Sujet Précédent Sujet Suivant

Problème virus

Résolu
lolodie Messages postés 35 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
j'ai un petit problème j'ai un virus qui s'attaque à mes fichiers dll dans local/temp.
du coup quand jedémarre mon pc il y a un message d'erreur run dll.
de temps en temps j'ai aussi de multiples pages internet qui s'ouvrent à la suite en général 27 je je ne sais plus quoi faire mon pc ralentit de plus en plus!
merci d'avance pour vos réponses
A voir également:

65 réponses

Précédent
Réponse 21 / 65
Utilisateur anonyme
 
le rapport est pas complet ....
0
Réponse 22 / 65
lolodie Messages postés 35 Statut Membre
 
dsl
ComboFix 08-05-21.2 - Alexandre 2008-05-22 16:39:37.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1210 [GMT 2:00]
Endroit: C:\Users\Alexandre\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 14:18 --------- d-----w C:\Program Files\Steam
2008-05-22 13:41 --------- d-----w C:\Program Files\Navilog1
2008-05-22 13:40 --------- d-----w C:\Program Files\P2P_Torrent
2008-05-22 12:46 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Malwarebytes
2008-05-22 12:46 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-22 12:46 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 18:31 --------- d-----w C:\ProgramData\Google Updater
2008-05-21 15:36 --------- d-----w C:\Users\Alexandre\AppData\Roaming\LimeWire
2008-05-21 07:00 --------- d-----w C:\Users\Alexandre\AppData\Roaming\teamspeak2
2008-05-20 10:36 --------- d-----w C:\ProgramData\Symantec
2008-05-20 10:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-19 10:57 --------- d-----w C:\ProgramData\WLInstaller
2008-05-18 19:00 50 ----a-w C:\Users\Alexandre\AppData\Roaming\wklnhst.dat
2008-05-18 18:58 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Template
2008-05-18 16:04 --------- d-----w C:\Users\Alexandre\AppData\Roaming\OpenOffice.org2
2008-05-16 16:01 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-05-15 19:10 --------- d-----w C:\Program Files\World of Warcraft
2008-05-14 17:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 17:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 13:48 --------- d-----w C:\Program Files\Macrogaming
2008-05-14 13:48 --------- d-----w C:\Program Files\a-squared Free
2008-05-14 07:47 --------- d-----w C:\ProgramData\That Face Camp Shim
2008-05-14 07:47 --------- d-----w C:\ProgramData\glue pop
2008-05-14 07:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-13 11:57 --------- d-----w C:\ProgramData\Avira
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 18:25 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-05 10:01 --------- d-----w C:\Program Files\PicLensIE
2008-05-05 09:47 --------- d-----w C:\Program Files\Panda Security
2008-04-29 09:25 --------- d-----w C:\ProgramData\Apple
2008-04-29 09:25 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-29 09:25 --------- d-----w C:\Program Files\Apple Software Update
2008-04-28 11:57 --------- d-----w C:\Program Files\LimeWire
2008-04-22 07:34 --------- d-----w C:\ProgramData\eMule
2008-04-22 07:34 --------- d-----w C:\Program Files\eMule
2008-04-22 07:26 --------- d-----w C:\Users\Alexandre\AppData\Roaming\eMule
2008-04-20 12:00 --------- d-----w C:\Program Files\Microsoft Games
2008-04-19 05:42 --------- d-----w C:\Program Files\Google
2008-04-13 21:40 --------- d-----w C:\Program Files\WowCartographe
2008-04-13 21:40 --------- d-----w C:\Program Files\LimeWire Acceleration Patch
2008-04-09 13:18 --------- d-----w C:\ProgramData\Protexis
2008-02-29 11:03 69,689 ----a-w C:\Windows\UNZIP.DLL
2008-02-29 11:03 507,904 ----a-w C:\Windows\TMUPDATE.DLL
2008-02-29 11:03 286,720 ----a-w C:\Windows\PATCH.EXE
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-01-13 15:08 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-22_16.16.55.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-22 14:12:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-22 14:12:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-22 13:54:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-22 14:25:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 13:54:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-22 14:25:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 13:54:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-22 14:25:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-22 13:45:42 100,232 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-22 14:18:28 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-22 13:45:42 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-22 14:18:28 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-22 13:45:42 606,450 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-22 14:18:28 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-22 13:45:42 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-22 14:18:28 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-22 12:38:15 10,866 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3588387244-1588189242-512479697-1000_UserData.bin
+ 2008-05-22 14:14:37 11,112 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3588387244-1588189242-512479697-1000_UserData.bin
- 2008-05-22 13:42:27 54,092 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 14:14:37 54,178 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 13:42:24 54,718 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 14:14:21 55,118 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
2008-04-18 16:52 1925120 --a------ C:\Program Files\PicLensIE\PicLens.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 04:04 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-20 10:07 68856]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 12:10 536576]
"Steam"="c:\program files\steam\steam.exe" [2008-05-11 20:24 1271032]
"JumpMeal"="C:\ProgramData\Cdrom software software.3xsbft5" [2008-05-14 09:46 245776]
