Virus Warning + crash du PC

adslHouba -
Utilisateur anonyme - 19 juin 2008 à 20:05

Bonjour,

Le pc de mon père est infecté pas un virus, qui change le fond d'écran pour nous prévenir d'une pseudo attaque de virus ... le problème c'est qu'il a des processus qui fond crash windows vista :(

Voici le rapport combofix puis celui de HijackThis

ComboFix 08-04-04.1 - Paul 2008-04-06 11:18:48.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.681 [GMT 2:00]
Endroit: C:\anti\ComboFix.exe
.
TimedOut: Windir.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Windows\180ax.exe
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\cdsm32.dll
C:\Windows\default.htm
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\saiemod.dll
C:\Windows\salm.exe
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\system32\ctfmona.exe
C:\Windows\system32\drivers\grande48.sys
C:\Windows\system32\msixu.dll
C:\Windows\system32\wer8274.dll
C:\Windows\system32\winfrun32.bin
C:\Windows\TEMP\salm.exe
C:\Windows\updatetc.exe
C:\Windows\voiceip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_grande48

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 09:24 --------- d-----w C:\Program Files\seekmo
2008-04-06 09:19 9,984 ----a-w C:\Windows\winsb.dll
2008-04-06 09:05 63,505 ----a-w C:\Windows\System32\kwpm.dll
2008-04-06 09:05 20,992 ----a-w C:\winself.exe
2008-04-06 09:00 91,559 ----a-w C:\Windows\System32\wmsdkns.exe
2008-04-06 09:00 91,559 ----a-w C:\Windows\lfn.exe
2008-04-06 09:00 117,777 ----a-w C:\Windows\System32\dddaacdcbfdb.dll
2008-04-06 08:52 --------- d-----w C:\Users\Paul\AppData\Roaming\WinIFixer.com
2008-04-06 08:52 --------- d-----w C:\Program Files\WinIFixer
2008-04-06 08:51 160,256 ----a-w C:\Windows\System32\blackster.scr
2008-04-06 08:51 --------- d-----w C:\Users\Paul\AppData\Roaming\OpenOffice.org2
2008-04-05 17:22 20,992 ----a-w C:\Windows\winself.exe
2008-04-05 16:46 3,320 ----a-w C:\Windows\System32\tmp.reg
2008-04-05 16:44 691 ----a-w C:\Users\Paul\AppData\Roaming\GetValue.vbs
2008-04-05 16:44 35 ----a-w C:\Users\Paul\AppData\Roaming\SetValue.bat
2008-04-05 11:19 --------- d-----w C:\Program Files\Trend Micro
2008-04-05 10:38 26,112 ----a-w C:\Windows\System32\marwin32.dll
2008-04-04 17:12 62,976 ----a-w C:\Windows\System32\CbEvtSvc.exe
2008-04-04 13:16 --------- d-----w C:\Program Files\Safari
2008-04-04 13:15 --------- d-----w C:\Program Files\iTunes
2008-04-04 13:15 --------- d-----w C:\Program Files\iPod
2008-04-04 13:14 --------- d-----w C:\ProgramData\Apple Computer
2008-04-04 13:14 --------- d-----w C:\Program Files\QuickTime
2008-04-03 17:11 --------- d-----w C:\Users\Paul\AppData\Roaming\FileZilla
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-16 18:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-16 17:59 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-16 17:59 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-16 17:59 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-24 12:08 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-17 20:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 20:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-17 20:15 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-17 20:15 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 20:15 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 20:15 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-17 20:15 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-17 20:15 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-17 20:15 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-17 20:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-17 20:14 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 20:14 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 20:14 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 20:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 20:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 20:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-17 20:14 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 20:14 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 20:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 20:14 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-17 20:12 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 20:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 20:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 20:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-29 10:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-13 11:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-09-02 10:09 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-05_19.09.20.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-06 09:19:40 14,848 ----a-w C:\Windows\apphelp32.dll
+ 2008-04-06 09:19:41 20,480 ----a-w C:\Windows\asferror32.dll
+ 2008-04-06 09:19:41 20,992 ----a-w C:\Windows\asycfilt32.dll
+ 2008-04-06 09:19:41 24,576 ----a-w C:\Windows\athprxy32.dll
+ 2008-04-06 09:19:41 9,984 ----a-w C:\Windows\ati2dvaa32.dll
+ 2008-04-06 09:19:41 31,744 ----a-w C:\Windows\ati2dvag32.dll
