d-------- C:\Program Files\Alwil Software
2008-02-04 11:27 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-02-04 11:27 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-04 11:27 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-04 10:53 . 2008-02-04 10:53 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 10:38 . 2008-02-04 10:43 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-04 10:38 . 2008-02-04 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-04 10:38 . 2008-02-04 10:43 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-02-03 12:37 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll
2008-02-03 12:20 . 2008-02-03 12:20 <REP> d-------- C:\Program Files\eMule
2008-02-01 23:36 . 2004-06-16 00:00 57,344 --a------ C:\Windows\System32\WNASPINT.DLL
2008-02-01 23:02 . 2008-02-01 23:02 <REP> d-------- C:\Program Files\Alex Feinman
2008-02-01 22:54 . 2008-02-01 22:54 <REP> d-------- C:\Users\Niko\AppData\Roaming\Ahead
2008-02-01 22:52 . 2000-06-26 11:45 106,496 --a------ C:\Windows\System32\TwnLib20.dll
2008-02-01 22:51 . 2008-02-01 22:51 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-02-01 22:51 . 2008-02-01 23:24 <REP> d-------- C:\Program Files\Ahead
2008-02-01 22:51 . 2001-07-06 14:41 569,344 --a------ C:\Windows\System32\imagr5.dll
2008-02-01 22:51 . 2001-07-06 12:44 544,768 --a------ C:\Windows\System32\imagx5.dll
2008-02-01 22:51 . 2001-07-06 18:24 283,920 --a------ C:\Windows\System32\ImagXpr5.dll
2008-02-01 22:51 . 2001-07-09 11:50 155,648 --a------ C:\Windows\System32\NeroCheck.exe
2008-02-01 22:51 . 2001-06-26 08:15 38,912 --a------ C:\Windows\System32\picn20.dll
2008-02-01 22:02 . 2008-02-01 22:02 <REP> d-------- C:\Program Files\Alcohol Soft
2008-02-01 21:57 . 2008-02-01 21:57 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2008-02-01 21:26 . 2008-02-01 21:40 <REP> d-------- C:\Users\Niko\AppData\Roaming\fltk.org
2008-01-28 17:29 . 2008-01-28 17:29 <REP> d-------- C:\Users\Niko\AppData\Roaming\eMule
2008-01-28 17:29 . 2008-02-03 12:22 <REP> d-------- C:\Users\All Users\eMule
2008-01-28 17:29 . 2008-02-03 12:22 <REP> d-------- C:\PROGRA~2\eMule
2008-01-28 16:58 . 2008-01-28 16:58 <REP> d-------- C:\Program Files\Combined Community Codec Pack
2008-01-28 16:50 . 2008-01-28 17:04 <REP> d-------- C:\Users\Niko\AppData\Roaming\IDM
2008-01-28 16:50 . 2008-02-07 15:19 <REP> d-------- C:\Users\Niko\AppData\Roaming\DMCache
2008-01-28 16:50 . 2008-01-28 17:38 <REP> d-------- C:\Program Files\Internet Download Manager
2008-01-27 15:05 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-01-27 15:04 . 2008-01-27 15:05 <REP> d-------- C:\Program Files\Java
2008-01-27 15:04 . 2008-01-27 15:04 <REP> d-------- C:\Program Files\Common Files\Java
2008-01-26 19:32 . 2008-01-31 17:01 <REP> d-------- C:\Users\Niko\AppData\Roaming\Azureus
2008-01-26 19:32 . 2008-01-26 19:32 <REP> d-------- C:\Users\All Users\Azureus
2008-01-26 19:32 . 2008-01-26 19:32 <REP> d-------- C:\PROGRA~2\Azureus
2008-01-26 19:31 . 2008-01-26 19:37 <REP> d-------- C:\Program Files\Azureus
2008-01-25 17:07 . 2008-01-25 17:08 291,500,364 --a------ C:\Windows\MEMORY.DMP
2008-01-25 01:21 . 2008-01-25 01:21 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-01-24 22:58 . 2008-01-24 22:58 <REP> d-------- C:\Program Files\Common Files\NSV
2008-01-24 22:56 . 2008-01-31 17:01 <REP> d-------- C:\Users\Niko\AppData\Roaming\Winamp
2008-01-24 22:56 . 2008-01-24 22:56 <REP> d-------- C:\Program Files\Winamp
2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\Windows\System32\idmmbc.dll
2008-01-22 22:41 . 2008-01-22 22:41 <REP> d-------- C:\Defiler Backups
2008-01-22 17:15 . 2007-02-06 15:22 347,032 --a------ C:\Windows\System32\Mrvw24C.sys
2008-01-22 17:15 . 2007-01-19 18:01 312,320 --a------ C:\Windows\System32\Mrvw24B.sys
2008-01-22 17:15 . 2007-02-08 09:54 16,525 --a------ C:\Windows\System32\netmw24b.inf
2008-01-22 17:15 . 2007-02-08 09:54 16,514 --a------ C:\Windows\System32\netmw24c.inf
2008-01-22 17:15 . 2007-01-29 08:08 11,252 --a------ C:\Windows\System32\mrvw24c.cat
2008-01-22 17:15 . 2007-01-29 08:08 11,252 --a------ C:\Windows\System32\mrvw24b.cat
2008-01-22 15:49 . 2003-03-19 01:20 1,060,864 --a------ C:\Windows\System32\mfc71.dll