"CAMP SHIM EXIT HECK"="C:\ProgramData\peak boob drv.uacqd" [2008-05-14 09:47 364560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 16:25 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 06:32 61440]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-05-12 09:02 1961104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-04-06 01:05 73728]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire Acceleration Patch.lnk - C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe [2008-02-14 09:50:26 451584]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2006-08-30 02:21:11 2240080]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 07:41:42 124400]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{618A4AAB-1D3A-4086-BCF0-C7DA9E339731}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53979A03-1DF8-459F-9261-61C4A3666CB0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9BE1A7AC-D907-4DE7-89BF-B19729B93375}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{157D7485-0455-4220-9694-C9EDA41C9DE0}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{1FDD05D2-79A0-4341-AAE6-A945A0DFAC13}"= UDP:C:\Program Files\World of Warcraft\Repair.exe:World of Warcraft – Réparation
"{DC3AF15E-4062-4A98-B9A2-A771D64477C4}"= TCP:C:\Program Files\World of Warcraft\Repair.exe:World of Warcraft – Réparation
"{A791C9F4-0CB5-4F28-AEDE-262894F6199F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{849BE97B-5F74-4D15-A548-3F92BE36CFAB}"= UDP:C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe:WoW-2.3.0-frFR-downloader
"{33F74D98-7B8E-44E1-A2FA-D81AB834FEDC}"= TCP:C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe:WoW-2.3.0-frFR-downloader
"{20B4BB8A-AD34-4837-8B72-2F53D8B3B842}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A4D492DD-0E7E-46AB-99D2-3A157F333C07}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{717314B8-2BEB-44B1-A9E7-57C2FB2B6472}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\bti764av\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= Disabled:UDP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\bti764av\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"UDP Query User{5C63FBB0-0551-4E9E-909D-B11D71C46BF6}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\bti764av\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= Disabled:TCP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\bti764av\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"TCP Query User{8E24AAA0-9BE9-4B03-967F-707FB2ACC360}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{87F14242-DCD5-45DC-8BCF-52E7642C64C7}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{A68E777B-E53E-4F48-A1C9-D56F9EC56D5E}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\35xgfvpi\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= Disabled:UDP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\35xgfvpi\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"UDP Query User{9CD3977D-4489-4E8D-9158-7A74621CFC9F}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\35xgfvpi\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= Disabled:TCP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\35xgfvpi\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"TCP Query User{A0BA1630-4904-4B61-A35F-ECD9027DABF8}C:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{EC7E3BB5-36BE-4F9E-91C0-04FB3873D7E0}C:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{7CB99F9C-30BD-47C2-9934-EE37E886391F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5CBF8952-F9CB-4A1A-B6A3-9DD275C65D17}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4EE85CA5-A983-4ECD-A65F-236B4C98B83D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{822A5AC5-6DCF-4BFB-895B-E08D17499F89}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3F4F0FE3-202E-46EB-8D10-89DBA67F6390}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\a6bfuxmg\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= UDP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\a6bfuxmg\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"UDP Query User{3559A3D0-492E-4808-895A-2A0B2D9E3686}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\a6bfuxmg\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= TCP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\a6bfuxmg\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"{0DE25734-934A-4693-9853-9881978EB0A0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AF81D5E3-44E4-44F7-AD03-4C0890656016}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{A88FB9A2-9A59-4C2F-BBF2-96F629DFA7C4}C:\\users\\alexandre\\appdata\\local\\temp\\wowsneakpeekdownloader\\wowsneakpeekdownloader.exe"= UDP:C:\users\alexandre\appdata\local\temp\wowsneakpeekdownloader\wowsneakpeekdownloader.exe:wowsneakpeekdownloader.exe
"UDP Query User{9847E485-5B61-44E6-B15D-F0E3F8A7FB1D}C:\\users\\alexandre\\appdata\\local\\temp\\wowsneakpeekdownloader\\wowsneakpeekdownloader.exe"= TCP:C:\users\alexandre\appdata\local\temp\wowsneakpeekdownloader\wowsneakpeekdownloader.exe:wowsneakpeekdownloader.exe
"TCP Query User{C90F8DB4-2566-4C7E-BA98-3C226DDDFFFB}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe
"UDP Query User{D83D9F5B-636A-41B3-A23B-017B266A310B}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe
"TCP Query User{DD5174FC-0406-4506-A3A6-D1F1511589A9}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{CA4E8030-BB32-4C72-8A02-CF091606BA08}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{DA9AF4D0-528A-4717-84A6-61E5BED894FC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{53F00830-BA21-458D-81BF-698372DFA9BB}C:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{17A02B71-18DB-465E-9939-9F67E7FB10C3}C:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:C:\program files\microsoft games\halo trial\halo.exe:Halo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-11 20:24]
S3 UsbSagCom;Mobile Device Full USB Driver;C:\Windows\system32\DRIVERS\UsbSagCom.sys [2007-06-29 15:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f593830b-f7e2-11dc-a679-00195b35fabe}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-21 19:04:30 C:\Windows\Tasks\User_Feed_Synchronization-{DF46117A-28C1-441C-9D61-98F6254450F4}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-22 13:58:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:41:17
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-22 16:42:14
ComboFix-quarantined-files.txt 2008-05-22 14:42:04
ComboFix2.txt 2008-05-22 14:25:11