+ 2008-04-06 09:19:41 26,880 ----a-w C:\Windows\audiosrv32.dll
+ 2008-04-06 09:19:42 22,272 ----a-w C:\Windows\autodisc32.dll
+ 2008-04-06 09:19:42 15,872 ----a-w C:\Windows\avifile32.dll
+ 2008-04-06 09:19:42 21,504 ----a-w C:\Windows\avisynthex32.dll
+ 2008-04-06 09:19:42 20,992 ----a-w C:\Windows\aviwrap32.dll
- 2008-04-05 17:06:18 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-06 09:22:47 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-06 09:19:42 8,448 ----a-w C:\Windows\browserad.dll
+ 2008-04-06 09:19:40 12,032 ----a-w C:\Windows\changeurl_30.dll
+ 2008-04-06 09:19:44 27,904 ----a-w C:\Windows\FLEOK\180ax.exe
+ 2008-04-06 09:19:48 27,648 ----a-w C:\Windows\Installer\id53.exe
+ 2008-04-06 09:19:43 27,136 ----a-w C:\Windows\msa64chk.dll
+ 2008-04-06 09:19:43 14,848 ----a-w C:\Windows\msapasrc.dll
+ 2008-04-06 09:19:42 32,512 ----a-w C:\Windows\ntnut.exe
- 2008-04-05 10:04:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-06 09:24:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 17:06:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-05 10:04:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-06 09:23:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 17:06:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-06 09:24:06 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-04-06 09:19:42 28,672 ----a-w C:\Windows\shdocpe.dll
+ 2008-04-06 09:19:43 24,320 ----a-w C:\Windows\shdocpl.dll
+ 2008-04-06 09:00:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2008-04-06 09:00:35 16,384 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-04-05 10:38:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-06 09:05:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-06 09:00:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040620080407\index.dat
+ 2008-04-06 09:00:31 78,924 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2008-04-05 17:21:56 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBS0PB44\setup[1].exe
+ 2008-04-06 09:05:24 94,225 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBS0PB44\u126[1].exe
+ 2008-04-05 17:21:49 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHT5Y36S\3s[2].exe
+ 2008-04-06 09:05:22 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHT5Y36S\setup[1].exe
+ 2008-04-06 09:05:14 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKE2DEDY\2s[1].exe
+ 2008-04-05 17:21:41 76,288 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKE2DEDY\scan[2].exe
- 2008-04-05 10:38:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-06 09:05:27 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-06 09:05:22 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\1127954099.exe
- 2008-04-05 10:38:35 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\951192718.exe
+ 2008-04-05 17:21:49 151,552 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\951192718.exe
+ 2008-04-06 09:05:14 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\978391817.exe
- 2008-04-05 10:38:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-06 09:05:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-06 09:19:44 16,896 ----a-w C:\Windows\System32\MSNSA32.dll
+ 2008-04-06 09:19:43 11,776 ----a-w C:\Windows\System32\ntnut32.exe
- 2008-04-05 16:45:31 103,314 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-06 08:56:11 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-05 16:45:31 116,988 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-06 08:56:12 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-05 16:45:31 609,532 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-06 08:56:12 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-05 16:45:31 689,846 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-06 08:56:12 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-06 09:19:43 18,432 ----a-w C:\Windows\System32\shdocpe.dll
+ 2008-04-06 09:19:43 14,080 ----a-w C:\Windows\System32\SIPSPI32.dll
- 2008-04-05 09:41:05 7,256 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346870814-1824890537-913970431-1000_UserData.bin
+ 2008-04-06 08:52:30 7,518 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346870814-1824890537-913970431-1000_UserData.bin
- 2008-04-05 09:41:05 73,816 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-06 08:52:30 74,188 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
2008-04-05 12:38 26112 --a------ C:\Windows\System32\marwin32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-14 21:09 171448]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-07 17:24 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-05 11:21 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-05 11:21 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-05 11:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 12:11 4317184 C:\Windows\RtHDVCpl.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 21:15 185632]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ctfmona"="C:\Windows\system32\ctfmona.exe" [ ]
"WinIFixer"="C:\Program Files\WinIFixer\WinIFixer.exe" [2008-04-03 11:30 720896]

