Sujet Précédent Sujet Suivant

Se débarasser de file secure

Fermé
eugenie28 Messages postés 1 Date d'inscription vendredi 22 février 2008 Statut Membre Dernière intervention 22 février 2008 - 22 févr. 2008 à 05:03
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 27 mars 2008 à 18:18
Bonjour,
je n'arrive pas à me débarasser de file secure j'ai supprimé le programme mais j'ai toujours un encar qui me dit qu'il y a un trojan alors qu'il n'y en a pas?
A voir également:

20 réponses

Réponse 1 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
22 févr. 2008 à 05:14
Bonjour,

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

@+
0
Réponse 2 / 20
noctambule28 Messages postés 31900 Date d'inscription samedi 12 mai 2007 Statut Webmaster Dernière intervention 13 février 2022 2 858
22 févr. 2008 à 05:14
bonjour/nuit

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
ou
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp


puis ceci

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement


Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
a+
0
Réponse 3 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
22 févr. 2008 à 23:28
eugenie28.

Tu en es ou?

@+
0
Réponse 4 / 20
julien0709
19 mars 2008 à 14:36
Bonjour,

J'ai le meme probleme avec files secure. Voici mon analyse avec hjack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:25, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.be%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Media Player - {D5A7151F-58D0-4AC8-9329-BEDD59625679} - C:\WINDOWS\wmpdxm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54800849-E427-452F-B454-249846376B93}: NameServer = 195.238.2.21 195.238.2.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c005BB36.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
noctambule28 Messages postés 31900 Date d'inscription samedi 12 mai 2007 Statut Webmaster Dernière intervention 13 février 2022 2 858
19 mars 2008 à 15:17
salut julien, girly.

girly, si je suis absent, tu peux tout à fait poursuivre à ma place

julien
il aurait été mieux que tu crées ton propre sujet .........mais bon vu que celui -ci à été abandonné!!!!

il y a du boulot

Commence par télécharger ComboFix ici:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau.
Regardes ici, si tu souhaites te familiariser avec son utilisation:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

/!\ Pendant toute la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme et ne surfe pas sur le net.

@sivre
0
Réponse 6 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
19 mars 2008 à 19:29
Ok noctambule28 ;-)
@+
0
Réponse 7 / 20
atlas
26 mars 2008 à 07:55
bonjour j ai moi aussi ce probleme mais sous vista j ai lance hijack this et voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:54:42, on 26/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIACE.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\TVPlay\TVPService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Hp\HP Software Update\HPWUCli.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Player Codec - {3084A75F-5350-4D8B-BC5F-6B378035C133} - C:\Windows\dsaip32b.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - S-1-5-21-3384732127-3189778914-4127460457-1006 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 8 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 mars 2008 à 17:10
salut atlas :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+
0
Réponse 9 / 20
atlas
26 mars 2008 à 19:59
voici mon rapport et merci pour votre aide:ComboFix 08-03-25.1 - Pascual vincent 2008-03-26 19:51:04.2 - NTFSx86