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

218 --- E O F --- 2008-05-16 17:03:43
0
Réponse 23 / 65
Utilisateur anonyme
 
pour fusionner: regarde ici

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

________________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::

C:\Windows\PATCH.EXE
C:\Windows\System32\kd1394.dll
C:\Windows\System32\srclient.dll
C:\Windows\System32\srcore.dll
C:\Windows\System32\rstrui.exe
C:\Windows\System32\srdelayed.exe
C:\Windows\System32\kbd106n.dll
C:\Windows\System32\f3ahvoas.dll
C:\Windows\System32\win32k.sys
C:\Program Files\desktop.ini
C:\Program Files\PicLensIE\PicLens.dll
C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe
C:\Program Files\Xfire\Xfire.exe

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
0
Réponse 24 / 65
lolodie Messages postés 35 Statut Membre
 
ComboFix 08-05-21.2 - Alexandre 2008-05-22 17:07:30.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1072 [GMT 2:00]
Endroit: C:\Users\Alexandre\Desktop\ComboFix1.exe
Command switches used :: C:\Users\Alexandre\Desktop\CFscript.wps
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 15:07 332 ----a-w C:\Users\Alexandre\AppData\Roaming\wklnhst.dat
2008-05-22 14:18 --------- d-----w C:\Program Files\Steam
2008-05-22 13:41 --------- d-----w C:\Program Files\Navilog1
2008-05-22 13:40 --------- d-----w C:\Program Files\P2P_Torrent
2008-05-22 12:46 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Malwarebytes
2008-05-22 12:46 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-22 12:46 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 18:31 --------- d-----w C:\ProgramData\Google Updater
2008-05-21 15:36 --------- d-----w C:\Users\Alexandre\AppData\Roaming\LimeWire
2008-05-21 07:00 --------- d-----w C:\Users\Alexandre\AppData\Roaming\teamspeak2
2008-05-20 10:36 --------- d-----w C:\ProgramData\Symantec
2008-05-20 10:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-19 10:57 --------- d-----w C:\ProgramData\WLInstaller
2008-05-18 18:58 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Template
2008-05-18 16:04 --------- d-----w C:\Users\Alexandre\AppData\Roaming\OpenOffice.org2
2008-05-16 16:01 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-05-15 19:10 --------- d-----w C:\Program Files\World of Warcraft
2008-05-14 17:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 17:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 13:48 --------- d-----w C:\Program Files\Macrogaming
2008-05-14 13:48 --------- d-----w C:\Program Files\a-squared Free
2008-05-14 07:47 --------- d-----w C:\ProgramData\That Face Camp Shim
2008-05-14 07:47 --------- d-----w C:\ProgramData\glue pop
2008-05-14 07:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-13 11:57 --------- d-----w C:\ProgramData\Avira
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 18:25 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-05 10:01 --------- d-----w C:\Program Files\PicLensIE
2008-05-05 09:47 --------- d-----w C:\Program Files\Panda Security
2008-04-29 09:25 --------- d-----w C:\ProgramData\Apple
2008-04-29 09:25 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-29 09:25 --------- d-----w C:\Program Files\Apple Software Update
2008-04-28 11:57 --------- d-----w C:\Program Files\LimeWire
2008-04-22 07:34 --------- d-----w C:\ProgramData\eMule
2008-04-22 07:34 --------- d-----w C:\Program Files\eMule
2008-04-22 07:26 --------- d-----w C:\Users\Alexandre\AppData\Roaming\eMule
2008-04-20 12:00 --------- d-----w C:\Program Files\Microsoft Games
2008-04-19 05:42 --------- d-----w C:\Program Files\Google
2008-04-13 21:40 --------- d-----w C:\Program Files\WowCartographe
2008-04-13 21:40 --------- d-----w C:\Program Files\LimeWire Acceleration Patch
2008-04-09 13:18 --------- d-----w C:\ProgramData\Protexis
2008-02-29 11:03 69,689 ----a-w C:\Windows\UNZIP.DLL
2008-02-29 11:03 507,904 ----a-w C:\Windows\TMUPDATE.DLL
2008-02-29 11:03 286,720 ----a-w C:\Windows\PATCH.EXE