2008-01-22 15:49 . 2003-03-19 00:14 499,712 --a------ C:\Windows\System32\MSVCP71.dll
2008-01-22 15:49 . 2006-04-29 14:25 40,960 --a------ C:\Windows\System32\psfind.dll
2008-01-22 15:42 . 2008-01-22 15:42 <REP> d-------- C:\Program Files\THQ
2008-01-21 21:56 . 2008-01-21 21:56 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-01-21 21:56 . 2008-01-21 21:56 <REP> d-------- C:\PROGRA~2\Messenger Plus!
2008-01-21 20:07 . 2008-01-21 20:07 <REP> d-------- C:\Program Files\3DO
2008-01-21 19:53 . 1998-10-07 14:08 327,168 --a------ C:\Windows\IsUn040c.exe
2008-01-21 19:10 . 2008-01-21 19:10 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-21 18:17 . 2008-02-03 19:10 27,240 --a------ C:\Users\Niko\AppData\Roaming\nvModes.dat
2008-01-21 18:11 . 2008-01-21 18:12 <REP> d-------- C:\Program Files\shinrose
2008-01-21 15:32 . 2008-01-21 15:32 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-21 15:32 . 2008-01-21 15:32 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-21 15:32 . 2008-01-21 15:32 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-21 15:32 . 2008-01-21 15:32 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-21 15:32 . 2008-01-21 15:32 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-21 15:32 . 2008-01-21 15:32 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-21 15:32 . 2008-01-21 15:32 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-21 15:32 . 2008-01-21 15:32 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-21 15:32 . 2008-01-21 15:32 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-21 15:32 . 2008-01-21 15:32 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-21 15:31 . 2008-01-21 15:31 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-21 15:31 . 2008-01-21 15:31 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-21 15:31 . 2008-01-21 15:31 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-21 15:26 . 2008-01-21 15:26 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-01-21 15:26 . 2008-01-21 15:26 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-01-21 15:26 . 2008-01-21 15:26 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-01-21 15:26 . 2008-01-21 15:26 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-01-21 15:25 . 2008-01-21 15:25 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-01-21 15:23 . 2008-01-21 15:23 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-21 15:23 . 2008-01-21 15:23 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-21 15:23 . 2008-01-21 15:23 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-21 15:23 . 2008-01-21 15:23 2,048 --a------ C:\Windows\System32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 10:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 10:17 --------- d-----w C:\PROGRA~2\Symantec
2008-02-03 11:37 --------- d-----w C:\Program Files\CyberLink
2008-02-03 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 11:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-31 16:01 --------- d-----w C:\Program Files\HDReg
2008-01-28 23:58 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-01-27 14:17 --------- d-----w C:\PROGRA~2\CyberLink
2008-01-23 23:02 --------- d-----w C:\Program Files\Packard Bell
2008-01-21 14:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-21 14:34 --------- d-----w C:\Program Files\Windows Mail
2008-01-21 14:33 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-21 14:33 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-21 14:33 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-21 14:33 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-21 14:33 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-21 14:33 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-21 14:33 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-21 14:33 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-21 14:33 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-21 14:33 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-21 14:33 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-21 14:33 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-21 14:33 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-21 14:33 