C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dddaacdcbfdb]
C:\Windows\system32\dddaacdcbfdb.dll 2008-04-06 11:00 117777 C:\Windows\System32\dddaacdcbfdb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1346870814-1824890537-913970431-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8BDA2136-AC38-42CE-82FB-3E8048BC01C3}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{B514D9B5-B607-4A97-9260-131A617DB102}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{47E7A610-AC41-49E5-AEF6-AD97F2570304}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"UDP Query User{EB37D92C-9DCA-40E4-B0BC-A6245891FA63}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"TCP Query User{56FDF703-667C-4260-A1F8-ABEECB3E5A56}C:\\program files\\maxivista démo programme d’affichage\\maxivistademoviewer.exe"= UDP:C:\program files\maxivista démo programme d’affichage\maxivistademoviewer.exe:MaxiVista
"UDP Query User{3AF75140-0CA7-4EED-B804-144FF6E3F300}C:\\program files\\maxivista démo programme d’affichage\\maxivistademoviewer.exe"= TCP:C:\program files\maxivista démo programme d’affichage\maxivistademoviewer.exe:MaxiVista
"{73EBA63F-271E-4F83-9F49-E8CBACA822B1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EB04CAFD-B6B4-466C-AB1C-FB6943CC329F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5F0908CE-E167-4D5C-BFB9-3C95BE1D4105}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94D9E615-8FC4-48D9-939D-BCCDBD7447AB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 CbEvtSvc;CbEvtSvc;C:\Windows\System32\CbEvtSvc.exe [2008-04-04 19:12]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-11-14 17:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf5a22bc-5f49-11dc-a6d9-001a9268f4e7}]
\shell\AutoRun\command - K:\launcher.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 11:24:19
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\SXS.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-06 11:27:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 09:27:17
ComboFix2.txt 2008-04-05 17:09:53
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-06 08:56:45 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:51, on 06/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\Windows\System32\marwin32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ctfmona] C:\Windows\system32\ctfmona.exe
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O13 - Gopher Prefix:
O20 - Winlogon Notify: dddaacdcbfdb - C:\Windows\system32\dddaacdcbfdb.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\Windows\System32\CbEvtSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

Afficher la suite

A voir également:

Virus Warning + crash du PC
Reinitialiser pc - Guide
Pc lent - Guide
Downloader for pc - Télécharger - Téléchargement & Transfert
Double ecran pc - Guide
Forcer demarrage pc - Guide

42 réponses

Réponse 21 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Sous Vista, il y a des manips particulières

As tu bien fait ce-ci avant de lancer RunThis.bat :

Désactive le contrôle des comptes utilisateurs
(tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Ou encore clik droit sur RunThis.bat et choisis "exécuter entant qu'administrateur ..."

Réponse 22 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

ecoute si cela ne marche pas , n'insiste pas on va passer à autre chose ...

tu as télécharger combofix et tu l'as instalé ici --->C:\anti\ComboFix.exe
J'aimerai que tu le déplace et que tu le mettes comme cela --->C:\ComboFix.exe

fermes toute tes application et déconnecte toi .
click droit sur ComboFix.exe et choisis "exécuter entant qu'administrateur ..."

Un fois terminer postes le nouveau rapp. comboFix et un nouveau scan hijack pour analyse ...

Réponse 23 / 42

adsl houba

ComboFix 08-04-04.1 - Paul 2008-04-12 22:26:17.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.626 [GMT 2:00]
Endroit: C:\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 14:54 --------- d-----w C:\Program Files\Navilog1
2008-04-12 13:31 --------- d-----w C:\Users\Paul\AppData\Roaming\OpenOffice.org2
2008-04-12 12:27 --------- d-----w C:\Users\Paul\AppData\Roaming\Malwarebytes
2008-04-12 12:27 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-12 12:27 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-06 17:55 691 ----a-w C:\Users\Paul\AppData\Roaming\GetValue.vbs
2008-04-06 17:55 35 ----a-w C:\Users\Paul\AppData\Roaming\SetValue.bat
2008-04-06 17:55 3,534 ----a-w C:\Windows\System32\tmp.reg
2008-04-06 16:18 160,256 ----a-w C:\Windows\System32\blackster.scr
2008-04-06 16:02 --------- d-----w C:\Users\Paul\AppData\Roaming\FileZilla
2008-04-06 10:25 63,505 ----a-w C:\Windows\System32\kwpm.dll
2008-04-06 10:20 91,559 ----a-w C:\Windows\lfn.exe
2008-04-06 10:20 117,777 ----a-w C:\Windows\System32\dddaacdcbfdb.dll
2008-04-06 09:00 91,559 ----a-w C:\Windows\System32\wmsdkns.exe
2008-04-05 16:58 1,612,984 ----a-w C:\ComboFix.exe
2008-04-05 16:40 1,306,941 ----a-w C:\SmitfraudFix.exe
2008-04-05 11:19 --------- d-----w C:\Program Files\Trend Micro
2008-04-04 13:16 --------- d-----w C:\Program Files\Safari
2008-04-04 13:15 --------- d-----w C:\Program Files\iTunes
2008-04-04 13:15 --------- d-----w C:\Program Files\iPod
2008-04-04 13:14 --------- d-----w C:\ProgramData\Apple Computer
2008-04-04 13:14 --------- d-----w C:\Program Files\QuickTime
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-16 18:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-16 17:59 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-16 17:59 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-16 17:59 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-24 12:08 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-17 20:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 20:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-17 20:15 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-17 20:15 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 20:15 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 20:15 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-17 20:15 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-17 20:15 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-17 20:15 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-17 20:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-17 20:14 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 20:14 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 20:14 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 20:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 20:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 20:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-17 20:14 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 20:14 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 20:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 20:14 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-17 20:12 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 20:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 20:11 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 20:11 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-29 10:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-13 11:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-09-02 10:09 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-04-06_11.26.49.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-06 09:22:47 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-12 17:48:54 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-06 09:24:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-12 17:44:35 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-06 09:24:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-12 17:49:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-12 17:49:34 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-06 09:23:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-12 14:01:51 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-06 09:24:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-12 17:49:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-04-06 09:05:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-06 16:18:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-06 09:38:13 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\[u]0/uMWD8X9N\2s[1].exe
+ 2008-04-06 09:55:01 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\[u]0/uMWD8X9N\2s[2].exe
+ 2008-04-06 09:38:20 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CDY95A3\setup[1].exe
+ 2008-04-06 09:55:08 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CDY95A3\setup[2].exe
+ 2008-04-06 16:18:43 76,288 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOUP0PB4\scan[1].exe
+ 2008-04-06 10:25:14 94,225 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ2SGEZL\u275[1].exe
- 2008-04-06 09:05:27 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-06 16:18:48 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-06 09:05:22 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\1127954099.exe
+ 2008-04-06 09:55:08 27,659 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\1127954099.exe
+ 2008-04-06 16:18:36 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\912327497.exe
- 2008-04-06 09:05:14 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\978391817.exe
+ 2008-04-06 09:55:01 147,456 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\978391817.exe
- 2008-04-06 09:05:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-06 16:18:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-05-16 17:34:48 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 11:17:24 65,536 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 11:17:20 798,720 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-04-06 08:56:11 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-12 13:29:36 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-06 08:56:12 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-12 13:29:36 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-06 08:56:12 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-12 13:29:36 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-06 08:56:12 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-12 13:29:36 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-23 13:41:34 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-12 17:47:25 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-04-06 08:52:30 7,518 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346870814-1824890537-913970431-1000_UserData.bin
+ 2008-04-12 13:31:28 7,702 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1346870814-1824890537-913970431-1000_UserData.bin
- 2008-04-06 08:52:30 74,188 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-12 13:31:27 74,508 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-05 09:41:04 34,424 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-12 13:31:14 34,814 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-04 08:10:52 250,368 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-04-12 17:44:33 253,704 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03C59006-FF31-11DC-A920-7C3956D89593}]
2008-04-06 12:25 63505 --a------ C:\Windows\system32\kwpm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-14 21:09 171448]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-07 17:24 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-05 11:21 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-05 11:21 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-05 11:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 12:11 4317184 C:\Windows\RtHDVCpl.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 21:15 185632]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"WinIFixer"="C:\Program Files\WinIFixer\WinIFixer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []

C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1346870814-1824890537-913970431-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8BDA2136-AC38-42CE-82FB-3E8048BC01C3}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{B514D9B5-B607-4A97-9260-131A617DB102}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{47E7A610-AC41-49E5-AEF6-AD97F2570304}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"UDP Query User{EB37D92C-9DCA-40E4-B0BC-A6245891FA63}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"TCP Query User{56FDF703-667C-4260-A1F8-ABEECB3E5A56}C:\\program files\\maxivista démo programme d’affichage\\maxivistademoviewer.exe"= UDP:C:\program files\maxivista démo programme d’affichage\maxivistademoviewer.exe:MaxiVista
"UDP Query User{3AF75140-0CA7-4EED-B804-144FF6E3F300}C:\\program files\\maxivista démo programme d’affichage\\maxivistademoviewer.exe"= TCP:C:\program files\maxivista démo programme d’affichage\maxivistademoviewer.exe:MaxiVista
"{73EBA63F-271E-4F83-9F49-E8CBACA822B1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EB04CAFD-B6B4-466C-AB1C-FB6943CC329F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5F0908CE-E167-4D5C-BFB9-3C95BE1D4105}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{94D9E615-8FC4-48D9-939D-BCCDBD7447AB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

S2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-11-14 17:07]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf5a22bc-5f49-11dc-a6d9-001a9268f4e7}]
\shell\AutoRun\command - K:\launcher.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 22:28:22
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-12 22:28:39
ComboFix-quarantined-files.txt 2008-04-12 20:28:37
ComboFix2.txt 2008-04-06 09:27:31
ComboFix3.txt 2008-04-05 17:09:53
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-06 08:56:45 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:43:25, on 13/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Web Protection Module - {03C59006-FF31-11DC-A920-7C3956D89593} - C:\Windows\system32\kwpm.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

Réponse 24 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Salut,
on vas reprendre depuis le début ... En effet , cela ne m'avait pas sauter aux yeux au début mais voilà : comment pourrait-on qualifier l'état de tes défences ? ... le seul mot qu'il me vient à l'espris est : INEXISTANTE ! Windows Defender seul c'est TRES LOIN d'être suffisant ! C'est un peu comme si tu étais en slip au milieu de l'arène avec les gladiateurs et les fauves ... en gros t'es dans la m**de !

Sur un PC, il faut :un anti-virus + anti-spyware + pare feu !

1-Donc voilà par quoi on va commencer : il reste des traces de Norton qu'il faut nettoyer .
tu télécharges Norton removal tool sur ton bureau : ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Tu doubles click dessus et te laisses guider : il faut bien le désinstaler ( fait la manipe 2 fois si possible ).

Une fois Norton complètement désinstalé , on va s'occuper de ton nouvel anti virus .

2-Télécharge AntiVir ici:
http://www.commentcamarche.net/telecharger/telechargement 55 antivir

anit-virus gratuit ( en anglais mais très simple )
Mets le à jour (fait ce-ci très régulièrement ) .

Aide AntiVir : https://www.malekal.com/avira-free-security-antivirus-gratuit/

3-télécharge ton nouvel anti-spyware:
Spybot search and destroy (version complète et gratuite)
https://www.safer-networking.org/?page=download
--->instales le , mets le à jour et lance la vaccination .

Aide pour utilisation Spybot ici (merci Balltrap ;) ) : http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

4-une fois ton anti-virus et ton anti spyware instalés et mis à jour , tu vas commencer par ce-ci :

Fais un scan complet de ton PC avec AntiVir : mettre tout ce qui trouve en quarantaine et postes moi le rapport de son scan . (Regarde bien le lien d'aide que je t'ai donné , tout y est très bien expliqué )
Postes moi ensuite un nouveau rapport Hijackthis .

J'attend avec impatience tout cela ! ;)

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 42

adsl houba2

Hum sur les deux PC (sous vista) j'ai un probléme quand j'installe antivir, j'ai deux fenetre qui "installation échoué" ... la suite de l'installation continue mais l'update ne marche pas derriére !

(pas de probléme avec l'autre logiciel et j'ai bien utilisé deux fois le logiciel pour viré toute trace de norton !)
(j'ai vu aussi qu'il était conseilé de desactivé les outils de protection de windows quand on install antivirs mais ca n'a pas changer grand chose !)

Réponse 26 / 42

adsl houba2

http://www.commentcamarche.net/faq/sujet 8622 mise a jour d antivir impossible <= oki j'ai trouvé ma réponse a plus tard ^^

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Bien vu ;)

J'attend les rapports à venir =)

Réponse 27 / 42

adsl houba

AntiVir PersonalEdition Classic
Report file date: dimanche 13 avril 2008 13:57

Scanning for 1198942 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: Paul
Computer name: PC-DE-PAUL

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 11:41:01
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 11:41:01
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 11:41:01
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 13/04/2008 11:41:01
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 13/04/2008 11:41:01
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 13 avril 2008 13:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TestHandler.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '18' files ).

Starting the file scan:

Begin scan in 'C:\' <SYSTEM>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_PC-de-Paul.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> Windows/System32/ctfmona.exe
[DETECTION] Is the Trojan horse TR/Pakes.coo
--> Windows/System32/CbEvtSvc.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> Windows/System32/marwin32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.jgc.1
[INFO] The file was moved to '486df628.qua'!
C:\QooBox\Quarantine\catchme2008-04-05_190655.81.zip
[0] Archive type: ZIP
--> Users/Paul/Desktop/catchme.zip
[1] Archive type: ZIP
--> grande48.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4875fa94.qua'!
C:\QooBox\Quarantine\catchme2008-04-06_112408.52.zip
[0] Archive type: ZIP
--> Users/Paul/Desktop/catchme.zip
[1] Archive type: ZIP
--> grande48.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4ad72b65.qua'!
C:\QooBox\Quarantine\C\Windows\System32\ctfmona.exe.vir
[DETECTION] Is the Trojan horse TR/Pakes.coo
[INFO] The file was moved to '4867faa8.qua'!
C:\QooBox\Quarantine\C\Windows\System32\drivers\grande48.sys.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4862faa6.qua'!
C:\Windows\lfn.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '486ffb43.qua'!
C:\Windows\System32\dddaacdcbfdb.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.kib
[INFO] The file was moved to '4865fbc6.qua'!
C:\Windows\System32\wmsdkns.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '4874fbf2.qua'!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MWD8X9N\2s[1].exe
[DETECTION] Is the Trojan horse TR/Pakes.cml
[INFO] The file was moved to '485cfbff.qua'!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MWD8X9N\2s[2].exe
[DETECTION] Is the Trojan horse TR/Pakes.cml
[INFO] The file was moved to '4a267d80.qua'!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CDY95A3\setup[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '4875fbf2.qua'!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CDY95A3\setup[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '4a0f7a73.qua'!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOUP0PB4\scan[1].exe
[DETECTION] Is the Trojan horse TR/Pakes.coo
[INFO] The file was moved to '4862fbf0.qua'!
C:\Windows\System32\config\systemprofile\AppData\Roaming\1127954099.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '4833fbbf.qua'!
C:\Windows\System32\config\systemprofile\AppData\Roaming\912327497.exe
[DETECTION] Is the Trojan horse TR/Pakes.cml
[INFO] The file was moved to '4a46de18.qua'!
C:\Windows\System32\config\systemprofile\AppData\Roaming\951192718.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.gau.1 Backdoor server programs
[INFO] The file was moved to '4832fbc3.qua'!
C:\Windows\System32\config\systemprofile\AppData\Roaming\978391817.exe
[DETECTION] Is the Trojan horse TR/Pakes.cml
[INFO] The file was moved to '4839fbc5.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>

End of the scan: dimanche 13 avril 2008 14:33
Used time: 35:53 min

The scan has been done completely.

18370 Scanning directories
281682 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
17 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
281663 Files not concerned
2330 Archives were scanned
2 Warnings
0 Notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:06, on 13/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Web Protection Module - {03C59006-FF31-11DC-A920-7C3956D89593} - C:\Windows\system32\kwpm.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

Réponse 28 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Il y a eut encore du ménage !

Maintenant suprime tout ce que AntiVir a dans sa quarantaine .

Une fois fait , lance une recherche avec Spybot ( bien le mettre à jour et faire une "vaccination" complette avant de lancer le scan ) :
une fois le scan terminé, vérifies que tout ce qu'il a trouvé en rougesoit valider puis fait "corriger les prb" .

dis moi ce que cela à donné et postes un nouveau scan monjack .

Réponse 29 / 42

adsl houba

spybot a viré plein plein de chose et hop :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:12, on 13/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

Réponse 30 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Voilà enfin un rapport propre !!!

Si tu n'a plus de problème particulier , fait ce-ci :

Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
tu peux, si tu le souhaites, te servir des Options facultatives

se petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé .

Puis enfin supprimes Toolscleaner2 ...

Et pour parfaire tes défences ,
J' ajouterai aussi un pare-feu : minimum celui de windows bien parramètrer ( et encore ) ,sinon regarde ici il y a tout ce qu'il faut :

https://www.commentcamarche.net/list 2432 securite proteger un ordinateur contre les malwares d internet#qu est ce qu un pare feu firewall

(petite préférence perso : Zone Alarm ou Kerio ) . Si tu en choisis un ,pense à désanctivé celui de Windows ...

fait bien tout ce-ci et si tu n'as rien à ajouter ... c'est que le "problème est résolut"

A+ et bon surff !!! =)

Réponse 31 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Toc-toc ... j'ai rater une ligne !!! Désolé ...

Rends toi sur tion PC ici : C:\Program Files\WinIFixer\WinIFixer.exe <---- supprime cet me**e

refait un coup de Malwarebytes pour être sur du coup .

Repostes un dernier monjack pour contrôle ( si tu l'a déjà supprimé , retélécharge le comme on a fait au début ).

Réponse 32 / 42

adsl houba 2

Hum le dossier est introuvable :/

j'ai lancé Malwarebytes mais c'est tres tres long :p

Réponse 33 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Si il est introuvable c'est peut-être bon signe mais ...
fait ce-ci après le scan Malware. :

Ouvrir un dossier, n'importe lequel. Aller dans :
Outils/Options des dossiers/Affichage et :
- cocher "afficher les dossiers et fichiers cachés",

revérifie ici C:\Program Files\WinIFixer\WinIFixer.exe si il n'est pas apparu .
Puis retourne décoché l'option "afficher les dossiers et fichiers cachés" ensuite .

J'attend les news et les rapports Malwarebytes et monjack .

Réponse 34 / 42

adsl houba

Malwarebytes n'a rien donné
En affichant les dossier caché toujours pas de C:\Program Files\WinIFixer\
Par contre toujours présent dans le rapport monjack :s

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 615

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 172614
Temps écoulé: 34 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:18, on 13/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

Réponse 35 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Bon , écoutes tu va faire ce-ci :
Fermes toutes tes appliques et déconnectes toi

Relance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas clické sur les carré des lignes suivantes :

O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe

Tu cliques en bas sur le bouton FIX CHECKED et valides .

Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

vas dans nettoyeur : fait annalyse puis nettoyage
et vas dans registre : fait chercher les erreurs et réparer ( plusieur fois jusqu'a ce qu'il n'y est plus d'erreur ) .

Redémarre ton PC et refait un scan monjack et postes le rapport pour un dernier contrôle ...

Réponse 36 / 42

Adsl Houba

Hop hop hop

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:55, on 13/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

Réponse 37 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Cette fois c'est la bonne ...

Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
tu peux, si tu le souhaites, te servir des Options facultatives

se petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé .

Puis enfin supprimes Toolscleaner2 ...

dis moi comment va le PC ?

Réponse 38 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Au fait , pour le pare-feu :

http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet#qu est ce qu un pare feu firewall

Le lien que je t'avais filé tout à l'heure était naze .. ;)

Réponse 39 / 42

Adsl Houba

Yep yep j'ai télécharger le parfeu avent ton message ^^

Merci beaucoups pour ton aide !!!

Réponse 40 / 42

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

...

Virus Warning + crash du PC

42 réponses

Votre réponse

Newsletters