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-01-13 15:08 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-22_16.16.55.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-22 14:12:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-22 14:12:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-22 13:54:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-22 14:25:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 13:54:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-22 14:25:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 13:54:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-22 14:25:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-22 13:45:42 100,232 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-22 14:18:28 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-22 13:45:42 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-22 14:18:28 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-22 13:45:42 606,450 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-22 14:18:28 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-22 13:45:42 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-22 14:18:28 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-22 12:38:15 10,866 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3588387244-1588189242-512479697-1000_UserData.bin
+ 2008-05-22 14:14:37 11,112 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3588387244-1588189242-512479697-1000_UserData.bin
- 2008-05-22 13:42:27 54,092 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 14:14:37 54,178 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-22 13:42:24 54,718 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 14:14:21 55,118 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
2008-04-18 16:52 1925120 --a------ C:\Program Files\PicLensIE\PicLens.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 04:04 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-20 10:07 68856]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 12:10 536576]
"Steam"="c:\program files\steam\steam.exe" [2008-05-11 20:24 1271032]
"JumpMeal"="C:\ProgramData\Cdrom software software.3xsbft5" [2008-05-14 09:46 245776]
"CAMP SHIM EXIT HECK"="C:\ProgramData\peak boob drv.uacqd" [2008-05-14 09:47 364560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 16:25 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 06:32 61440]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-05-12 09:02 1961104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-04-06 01:05 73728]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire Acceleration Patch.lnk - C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe [2008-02-14 09:50:26 451584]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2006-08-30 02:21:11 2240080]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 07:41:42 124400]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{618A4AAB-1D3A-4086-BCF0-C7DA9E339731}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53979A03-1DF8-459F-9261-61C4A3666CB0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9BE1A7AC-D907-4DE7-89BF-B19729B93375}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{157D7485-0455-4220-9694-C9EDA41C9DE0}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{1FDD05D2-79A0-4341-AAE6-A945A0DFAC13}"= UDP:C:\Program Files\World of Warcraft\Repair.exe:World of Warcraft – Réparation
"{DC3AF15E-4062-4A98-B9A2-A771D64477C4}"= TCP:C:\Program Files\World of Warcraft\Repair.exe:World of Warcraft – Réparation
"{A791C9F4-0CB5-4F28-AEDE-262894F6199F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{849BE97B-5F74-4D15-A548-3F92BE36CFAB}"= UDP:C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe:WoW-2.3.0-frFR-downloader
"{33F74D98-7B8E-44E1-A2FA-D81AB834FEDC}"= TCP:C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe:WoW-2.3.0-frFR-downloader
"{20B4BB8A-AD34-4837-8B72-2F53D8B3B842}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A4D492DD-0E7E-46AB-99D2-3A157F333C07}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{717314B8-2BEB-44B1-A9E7-57C2FB2B6472}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\bti764av\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= Disabled:UDP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\bti764av\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"UDP Query User{5C63FBB0-0551-4E9E-909D-B11D71C46BF6}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\bti764av\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= Disabled:TCP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\bti764av\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"TCP