Endroit: C:\Users\Pascual vincent\Desktop\ComboFix.exe
.
/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 18:50 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\uTorrent
2008-03-26 06:40 44,021 ----a-w C:\Users\Pascual vincent\AppData\Roaming\nvModes.dat
2008-03-26 06:40 --------- d-----w C:\Program Files\MSN Messenger
2008-03-26 06:38 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\OpenOffice.org2
2008-03-25 22:42 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\Grisoft
2008-03-25 22:41 --------- d-----w C:\ProgramData\Grisoft
2008-03-25 22:34 --------- d-----w C:\Program Files\Navilog1
2008-03-25 22:18 --------- d-----w C:\Program Files\Trend Micro
2008-03-25 09:04 55 ----a-w C:\xmp.bat
2008-03-25 09:04 212,480 ----a-w C:\Windows\dsaip32b.dll
2008-03-24 17:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 17:34 --------- d-----w C:\Program Files\Java
2008-03-12 09:58 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 06:45 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-12 06:45 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-06 07:28 --------- d-----w C:\Program Files\Winamp
2008-02-14 09:39 1,416,062 ----a-w C:\Users\Pascual vincent\DWA-547_Windows_Vista_Driver_7.3.1.5.zip
2008-02-13 13:25 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-13 13:21 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\Skype
2008-02-13 13:01 --------- d-----w C:\Program Files\ABC
2008-02-13 11:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 11:03 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 11:03 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 11:03 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 11:03 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 11:03 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 11:03 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 11:03 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 11:03 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 10:45 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 10:45 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 10:45 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 10:45 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 10:45 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 10:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 10:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 10:38 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 10:38 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 10:38 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 10:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 10:20 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 23:49 --------- d-----w C:\Program Files\uTorrent
2008-02-12 23:35 824,900 ----a-w C:\Users\Pascual vincent\ABC-win32-v3.1.exe
2008-02-10 23:05 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\Nero
2008-02-10 23:03 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-10 22:55 --------- d-----w C:\ProgramData\Nero
2008-02-10 22:55 --------- d-----w C:\Program Files\Nero
2008-02-10 21:56 195,568,888 ----a-w C:\Users\Pascual vincent\Nero-8.2.8.0_fra_trial.exe
2007-11-06 20:25 125,677,130 ----a-w C:\Users\Pascual vincent\OOo_2.3.0_Win32Intel_install_wJRE_fr.exe
2007-09-21 15:33 174 --sha-w C:\Program Files\desktop.ini
2005-09-24 06:49 12,288 -c--a-w C:\Windows\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-25_23.26.21,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-25 22:08:17 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-26 06:38:14 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-12 09:58:44 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-03-26 06:45:00 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-03-12 09:58:31 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-03-26 06:45:00 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2007-09-21 17:46:38 29,926 ----a-r C:\Windows\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-03-26 06:41:09 29,926 ----a-r C:\Windows\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
- 2008-03-25 22:23:25 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-26 17:53:33 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-25 22:10:40 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-03-26 06:40:40 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-03-25 22:09:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-26 06:42:35 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-25 22:10:35 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-03-26 06:40:40 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-03-25 22:11:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-26 15:22:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-25 22:11:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-26 15:22:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-25 22:11:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-26 15:22:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-05-30 12:10:42 10,872 ----a-w C:\Windows\System32\drivers\AvgAsCln.sys
+ 2006-03-02 11:03:32 57,096 ----a-w C:\Windows\System32\drivers\btwusb.sys
- 2008-03-25 22:10:58 7,728 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3384732127-3189778914-4127460457-1006_UserData.bin
+ 2008-03-26 06:41:17 7,954 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3384732127-3189778914-4127460457-1006_UserData.bin
- 2008-03-25 22:10:57 57,926 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-26 06:41:16 58,190 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3084A75F-5350-4D8B-BC5F-6B378035C133}]
2008-03-25 10:04 212480 --a------ C:\Windows\dsaip32b.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 01:48 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-10-06 15:21 1271032]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-19 11:51 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-21 15:54 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 00:14 833072]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\Windows\System32\CHDAudPropShortcut.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03 40960]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49 454656]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38 131072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54 102400]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52 643072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TVPService"="C:\Program Files\HP\TVPlay\TVPService.exe" [2006-04-03 12:34 135168]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-26 15:17 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-26 15:17 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-26 15:17 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\Users\Pascual vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-02-27 16:02:06 581693]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30 73728]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3384732127-3189778914-4127460457-1006]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe-UDP-Domain"= TCP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe-TCP-Domain"= UDP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe-UDP-Domain"= TCP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe-TCP-Domain"= UDP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe-UDP-Domain"= TCP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe-TCP-Domain"= UDP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"26675:TCP-Domain"= UDP:26675:169.254.2.0/255.255.255.0:ActiveSync Service
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:splintercell3
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:splintercell3
"C:\\Program Files\\Skype\\Phone\\Skype.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\\Program Files\\Skype\\Phone\\Skype.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe-UDP-Standard"= TCP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe-TCP-Standard"= UDP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe-UDP-Standard"= TCP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe-TCP-Standard"= UDP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe-UDP-Standard"= TCP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe-TCP-Standard"= UDP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager
"C:\\Program Files\\M6Video\\M6video.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\M6Video\M6video.exe:OneClick
"C:\\Program Files\\M6Video\\M6video.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\M6Video\M6video.exe:OneClick
"C:\\Program Files\\Hp\\TVPlay\\TVPService.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Hp\TVPlay\TVPService.exe:CyberLink PowerCinema Resident Program
"C:\\Program Files\\Hp\\TVPlay\\TVPService.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Hp\TVPlay\TVPService.exe:CyberLink PowerCinema Resident Program
"C:\\Program Files\\Hp\\TVPlay\\TVPlay.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Hp\TVPlay\TVPlay.exe:CyberLink PowerCinema Main Program
"C:\\Program Files\\Hp\\TVPlay\\TVPlay.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Hp\TVPlay\TVPlay.exe:CyberLink PowerCinema Main Program
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"C:\\Program Files\\eMule\\emule.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\eMule\emule.exe:eMule
"C:\\Program Files\\eMule\\emule.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\eMule\emule.exe:eMule
"C:\\Program Files\\AOL 9.0\\waol.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AOL 9.0\waol.exe:AOL France
"C:\\Program Files\\AOL 9.0\\waol.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AOL 9.0\waol.exe:AOL France
"C:\\Program Files\\ABC\\abc.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\ABC\abc.exe:abc
"C:\\Program Files\\ABC\\abc.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\ABC\abc.exe:abc
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"26675:TCP-Standard"= UDP:26675:169.254.2.0/255.255.255.0:ActiveSync Service
"16881:TCP-Standard"= UDP:16881:lolo
"TCP Query User{420918A5-91BF-4C40-AB05-5AE6A22E4EF0}C:\\program files\\valve\\steam\\steam.exe"= UDP:C:\program files\valve\steam\steam.exe:Steam
"UDP Query User{65BC4485-2B0E-49B0-A8E0-0C92854E10A6}C:\\program files\\valve\\steam\\steam.exe"= TCP:C:\program files\valve\steam\steam.exe:Steam
"TCP Query User{B933F465-913D-43DC-9A1C-31C6064112CF}C:\\users\\pascual vincent\\appdata\\local\\microsoft\\messenger\\lolobest_358@hotmail.com\\sharing folders\\installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe"= UDP:C:\users\pascual vincent\appdata\local\microsoft\messenger\lolobest_358@hotmail.com\sharing folders\installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe:installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe
"UDP Query User{9C2361B0-BC78-450D-AB18-45391C4C4C2B}C:\\users\\pascual vincent\\appdata\\local\\microsoft\\messenger\\lolobest_358@hotmail.com\\sharing folders\\installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe"= TCP:C:\users\pascual vincent\appdata\local\microsoft\messenger\lolobest_358@hotmail.com\sharing folders\installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe:installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe
"TCP Query User{3B97F8C0-11FC-4ED7-8AAB-B94AF2E1D17E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{E7611DF9-B344-47A5-BE27-CAED08419907}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{1FF182C9-51D8-41CC-90FB-489A9DEDD6EF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5D468ECA-A42E-4E86-A9DF-3C36DA9FE5A9}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7CE2BDEE-78D9-4969-8ABD-E22117263A00}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{2F8FBB30-6712-4726-82B9-ADE391D66FFE}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\ABC\\abc.exe"= C:\Program Files\ABC\abc.exe:*:Enabled:abc
"C:\\Program Files\\AOL 9.0\\waol.exe"= C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
"C:\\Program Files\\eMule\\emule.exe"= C:\Program Files\eMule\emule.exe:*:Enabled:eMule
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2
"C:\\Program Files\\Hp\\TVPlay\\TVPlay.exe"= C:\Program Files\Hp\TVPlay\TVPlay.exe:*:Enabled:CyberLink PowerCinema Main Program
"C:\\Program Files\\Hp\\TVPlay\\TVPService.exe"= C:\Program Files\Hp\TVPlay\TVPService.exe:*:Enabled:CyberLink PowerCinema Resident Program
"C:\\Program Files\\M6Video\\M6video.exe"= C:\Program Files\M6Video\M6video.exe:*:Enabled:OneClick
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\\Program Files\\Skype\\Phone\\Skype.exe"= C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"= C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:*:Enabled:splintercell3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"16881:TCP"= 16881:TCP:*:Enabled:lolo
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WudfServiceGroup REG_MULTI_SZ WUDFSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - AVGASCLN
*Newly Created Service* - EABFILTR
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-26 06:55:12 C:\Windows\Tasks\User_Feed_Synchronization-{F53D3CF5-34CB-41C9-9690-E17A61585711}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 19:51:40
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????@????????? ???(?*?????(?@???@???@