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-21 14:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 14:31 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-21 14:31 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-21 14:31 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-21 14:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-21 14:30 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-21 14:30 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-21 14:30 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-21 14:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-21 14:30 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-21 14:30 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-21 14:30 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-21 14:30 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-21 14:30 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-21 14:30 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-21 14:30 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-21 14:29 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-21 14:29 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-21 14:29 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-21 14:29 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-21 14:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-21 14:16 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-01-21 14:16 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-01-21 14:11 --------- d-----w C:\PROGRA~2\Sonic
2008-01-21 14:09 --------- d-----w C:\Program Files\Picasa2
2008-01-21 13:30 --------- d-----w C:\PROGRA~2\Skype
2008-01-21 13:20 --------- d-----w C:\Program Files\Intel
2008-01-21 13:15 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Modèles
2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Favoris
2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Bureau
2006-03-10 04:41 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 14:32 1120568]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-03-10 14:16 1006264]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 22:36 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 23:40 857648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 21:19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 21:19 8478720]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 21:19 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 13:38]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 14:45]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-07 13:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-02-07 13:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 15:22:08
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-07 15:22:44
ComboFix-quarantined-files.txt 2008-02-07 14:22:42
.
2008-02-05 20:51:27 --- E O F ---
et pour finir le log HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:14:38, on 08/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Niko\AppData\Local\Temp\Rar$EX00.716\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
J'ai eu un problème avec lesscans en ligne aucun des deux liens que tu m'avais donné ne marche bien panda ne se lance même pas et bit defender je l'ai lancé 8 fois et à chaque fois il plantais vers la fin de plus je rajoute un log HJK car j'ai l'impression que de nouveaux fichiers dll se sont installés dans mes fichiers temp.
voila le rapport de move it:
DllUnregisterServer procedure not found in C:\Windows\system32\qomkjkh.dll
C:\Windows\system32\qomkjkh.dll NOT unregistered.
File move failed. C:\Windows\system32\qomkjkh.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll NOT unregistered.
File move failed. C:\Users\Niko\AppData\Local\Temp\ddcdd.dll scheduled to be moved on reboot.
File/Folder C:\Users\Niko\AppData\Local\Temp\geeeb.dll not found.
Created on 02/07/2008 15:12:40
Voila le rapport de comboFix
ComboFix 08-02.05.3 - Niko 2008-02-07 15:20:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2148 [GMT 1:00]
Endroit: C:\Users\Niko\Documents\Downloads\Programs\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\qomkjkh.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))))))))
.
2008-02-07 15:12 . 2008-02-07 15:12 <REP> d-------- C:\_OTMoveIt
2008-02-06 03:24 . 2008-02-06 03:24 <REP> d-------- C:\Users\Niko\AppData\Roaming\Media Player Classic
2008-02-06 02:51 . 2008-02-06 02:51 12,176 --a------ C:\Windows\System32\drivers\PROCEXP100.SYS
2008-02-06 01:43 . 2008-02-06 01:43 <REP> d-------- C:\Windows\Avira
2008-02-06 01:43 . 2008-02-06 01:43 <REP> d-------- C:\Program Files\Avira
2008-02-06 01:08 . 2008-02-06 01:09 <REP> d-------- C:\Users\All Users\Lavasoft
2008-02-06 01:08 . 2008-02-06 01:08 <REP> d-------- C:\Program Files\Lavasoft
2008-02-06 01:08 . 2008-02-06 01:09 <REP> d-------- C:\PROGRA~2\Lavasoft
2008-02-06 01:07 . 2008-02-06 02:41 <REP> d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-02-06 00:48 . 2008-02-06 00:48 <REP> d-------- C:\Windows\AU_Log
2008-02-06 00:43 . 2008-02-06 00:43 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-02-06 00:43 . 2008-02-06 00:43 286,720 --a------ C:\Windows\PATCH.EXE
2008-02-06 00:43 . 2008-02-06 00:43 69,689 --a------ C:\Windows\UNZIP.DLL
2008-02-04 11:28 . 2007-12-04 13:54 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-02-04 11:28 . 2007-12-04 15:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-02-04 11:28 . 2007-12-04 15:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-02-04 11:27 . 2008-02-04 11:27 <REP> d-------- C:\Program Files\Alwil Software
2008-02-04 11:27 . 2007-12-04 14:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2008-02-04 11:27 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-02-04 11:27 . 2007-12-04 15:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-02-04 10:53 . 2008-02-04 10:53 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 10:38 . 2008-02-04 10:43 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-04 10:38 . 2008-02-04 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-04 10:38 . 2008-02-04 10:43 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-02-03 12:37 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll
2008-02-03 12:20 . 2008-02-03 12:20 <REP> d-------- C:\Program Files\eMule
2008-02-01 23:36 . 2004-06-16 00:00 57,344 --a------ C:\Windows\System32\WNASPINT.DLL
2008-02-01 23:02 . 2008-02-01 23:02 <REP> d-------- C:\Program Files\Alex Feinman
2008-02-01 22:54 . 2008-02-01 22:54 <REP> d-------- C:\Users\Niko\AppData\Roaming\Ahead
2008-02-01 22:52 . 2000-06-26 11:45 106,496 --a------ C:\Windows\System32\TwnLib20.dll
2008-02-01 22:51 . 2008-02-01 22:51 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-02-01 22:51 . 2008-02-01 23:24 <REP> d-------- C:\Program Files\Ahead
2008-02-01 22:51 . 2001-07-06 14:41 569,344 --a------ C:\Windows\System32\imagr5.dll
2008-02-01 22:51 . 2001-07-06 12:44 544,768 --a------ C:\Windows\System32\imagx5.dll
2008-02-01 22:51 . 2001-07-06 18:24 283,920 --a------ C:\Windows\System32\ImagXpr5.dll
2008-02-01 22:51 . 2001-07-09 11:50 155,648 --a------ C:\Windows\System32\NeroCheck.exe
2008-02-01 22:51 . 2001-06-26 08:15 38,912 --a------ C:\Windows\System32\picn20.dll
2008-02-01 22:02 . 2008-02-01 22:02 <REP> d-------- C:\Program Files\Alcohol Soft
2008-02-01 21:57 . 2008-02-01 21:57 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2008-02-01 21:26 . 2008-02-01 21:40 <REP> d-------- C:\Users\Niko\AppData\Roaming\fltk.org
2008-01-28 17:29 . 2008-01-28 17:29 <REP> d-------- C:\Users\Niko\AppData\Roaming\eMule
2008-01-28 17:29 . 2008-02-03 12:22 <REP> d-------- C:\Users\All Users\eMule
2008-01-28 17:29 . 2008-02-03 12:22 <REP> d-------- C:\PROGRA~2\eMule
2008-01-28 16:58 . 2008-01-28 16:58 <REP> d-------- C:\Program Files\Combined Community Codec Pack
2008-01-28 16:50 . 2008-01-28 17:04 <REP> d-------- C:\Users\Niko\AppData\Roaming\IDM
2008-01-28 16:50 . 2008-02-07 15:19 <REP> d-------- C:\Users\Niko\AppData\Roaming\DMCache
2008-01-28 16:50 . 2008-01-28 17:38 <REP> d-------- C:\Program Files\Internet Download Manager
2008-01-27 15:05 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-01-27 15:04 . 2008-01-27 15:05 <REP> d-------- C:\Program Files\Java
2008-01-27 15:04 . 2008-01-27 15:04 <REP> d-------- C:\Program Files\Common Files\Java
2008-01-26 19:32 . 2008-01-31 17:01 <REP> d-------- C:\Users\Niko\AppData\Roaming\Azureus
2008-01-26 19:32 . 2008-01-26 19:32 <REP> d-------- C:\Users\All Users\Azureus
2008-01-26 19:32 . 2008-01-26 19:32 <REP> d-------- C:\PROGRA~2\Azureus
2008-01-26 19:31 . 2008-01-26 19:37 <REP> d-------- C:\Program Files\Azureus
2008-01-25 17:07 . 2008-01-25 17:08 291,500,364 --a------ C:\Windows\MEMORY.DMP
2008-01-25 01:21 . 2008-01-25 01:21 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-01-24 22:58 . 2008-01-24 22:58 <REP> d-------- C:\Program Files\Common Files\NSV
2008-01-24 22:56 . 2008-01-31 17:01 <REP> d-------- C:\Users\Niko\AppData\Roaming\Winamp
2008-01-24 22:56 . 2008-01-24 22:56 <REP> d-------- C:\Program Files\Winamp
2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\Windows\System32\idmmbc.dll
2008-01-22 22:41 . 2008-01-22 22:41 <REP> d-------- C:\Defiler Backups
2008-01-22 17:15 . 2007-02-06 15:22 347,032 --a------ C:\Windows\System32\Mrvw24C.sys
2008-01-22 17:15 . 2007-01-19 18:01 312,320 --a------ C:\Windows\System32\Mrvw24B.sys
2008-01-22 17:15 . 2007-02-08 09:54 16,525 --a------ C:\Windows\System32\netmw24b.inf
2008-01-22 17:15 . 2007-02-08 09:54 16,514 --a------ C:\Windows\System32\netmw24c.inf
2008-01-22 17:15 . 2007-01-29 08:08 11,252 --a------ C:\Windows\System32\mrvw24c.cat
2008-01-22 17:15 . 2007-01-29 08:08 11,252 --a------ C:\Windows\System32\mrvw24b.cat
2008-01-22 15:49 . 2003-03-19 01:20 1,060,864 --a------ C:\Windows\System32\mfc71.dll
2008-01-22 15:49 . 2003-03-19 00:14 499,712 --a------ C:\Windows\System32\MSVCP71.dll
2008-01-22 15:49 . 2006-04-29 14:25 40,960 --a------ C:\Windows\System32\psfind.dll
2008-01-22 15:42 . 2008-01-22 15:42 <REP> d-------- C:\Program Files\THQ
2008-01-21 21:56 . 2008-01-21 21:56 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-01-21 21:56 . 2008-01-21 21:56 <REP> d-------- C:\PROGRA~2\Messenger Plus!
2008-01-21 20:07 . 2008-01-21 20:07 <REP> d-------- C:\Program Files\3DO
2008-01-21 19:53 . 1998-10-07 14:08 327,168 --a------ C:\Windows\IsUn040c.exe
2008-01-21 19:10 . 2008-01-21 19:10 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-21 18:17 . 2008-02-03 19:10 27,240 --a------ C:\Users\Niko\AppData\Roaming\nvModes.dat
2008-01-21 18:11 . 2008-01-21 18:12 <REP> d-------- C:\Program Files\shinrose
2008-01-21 15:32 . 2008-01-21 15:32 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-21 15:32 . 2008-01-21 15:32 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-21 15:32 . 2008-01-21 15:32 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-21 15:32 . 2008-01-21 15:32 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-21 15:32 . 2008-01-21 15:32 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-21 15:32 . 2008-01-21 15:32 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-21 15:32 . 2008-01-21 15:32 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-21 15:32 . 2008-01-21 15:32 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-21 15:32 . 2008-01-21 15:32 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-21 15:32 . 2008-01-21 15:32 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-21 15:31 . 2008-01-21 15:31 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-21 15:31 . 2008-01-21 15:31 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-21 15:31 . 2008-01-21 15:31 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-21 15:26 . 2008-01-21 15:26 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-01-21 15:26 . 2008-01-21 15:26 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-01-21 15:26 . 2008-01-21 15:26 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-01-21 15:26 . 2008-01-21 15:26 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-01-21 15:25 . 2008-01-21 15:25 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-01-21 15:23 . 2008-01-21 15:23 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-21 15:23 . 2008-01-21 15:23 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-21 15:23 . 2008-01-21 15:23 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-21 15:23 . 2008-01-21 15:23 2,048 --a------ C:\Windows\System32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 10:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 10:17 --------- d-----w C:\PROGRA~2\Symantec
2008-02-03 11:37 --------- d-----w C:\Program Files\CyberLink
2008-02-03 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 11:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-31 16:01 --------- d-----w C:\Program Files\HDReg
2008-01-28 23:58 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-01-27 14:17 --------- d-----w C:\PROGRA~2\CyberLink
2008-01-23 23:02 --------- d-----w C:\Program Files\Packard Bell
2008-01-21 14:34 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-21 14:34 --------- d-----w C:\Program Files\Windows Mail
2008-01-21 14:33 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-21 14:33 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-21 14:33 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-21 14:33 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-21 14:33 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-21 14:33 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-21 14:33 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-21 14:33 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-21 14:33 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-21 14:33 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-21 14:33 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-21 14:33 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-21 14:33 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-21 14:33 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-21 14:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 14:31 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-21 14:31 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-21 14:31 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-21 14:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-21 14:30 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-21 14:30 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-21 14:30 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-21 14:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-21 14:30 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-21 14:30 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-21 14:30 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-21 14:30 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-21 14:30 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-21 14:30 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-21 14:30 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-21 14:29 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-21 14:29 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-21 14:29 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-21 14:29 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-21 14:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-21 14:16 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-01-21 14:16 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-01-21 14:11 --------- d-----w C:\PROGRA~2\Sonic
2008-01-21 14:09 --------- d-----w C:\Program Files\Picasa2
2008-01-21 13:30 --------- d-----w C:\PROGRA~2\Skype
2008-01-21 13:20 --------- d-----w C:\Program Files\Intel
2008-01-21 13:15 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Modèles
2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Favoris
2008-01-21 13:15 --------- d-sh--w C:\PROGRA~2\Bureau
2006-03-10 04:41 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 14:32 1120568]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-03-10 14:16 1006264]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 22:36 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 23:40 857648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 21:19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 21:19 8478720]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 21:19 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 13:38]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 14:45]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-07 13:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-02-07 13:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 15:22:08
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-07 15:22:44
ComboFix-quarantined-files.txt 2008-02-07 14:22:42
.
2008-02-05 20:51:27 --- E O F ---
et pour finir le log HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:14:38, on 08/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Niko\AppData\Local\Temp\Rar$EX00.716\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tu peux fixer ces lignes (fix cheked)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
____________
refais pour verifeir otmovit
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________________
encore des alertes avast? que donne le scan en ligne?
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
____________
refais pour verifeir otmovit
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________________
encore des alertes avast? que donne le scan en ligne?
Voilà le result de MoveIT, et merci encore!!!
Comment faire aussi pour être sûr que mon PC n'a plus de Trojan et autres virus???
DllUnregisterServer procedure not found in C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll NOT unregistered.
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll moved successfully.
Created on 02/08/2008 17:05:27
Comment faire aussi pour être sûr que mon PC n'a plus de Trojan et autres virus???
DllUnregisterServer procedure not found in C:\Users\Niko\AppData\Local\Temp\ddcdd.dll
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll NOT unregistered.
C:\Users\Niko\AppData\Local\Temp\ddcdd.dll moved successfully.
Created on 02/08/2008 17:05:27
supprime ce qui est dans le dossier moved files en allant dans poste de travail puis
C:\_OTMoveIt\MovedFiles
______________
pour verifier
analyse avec ton antivirus et
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
C:\_OTMoveIt\MovedFiles
______________
pour verifier
analyse avec ton antivirus et
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