Query User{8E24AAA0-9BE9-4B03-967F-707FB2ACC360}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{87F14242-DCD5-45DC-8BCF-52E7642C64C7}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{A68E777B-E53E-4F48-A1C9-D56F9EC56D5E}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\35xgfvpi\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= Disabled:UDP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\35xgfvpi\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"UDP Query User{9CD3977D-4489-4E8D-9158-7A74621CFC9F}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\35xgfvpi\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= Disabled:TCP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\35xgfvpi\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"TCP Query User{A0BA1630-4904-4B61-A35F-ECD9027DABF8}C:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{EC7E3BB5-36BE-4F9E-91C0-04FB3873D7E0}C:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{7CB99F9C-30BD-47C2-9934-EE37E886391F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5CBF8952-F9CB-4A1A-B6A3-9DD275C65D17}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4EE85CA5-A983-4ECD-A65F-236B4C98B83D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{822A5AC5-6DCF-4BFB-895B-E08D17499F89}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3F4F0FE3-202E-46EB-8D10-89DBA67F6390}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\a6bfuxmg\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= UDP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\a6bfuxmg\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"UDP Query User{3559A3D0-492E-4808-895A-2A0B2D9E3686}C:\\users\\alexandre\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\a6bfuxmg\\wrath_of_the_lich_king_fr.avi-downloader[1].exe"= TCP:C:\users\alexandre\appdata\local\microsoft\windows\temporary internet files\content.ie5\a6bfuxmg\wrath_of_the_lich_king_fr.avi-downloader[1].exe:wrath_of_the_lich_king_fr.avi-downloader[1].exe
"{0DE25734-934A-4693-9853-9881978EB0A0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AF81D5E3-44E4-44F7-AD03-4C0890656016}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{A88FB9A2-9A59-4C2F-BBF2-96F629DFA7C4}C:\\users\\alexandre\\appdata\\local\\temp\\wowsneakpeekdownloader\\wowsneakpeekdownloader.exe"= UDP:C:\users\alexandre\appdata\local\temp\wowsneakpeekdownloader\wowsneakpeekdownloader.exe:wowsneakpeekdownloader.exe
"UDP Query User{9847E485-5B61-44E6-B15D-F0E3F8A7FB1D}C:\\users\\alexandre\\appdata\\local\\temp\\wowsneakpeekdownloader\\wowsneakpeekdownloader.exe"= TCP:C:\users\alexandre\appdata\local\temp\wowsneakpeekdownloader\wowsneakpeekdownloader.exe:wowsneakpeekdownloader.exe
"TCP Query User{C90F8DB4-2566-4C7E-BA98-3C226DDDFFFB}C:\\program files\\gigatribe\\gigatribe.exe"= UDP:C:\program files\gigatribe\gigatribe.exe:gigatribe
"UDP Query User{D83D9F5B-636A-41B3-A23B-017B266A310B}C:\\program files\\gigatribe\\gigatribe.exe"= TCP:C:\program files\gigatribe\gigatribe.exe:gigatribe
"TCP Query User{DD5174FC-0406-4506-A3A6-D1F1511589A9}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{CA4E8030-BB32-4C72-8A02-CF091606BA08}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{DA9AF4D0-528A-4717-84A6-61E5BED894FC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{53F00830-BA21-458D-81BF-698372DFA9BB}C:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{17A02B71-18DB-465E-9939-9F67E7FB10C3}C:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:C:\program files\microsoft games\halo trial\halo.exe:Halo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-11 20:24]
S3 UsbSagCom;Mobile Device Full USB Driver;C:\Windows\system32\DRIVERS\UsbSagCom.sys [2007-06-29 15:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f593830b-f7e2-11dc-a679-00195b35fabe}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-21 19:04:30 C:\Windows\Tasks\User_Feed_Synchronization-{DF46117A-28C1-441C-9D61-98F6254450F4}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-22 14:58:01 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 17:09:11
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-22 17:10:15
ComboFix-quarantined-files.txt 2008-05-22 15:10:04
ComboFix2.txt 2008-05-22 14:42:15
ComboFix3.txt 2008-05-22 14:25:11