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-26 19:54:31
ComboFix2.txt 2008-03-25 22:26:40
.
2008-03-26 06:50:18 --- E O F ---
0
Réponse 10 / 20
atlas
26 mars 2008 à 20:04
et voici le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:20, on 26/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIACE.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\TVPlay\TVPService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Player Codec - {3084A75F-5350-4D8B-BC5F-6B378035C133} - C:\Windows\dsaip32b.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - S-1-5-21-3384732127-3189778914-4127460457-1006 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 11 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 mars 2008 à 20:05
re,

Copie le texte ci-dessous :

File::
C:\xmp.bat
C:\Windows\dsaip32b.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3084A75F-5350-4D8B-BC5F-6B378035C133}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 12 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 mars 2008 à 20:06
@+
0
Réponse 13 / 20
atlas
26 mars 2008 à 20:18
voici les rapports:


----combofix--------
ComboFix 08-03-25.1 - Pascual vincent 2008-03-26 20:12:46.3 - NTFSx86

Endroit: C:\Users\Pascual vincent\Desktop\ComboFix.exe
Command switches used :: C:\Users\Pascual vincent\Desktop\CFScript.txt

FILE ::
C:\Windows\dsaip32b.dll
C:\xmp.bat
.
/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 18:50 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\uTorrent
2008-03-26 06:40 44,021 ----a-w C:\Users\Pascual vincent\AppData\Roaming\nvModes.dat
2008-03-26 06:40 --------- d-----w C:\Program Files\MSN Messenger
2008-03-26 06:38 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\OpenOffice.org2
2008-03-25 22:42 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\Grisoft
2008-03-25 22:41 --------- d-----w C:\ProgramData\Grisoft
2008-03-25 22:34 --------- d-----w C:\Program Files\Navilog1
2008-03-25 22:18 --------- d-----w C:\Program Files\Trend Micro
2008-03-25 09:04 55 ----a-w C:\xmp.bat
2008-03-25 09:04 212,480 ----a-w C:\Windows\dsaip32b.dll
2008-03-24 17:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 17:34 --------- d-----w C:\Program Files\Java
2008-03-12 09:58 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 06:45 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-12 06:45 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-06 07:28 --------- d-----w C:\Program Files\Winamp
2008-02-14 09:39 1,416,062 ----a-w C:\Users\Pascual vincent\DWA-547_Windows_Vista_Driver_7.3.1.5.zip
2008-02-13 13:25 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-13 13:21 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\Skype
2008-02-13 13:01 --------- d-----w C:\Program Files\ABC
2008-02-13 11:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 11:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 11:02 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 11:02 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 11:02 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 11:02 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 10:45 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 10:45 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 10:45 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 10:45 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 10:45 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 10:45 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 10:45 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 10:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 10:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 10:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 10:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 10:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 10:38 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 10:38 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 10:38 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 10:38 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 10:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 10:38 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 10:20 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 10:20 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 10:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 10:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 23:49 --------- d-----w C:\Program Files\uTorrent
2008-02-12 23:35 824,900 ----a-w C:\Users\Pascual vincent\ABC-win32-v3.1.exe
2008-02-10 23:05 --------- d-----w C:\Users\Pascual vincent\AppData\Roaming\Nero
2008-02-10 23:03 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-10 22:55 --------- d-----w C:\ProgramData\Nero
2008-02-10 22:55 --------- d-----w C:\Program Files\Nero
2008-02-10 21:56 195,568,888 ----a-w C:\Users\Pascual vincent\Nero-8.2.8.0_fra_trial.exe
2008-01-13 00:48 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-11-06 20:25 125,677,130 ----a-w C:\Users\Pascual vincent\OOo_2.3.0_Win32Intel_install_wJRE_fr.exe
2007-09-21 15:33 174 --sha-w C:\Program Files\desktop.ini
2005-09-24 06:49 12,288 -c--a-w C:\Windows\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-25_23.26.21,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-25 22:08:17 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-26 06:38:14 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-12 09:58:44 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-03-26 06:45:00 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-03-12 09:58:31 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-03-26 06:45:00 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2007-09-21 17:46:38 29,926 ----a-r C:\Windows\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2008-03-26 06:41:09 29,926 ----a-r C:\Windows\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
- 2008-03-25 22:23:25 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-26 18:54:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-25 22:10:40 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-03-26 06:40:40 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-03-25 22:09:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-26 06:42:35 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-25 22:10:35 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-03-26 06:40:40 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-03-25 22:11:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-26 19:08:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-25 22:11:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-26 19:08:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-25 22:11:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-26 19:08:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-05-30 12:10:42 10,872 ----a-w C:\Windows\System32\drivers\AvgAsCln.sys
+ 2006-03-02 11:03:32 57,096 ----a-w C:\Windows\System32\drivers\btwusb.sys
- 2008-03-25 22:10:58 7,728 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3384732127-3189778914-4127460457-1006_UserData.bin
+ 2008-03-26 06:41:17 7,954 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3384732127-3189778914-4127460457-1006_UserData.bin
- 2008-03-25 22:10:57 57,926 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-26 06:41:16 58,190 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 01:48 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-10-06 15:21 1271032]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-19 11:51 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-21 15:54 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 00:14 833072]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\Windows\System32\CHDAudPropShortcut.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03 40960]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00 98304]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49 454656]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38 131072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54 102400]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52 643072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TVPService"="C:\Program Files\HP\TVPlay\TVPService.exe" [2006-04-03 12:34 135168]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-26 15:17 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-26 15:17 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-26 15:17 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\Users\Pascual vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-02-27 16:02:06 581693]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30 73728]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3384732127-3189778914-4127460457-1006]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe-UDP-Domain"= TCP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe-TCP-Domain"= UDP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe-UDP-Domain"= TCP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe-TCP-Domain"= UDP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe-UDP-Domain"= TCP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe-TCP-Domain"= UDP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"26675:TCP-Domain"= UDP:26675:169.254.2.0/255.255.255.0:ActiveSync Service
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:splintercell3
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:splintercell3
"C:\\Program Files\\Skype\\Phone\\Skype.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\\Program Files\\Skype\\Phone\\Skype.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe-UDP-Standard"= TCP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe-TCP-Standard"= UDP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe-UDP-Standard"= TCP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe-TCP-Standard"= UDP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe-UDP-Standard"= TCP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe-TCP-Standard"= UDP:Profile=Public:169.254.2.0/255.255.255.0|C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager
"C:\\Program Files\\M6Video\\M6video.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\M6Video\M6video.exe:OneClick
"C:\\Program Files\\M6Video\\M6video.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\M6Video\M6video.exe:OneClick
"C:\\Program Files\\Hp\\TVPlay\\TVPService.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Hp\TVPlay\TVPService.exe:CyberLink PowerCinema Resident Program
"C:\\Program Files\\Hp\\TVPlay\\TVPService.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Hp\TVPlay\TVPService.exe:CyberLink PowerCinema Resident Program
"C:\\Program Files\\Hp\\TVPlay\\TVPlay.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Hp\TVPlay\TVPlay.exe:CyberLink PowerCinema Main Program
"C:\\Program Files\\Hp\\TVPlay\\TVPlay.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Hp\TVPlay\TVPlay.exe:CyberLink PowerCinema Main Program
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"C:\\Program Files\\eMule\\emule.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\eMule\emule.exe:eMule
"C:\\Program Files\\eMule\\emule.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\eMule\emule.exe:eMule
"C:\\Program Files\\AOL 9.0\\waol.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AOL 9.0\waol.exe:AOL France
"C:\\Program Files\\AOL 9.0\\waol.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AOL 9.0\waol.exe:AOL France
"C:\\Program Files\\ABC\\abc.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\ABC\abc.exe:abc
"C:\\Program Files\\ABC\\abc.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\ABC\abc.exe:abc
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"26675:TCP-Standard"= UDP:26675:169.254.2.0/255.255.255.0:ActiveSync Service
"16881:TCP-Standard"= UDP:16881:lolo
"TCP Query User{420918A5-91BF-4C40-AB05-5AE6A22E4EF0}C:\\program files\\valve\\steam\\steam.exe"= UDP:C:\program files\valve\steam\steam.exe:Steam
"UDP Query User{65BC4485-2B0E-49B0-A8E0-0C92854E10A6}C:\\program files\\valve\\steam\\steam.exe"= TCP:C:\program files\valve\steam\steam.exe:Steam
"TCP Query User{B933F465-913D-43DC-9A1C-31C6064112CF}C:\\users\\pascual vincent\\appdata\\local\\microsoft\\messenger\\lolobest_358@hotmail.com\\sharing folders\\installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe"= UDP:C:\users\pascual vincent\appdata\local\microsoft\messenger\lolobest_358@hotmail.com\sharing folders\installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe:installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe
"UDP Query User{9C2361B0-BC78-450D-AB18-45391C4C4C2B}C:\\users\\pascual vincent\\appdata\\local\\microsoft\\messenger\\lolobest_358@hotmail.com\\sharing folders\\installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe"= TCP:C:\users\pascual vincent\appdata\local\microsoft\messenger\lolobest_358@hotmail.com\sharing folders\installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe:installer-14715-12-driver-epson-stylus-dx3850-spanish-castellano.exe
"TCP Query User{3B97F8C0-11FC-4ED7-8AAB-B94AF2E1D17E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{E7611DF9-B344-47A5-BE27-CAED08419907}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{1FF182C9-51D8-41CC-90FB-489A9DEDD6EF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5D468ECA-A42E-4E86-A9DF-3C36DA9FE5A9}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7CE2BDEE-78D9-4969-8ABD-E22117263A00}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{2F8FBB30-6712-4726-82B9-ADE391D66FFE}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\ABC\\abc.exe"= C:\Program Files\ABC\abc.exe:*:Enabled:abc
"C:\\Program Files\\AOL 9.0\\waol.exe"= C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
"C:\\Program Files\\eMule\\emule.exe"= C:\Program Files\eMule\emule.exe:*:Enabled:eMule
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2
"C:\\Program Files\\Hp\\TVPlay\\TVPlay.exe"= C:\Program Files\Hp\TVPlay\TVPlay.exe:*:Enabled:CyberLink PowerCinema Main Program
"C:\\Program Files\\Hp\\TVPlay\\TVPService.exe"= C:\Program Files\Hp\TVPlay\TVPService.exe:*:Enabled:CyberLink PowerCinema Resident Program
"C:\\Program Files\\M6Video\\M6video.exe"= C:\Program Files\M6Video\M6video.exe:*:Enabled:OneClick
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\\Program Files\\Skype\\Phone\\Skype.exe"= C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"= C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\splintercell3.exe:*:Enabled:splintercell3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"16881:TCP"= 16881:TCP:*:Enabled:lolo
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WudfServiceGroup REG_MULTI_SZ WUDFSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - AVGASCLN
*Newly Created Service* - EABFILTR
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-26 06:55:12 C:\Windows\Tasks\User_Feed_Synchronization-{F53D3CF5-34CB-41C9-9690-E17A61585711}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 20:13:27
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????@????????? ???(?*?????(?@???@???@

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-26 20:14:32
ComboFix-quarantined-files.txt 2008-03-26 19:14:23
ComboFix2.txt 2008-03-26 18:54:32
ComboFix3.txt 2008-03-25 22:26:40
.
2008-03-26 06:50:18 --- E O F ---




et voici celui de hijack this




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:22, on 26/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIACE.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\TVPlay\TVPService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3384732127-3189778914-4127460457-1006\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - S-1-5-21-3384732127-3189778914-4127460457-1006 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 14 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 mars 2008 à 20:35
ok

instale ce par feu si tu es en 64 bit

Comodo 3 pro :

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

tuto : https://www.malekal.com/tutorial-comodo-firewall/

ou celui ci :

https://www.generation-nt.com/zonealarm-vista-checkpoint-firewall-telecharger-actualite-42256.html

https://www.zonealarm.com/software/free-firewall

https://www.malekal.com/tutoriel-zonealarm-firewall/

Fais un scan avec cet antispyware :

Telecharge malwarebytes

-> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+
0
Réponse 15 / 20
atlas
26 mars 2008 à 20:56
voici le rapport:



Malwarebytes' Anti-Malware 1.09
Version de la base de données: 551

Type de recherche: Examen rapide
Eléments examinés: 32171
Temps écoulé: 6 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dsaip32b.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{3084a75f-5350-4d8b-bc5f-6b378035c133} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FilesSecure (Rogue.Files-Secure) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\dsaip32b.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
et encore merci
0
Réponse 16 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
26 mars 2008 à 21:09
re,

pour finir :

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

@+
0
Réponse 17 / 20
atlas
26 mars 2008 à 22:34
merci beaucoup en tout cas pour tes conseils et ton temps je n ai plus de probleme grace a toi
merci
0
Réponse 18 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 mars 2008 à 00:24
atlas,

il serait quand meme bon de faire le scan avec antivir...

@+
0
Réponse 19 / 20
atlas
27 mars 2008 à 10:17
je suis en train de le telecharger
merci
0
Réponse 20 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 mars 2008 à 18:18
ok atlas,

post le rapport quand tu l´auras passé ;-)

@+
0

Discussions similaires

Se connecter à FreeWifi_secure sans carte SIM
nico201214 -
ZeldaAndLink -

5 réponses
Code Free Wifi Secure : comment en récupérer
Coralie -
jee pee -

8 réponses
Sites sans 3D secure
killiandh10 -
killiandh10 -

1 réponse
obtenir un code Free Wifi_secure
divoid -
kikijcl49 -

5 réponses
Connection FREE WIFI SECURE
Jdubs67 -
Kcaouette -

4 réponses