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

221 --- E O F --- 2008-05-16 17:03:43
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 65
lolodie Messages postés 35 Statut Membre
 
il me semble que ca a fait la meme chose que tout a l'heure
0
Réponse 26 / 65
Utilisateur anonyme
 
t as fait ce qui est expliqué au poste 23

APPAREMMENT CA N A PAS MARCHé

OUVRE UN DOC TEXTE

fais clic droit sur espace vide du bureau
choisi nouveau
document teste

copie et colle ça :

File::

C:\Windows\PATCH.EXE
C:\Windows\System32\kd1394.dll
C:\Windows\System32\srclient.dll
C:\Windows\System32\srcore.dll
C:\Windows\System32\rstrui.exe
C:\Windows\System32\srdelayed.exe
C:\Windows\System32\kbd106n.dll
C:\Windows\System32\f3ahvoas.dll
C:\Windows\System32\win32k.sys
C:\Program Files\desktop.ini
C:\Program Files\PicLensIE\PicLens.dll
C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe
C:\Program Files\Xfire\Xfire.exe

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

apres

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
0
Réponse 27 / 65
lolodie Messages postés 35 Statut Membre
 
j'ai tout fait comme il faut mais ca me redonne toujours la meme chose
0
Réponse 28 / 65
Utilisateur anonyme
 
ok

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Windows\PATCH.EXE
C:\Windows\System32\kd1394.dll
C:\Windows\System32\srclient.dll
C:\Windows\System32\srcore.dll
C:\Windows\System32\rstrui.exe
C:\Windows\System32\srdelayed.exe
C:\Windows\System32\kbd106n.dll
C:\Windows\System32\f3ahvoas.dll
C:\Windows\System32\win32k.sys
C:\Program Files\desktop.ini
C:\Program Files\PicLensIE\PicLens.dll
C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe
C:\Program Files\Xfire\Xfire.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 29 / 65
lolodie Messages postés 35 Statut Membre
 
C:\Windows\PATCH.EXE moved successfully.
LoadLibrary failed for C:\Windows\System32\kd1394.dll
C:\Windows\System32\kd1394.dll NOT unregistered.
File move failed. C:\Windows\System32\kd1394.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\srclient.dll
C:\Windows\System32\srclient.dll NOT unregistered.
File move failed. C:\Windows\System32\srclient.dll scheduled to be moved on reboot.
C:\Windows\System32\srcore.dll unregistered successfully.
File move failed. C:\Windows\System32\srcore.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\rstrui.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\srdelayed.exe scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\kbd106n.dll
C:\Windows\System32\kbd106n.dll NOT unregistered.
File move failed. C:\Windows\System32\kbd106n.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\f3ahvoas.dll
C:\Windows\System32\f3ahvoas.dll NOT unregistered.
File move failed. C:\Windows\System32\f3ahvoas.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\win32k.sys scheduled to be moved on reboot.
C:\Program Files\desktop.ini moved successfully.
C:\Program Files\PicLensIE\PicLens.dll unregistered successfully.
C:\Program Files\PicLensIE\PicLens.dll moved successfully.
C:\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe moved successfully.
C:\Program Files\Xfire\Xfire.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05222008_173326

Files moved on Reboot...
LoadLibrary failed for C:\Windows\System32\kd1394.dll
C:\Windows\System32\kd1394.dll NOT unregistered.
File move failed. C:\Windows\System32\kd1394.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\srclient.dll
C:\Windows\System32\srclient.dll NOT unregistered.
File move failed. C:\Windows\System32\srclient.dll scheduled to be moved on reboot.
C:\Windows\System32\srcore.dll unregistered successfully.
File move failed. C:\Windows\System32\srcore.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\rstrui.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\srdelayed.exe scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\kbd106n.dll
C:\Windows\System32\kbd106n.dll NOT unregistered.
File move failed. C:\Windows\System32\kbd106n.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\System32\f3ahvoas.dll
C:\Windows\System32\f3ahvoas.dll NOT unregistered.
File move failed. C:\Windows\System32\f3ahvoas.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\win32k.sys scheduled to be moved on reboot.
0
Réponse 30 / 65
Utilisateur anonyme
 
IMPORTANT REDEMARRE LE PC

ensuite :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
Réponse 31 / 65
lolodie Messages postés 35 Statut Membre
 
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 776

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 165746
Temps écoulé: 28 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

il n'a rien trouvé mais je pense que c'est peut ètre parce que j'en avais déja fait un tout a l'heure comme je te l'ai dit.
0
Réponse 32 / 65
Utilisateur anonyme
 
ca ce termine

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
0
Réponse 33 / 65
lolodie Messages postés 35 Statut Membre
 
2008-05-22 a 18:33:05.80

*** Recherche C:

*** Recherche C:\Windows\

*** Recherche C:\Windows\system32
C:\Windows\system32\wininit.exe FOUND
C:\Windows\system32\wininit.exe FOUND
"C:\Windows\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
*** End of the report !

par contre ils m'ont demandé d'envoyer un rapport aux antivirus car j'avais un virus qui était peut être dangereux, je l'ai fait
0
Réponse 34 / 65
Utilisateur anonyme
 
réouvre clean et passe l option 2

puis envoi le rapport stp
0
Réponse 35 / 65
Utilisateur anonyme
 
Salut ,

de passage

Wininit.exe est légitime sous Vista.

+++

0
Réponse 36 / 65
lolodie Messages postés 35 Statut Membre
 
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 2008-05-22 a 18:42:32.26

Microsoft Windows [version 6.0.6000]

*** Suppression C:

*** Suppression C:\Windows\

*** Suppression C:\Windows\system32
tentative de suppression de C:\Windows\system32\wininit.exe
Impossible de supprimer C:\Windows\system32\wininit.exe
tentative de suppression de C:\Windows\system32\wininit.exe
Impossible de supprimer C:\Windows\system32\wininit.exe
tentative de suppression de "C:\Windows\Downloaded Program Files\CONFLICT.1"

*** Suppression C:\Program Files
tentative de suppression de "C:\Program Files\Everest Poker\"

*** Deletion of the registry keys successful..
*** End of the report !
0
Réponse 37 / 65
lolodie Messages postés 35 Statut Membre
 
tu veux dire quoi par légitime moi j'y connait rien?
0
Réponse 38 / 65
Utilisateur anonyme
 
ça veut dire ue ça appartient au system

c est donc normal qu il ne le supprime pas
car il est fermé

refais un scan hijackthis et poste le rapport stp
0
Réponse 39 / 65
lolodie Messages postés 35 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55, on 2008-05-22
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Alexandre\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [JumpMeal] "C:\ProgramData\Cdrom software software.3xsbft5"
O4 - HKCU\..\Run: [CAMP SHIM EXIT HECK] "C:\ProgramData\peak boob drv.uacqd"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: LimeWire Acceleration Patch.lnk = C:\_OTMoveIt\MovedFiles\05222008_173326\Program Files\LimeWire Acceleration Patch\LimeWire Acceleration Patch.exe
O4 - Startup: Xfire.lnk = C:\_OTMoveIt\MovedFiles\05222008_173326\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\Program Files\iGraal\iGraal.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 40 / 65
lolodie Messages postés 35 Statut Membre
 
il y a encore des problèmes?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses