Sujet Précédent Sujet Suivant

Infecté par antivirus 2009 : aidez-moi

Résolu/Fermé
thedarkman30 Messages postés 7 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 16 juin 2015 - 15 août 2008 à 19:30
 Utilisateur anonyme - 16 août 2008 à 09:45
Bonjour,

Je pense être infecté par antivirus 2009.
J'ai fait un hijackthis, voici ce qu'il en résulte

Pourriez-vous me dire ce qu'il faut faire ???? D'avance, merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:08, on 15/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX3000.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\DARKMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UY1YY4W\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
A voir également:

8 réponses

Réponse 1 / 8
Utilisateur anonyme
15 août 2008 à 19:43
Salut,

Je pense être infecté par antivirus 2009.

pourquoi penses tu cela ?


Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

http://deckard.geekstogo.com/dss.exe


(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

Double-clic sur DSS.exe pour lancer l'outil.

Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.

Les rapports sont ici :
(!) C:\Deckard\System Scanner\main.txt
(!) C:\Deckard\System Scanner\extra.txt

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 2 / 8
thedarkman30 Messages postés 7 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 16 juin 2015
15 août 2008 à 19:46
en fait, mon pc est extremement lent au démarrage, alors que je l'ai acheté neuf il y a un mois.
J'ai donc fait un bitdefender virus scan, ensuite un spyboot, maintenant je fait un malwarebytes...
Je vais faire ce que vous me dites et je posterais le résultat.
Merci de votre aide.
0
Réponse 3 / 8
thedarkman30 Messages postés 7 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 16 juin 2015
15 août 2008 à 19:56
voici le résultat avec deckard's system

Deckard's System Scanner v20071014.68
Run by DARKMAN on 2008-08-15 19:47:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
16: 2008-08-14 18:01:07 UTC - RP73 - Point de contrôle planifié
15: 2008-08-13 07:52:54 UTC - RP72 - Windows Update
14: 2008-08-13 07:17:11 UTC - RP71 - Windows Update
13: 2008-08-12 00:05:02 UTC - RP70 - Point de contrôle planifié
12: 2008-08-09 11:30:32 UTC - RP69 - Point de contrôle planifié


-- First Restore Point --
1: 2008-08-01 21:57:37 UTC - RP57 - DirectX est installé


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-15 19:51:22
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX3000.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\System32\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\DARKMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UY1YY4W\dss[1].exe
C:\Windows\System32\conime.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myprivacy.dpgmedia.be/?siteKey=atXMVFeyFP1Ki09i&callbackUrl=https%3a%2f%2fwww.7sur7.be%2fprivacy-gate%2faccept%3fredirectUri%3d%252f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - C:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

0
Réponse 4 / 8
Utilisateur anonyme
15 août 2008 à 20:00
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
thedarkman30 Messages postés 7 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 16 juin 2015
15 août 2008 à 20:28
voici le résultat avec combofix

ComboFix 08-08-14.05 - DARKMAN 2008-08-15 20:14:54.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1694 [GMT 2:00]
Endroit: C:\Users\DARKMAN\Documents\document olivier\torrent\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\DARKMAN\AppData\Roaming\inst.exe
C:\Users\DARKMAN\AppData\Roaming\Microsoft\Windows\Cookies\darkman@ebay[2].txt
C:\Users\DARKMAN\AppData\Roaming\Microsoft\Windows\Cookies\darkman@sweetim[1].txt
C:\Windows\system32\jusched.exe

----- BITS: Possible sites infectés -----

http://ftp.hp.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))))))))
.

2008-08-15 19:47 . 2008-08-15 19:47 <REP> d-------- C:\Deckard
2008-08-15 19:40 . 2008-08-15 19:40 <REP> d-------- C:\Users\DARKMAN\AppData\Roaming\Malwarebytes
2008-08-15 19:40 . 2008-08-15 19:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-08-15 19:40 . 2008-08-15 19:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-08-15 19:18 . 2008-08-15 19:39 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-15 19:18 . 2008-08-15 19:39 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-15 19:18 . 2008-08-15 19:18 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-15 18:26 . 2008-08-15 18:26 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-08-15 18:26 . 2008-08-15 18:26 <REP> d-------- C:\ProgramData\WindowsSearch
2008-08-13 09:22 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 01:06 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 01:06 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 01:06 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 01:06 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 01:06 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-08 00:39 . 2008-08-08 00:39 <REP> d-------- C:\Users\All Users\SweetIM
2008-08-08 00:39 . 2008-08-08 00:39 <REP> d-------- C:\ProgramData\SweetIM
2008-08-08 00:39 . 2008-08-08 00:39 <REP> d-------- C:\Program Files\SweetIM
2008-08-02 08:33 . 2008-08-02 08:40 <REP> d-------- C:\Program Files\Jaquette Express
2008-08-01 23:58 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-08-01 23:46 . 2008-08-02 06:37 <REP> d-------- C:\Program Files\Micro Application
2008-07-31 20:04 . 2008-07-31 20:04 <REP> d-------- C:\Users\All Users\SpinTop Games
2008-07-31 20:04 . 2008-07-31 20:04 <REP> d-------- C:\ProgramData\SpinTop Games
2008-07-31 20:04 . 2008-07-31 20:04 <REP> d-------- C:\Program Files\Mystery P.I. Vegas Deluxe
2008-07-30 19:10 . 2008-08-08 01:00 69 --a------ C:\Windows\NeroDigital.ini
2008-07-30 19:06 . 2008-07-30 19:07 <REP> d-------- C:\Program Files\Video Convert Master
2008-07-29 17:42 . 2008-07-29 17:42 <REP> d-------- C:\Poker
2008-07-28 15:55 . 2008-07-28 15:55 <REP> d-------- C:\Program Files\bmoworld
2008-07-27 20:48 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-07-27 20:48 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-07-27 20:48 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-07-26 23:56 . 2008-07-26 23:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-24 01:35 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-07-24 01:35 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-07-24 01:33 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-07-24 01:32 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-07-24 01:31 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-07-24 01:30 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-07-24 01:29 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-07-24 01:29 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-07-24 01:29 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-07-24 01:28 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-07-24 01:28 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-07-24 01:27 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-07-24 01:27 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-07-24 01:27 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-07-24 01:27 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-07-24 01:27 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-07-21 14:45 . 2008-07-21 14:45 <REP> d-------- C:\PerfLogs
2008-07-21 14:09 . 2008-07-21 15:20 <REP> d-------- C:\7f9dcfb9a1bf089fc4736aa7f359fde4
2008-07-20 21:39 . 2008-08-11 22:23 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-07-20 21:39 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-07-20 21:39 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-07-20 21:25 . 2008-07-20 21:25 <REP> d-------- C:\Users\DARKMAN\AppData\Roaming\TuneUp Software
2008-07-20 21:24 . 2008-07-20 21:24 <REP> d-------- C:\Users\All Users\TuneUp Software
2008-07-20 21:24 . 2008-07-20 21:24 <REP> d-------- C:\ProgramData\TuneUp Software
2008-07-20 21:24 . 2008-08-11 22:24 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-20 21:22 . 2008-07-20 21:22 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 11:38 . 2008-07-18 11:38 <REP> d-------- C:\Users\All Users\vsosdk
2008-07-18 11:38 . 2008-07-18 11:38 <REP> d-------- C:\ProgramData\vsosdk
2008-07-18 07:49 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-18 06:47 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-18 06:47 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-18 06:47 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-18 06:47 . 2008-01-19 09:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-18 06:47 . 2008-01-19 09:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-18 06:47 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-17 11:40 . 2008-07-20 23:47 <REP> d-------- C:\Program Files\i-Covers
2008-07-17 11:40 . 2004-03-09 01:00 124,688 --a------ C:\Windows\System32\mswinsck.ocx
2008-07-17 11:40 . 2000-10-02 01:00 119,568 --a------ C:\Windows\System32\vb6fr.dll
2008-07-17 11:40 . 1998-07-13 01:00 15,872 --a------ C:\Windows\System32\winskfr.dll
2008-07-16 23:59 . 2008-07-16 23:59 <REP> d-------- C:\Program Files\DVD Decrypter
2008-07-16 20:18 . 2008-07-16 20:18 <REP> d-------- C:\Users\STEF\AppData\Roaming\PC Suite
2008-07-16 20:18 . 2008-07-16 20:18 <REP> d-------- C:\Users\STEF\AppData\Roaming\Nokia
2008-07-16 01:09 . 2008-08-11 22:08 <REP> d-------- C:\Users\DARKMAN\AppData\Roaming\NSeries
2008-07-16 01:09 . 2008-07-16 01:09 <REP> d-------- C:\Users\DARKMAN\AppData\Roaming\Nokia Multimedia Player
2008-07-16 00:38 . 2008-07-16 00:38 <REP> d-------- C:\Users\DARKMAN\AppData\Roaming\PeerNetworking
2008-07-16 00:36 . 2008-07-16 23:32 <REP> d-------- C:\Users\Public\CyberLink
2008-07-16 00:36 . 2008-07-16 23:32 <REP> d-------- C:\Users\DARKMAN\AppData\Roaming\CyberLink
2008-07-16 00:10 . 2008-07-16 00:10 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-15 23:56 . 2008-07-15 23:56 <REP> d-------- C:\Users\All Users\Installations
2008-07-15 23:56 . 2008-07-15 23:56 <REP> d-------- C:\ProgramData\Installations
2008-07-15 23:56 . 2008-07-15 23:56 <REP> d-------- C:\Program Files\Common Files\Nokia
2008-07-15 23:41 . 2008-07-15 23:41 <REP> d-------- C:\Users\All Users\PC Suite
2008-07-15 23:41 . 2008-07-15 23:41 <REP> d-------- C:\ProgramData\PC Suite
2008-07-15 23:40 . 2008-07-15 23:40 <REP> d-------- C:\Windows\Downloaded Installations
2008-07-15 23:33 . 2008-07-15 23:33 <REP> d-------- C:\Users\All Users\Nokia
2008-07-15 23:33 . 2008-07-15 23:33 <REP> d-------- C:\ProgramData\Nokia
2008-07-15 23:29 . 2008-07-15 23:41 <REP> d-------- C:\Users\DARKMAN\AppData\Roaming\Nokia
2008-07-15 23:16 . 2008-07-15 23:16 <REP> d-------- C:\Program Files\Common Files\PCSuite
2008-07-15 23:15 . 2008-07-15 23:41 <REP> d-------- C:\Users\DARKMAN\AppData\Roaming\PC Suite
2008-07-15 23:15 . 2008-07-15 23:15 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-07-15 23:12 . 2008-07-16 00:02 <REP> d-------- C:\Program Files\Nokia
2008-07-15 23:12 . 2008-05-07 07:38 90,624 --a------ C:\Windows\System32\nmwcdcls.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 18:18 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-08-15 07:15 --------- d-----w C:\ProgramData\Google Updater
2008-08-14 21:30 --------- d-----w C:\Users\DARKMAN\AppData\Roaming\uTorrent
2008-08-13 07:53 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 07:39 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 21:44 --------- d-----w C:\Users\DARKMAN\AppData\Roaming\LimeWire
2008-08-12 08:17 --------- d-----w C:\ProgramData\DVD Shrink
2008-08-05 22:44 --------- d-----w C:\Users\DARKMAN\AppData\Roaming\Vso
2008-07-26 21:59 174 --sha-w C:\Program Files\desktop.ini
2008-07-26 21:51 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-26 21:51 --------- d-----w C:\Program Files\Windows Calendar
2008-07-26 21:50 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-26 21:50 --------- d-----w C:\Program Files\Windows Journal
2008-07-26 21:50 --------- d-----w C:\Program Files\Windows Defender
2008-07-26 21:50 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-26 21:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-26 21:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-14 17:56 --------- d-----w C:\Users\STEF\AppData\Roaming\Nero
2008-07-13 16:05 --------- d-----w C:\Program Files\DVD Shrink
2008-07-13 08:52 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-12 23:25 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-12 23:23 --------- d-----w C:\ProgramData\Nero
2008-07-12 23:23 --------- d-----w C:\Program Files\Nero
2008-07-12 21:09 --------- d-----w C:\Users\DARKMAN\AppData\Roaming\NeroDCTemplates
2008-07-12 16:32 --------- d-----w C:\Users\DARKMAN\AppData\Roaming\Nero
2008-07-12 10:20 --------- d-----w C:\ProgramData\CyberLink
2008-07-12 09:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-12 08:47 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-12 08:47 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-12 08:47 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-12 08:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-12 08:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-12 08:47 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-12 08:47 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-12 08:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-12 08:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-12 08:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-12 08:46 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-12 08:46 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-12 08:45 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-12 08:45 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-12 08:44 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-12 08:44 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-12 08:44 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-12 08:44 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-12 08:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-12 08:44 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-12 08:44 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-12 00:09 --------- d-----w C:\Users\STEF\AppData\Roaming\Bitdefender
2008-07-11 22:29 --------- d-----w C:\Program Files\Windows Live
2008-07-11 22:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-11 22:26 --------- d-----w C:\Program Files\uTorrent
2008-07-11 22:24 --------- d-----w C:\ProgramData\WLInstaller
2008-07-11 22:01 --------- d-----w C:\Program Files\LimeWire
2008-07-11 21:53 --------- d-----w C:\ProgramData\LightScribe
2008-07-11 21:51 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-11 21:33 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-07-11 21:33 47,360 ----a-w C:\Users\DARKMAN\AppData\Roaming\pcouffin.sys
2008-07-11 21:33 --------- d-----w C:\Program Files\VSO
2008-07-11 20:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-11 20:03 --------- d-----w C:\Program Files\Google
2008-07-11 20:02 --------- d-----w C:\ProgramData\Symantec
2008-07-11 19:17 86,792 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-07-11 19:16 77,824 ----a-w C:\Windows\System32\xcomm.dll
2008-07-11 18:52 --------- d-----w C:\Program Files\MSBuild
2008-07-11 18:52 --------- d-----w C:\Program Files\Microsoft Works
2008-07-11 18:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-11 18:41 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-11 18:20 --------- d-----w C:\Users\DARKMAN\AppData\Roaming\BitDefender
2008-07-11 18:20 --------- d-----w C:\ProgramData\BitDefender
2008-07-11 18:19 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-07-11 18:19 --------- d-----w C:\Program Files\BitDefender
2008-07-11 17:55 --------- d-----w C:\Users\DARKMAN\AppData\Roaming\Symantec
2008-07-11 17:52 --------- d-----w C:\Users\DARKMAN\AppData\Roaming\Hewlett-Packard
2008-07-11 17:50 1,965 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_KB006AA-B14 m9150.be_YC_0Pavi_QCZH751_E81FRv3PrA1_49_INARRA3_SASUSTek Computer INC._V3.02_B5.04_T071212_WUH0_L40C_M3071_J500_7AMD_8Phenom 9500 Quad-Core_92.2_#080711_N10DE03EF_Z_G10DE0421.MRK
2008-07-11 17:50 --------- d-----w C:\ProgramData\WildTangent
2008-07-11 17:50 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-07-11 17:46 --------- d-sh--w C:\ProgramData\Modèles
2008-07-11 17:46 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-07-11 17:46 --------- d-sh--w C:\ProgramData\Favoris
2008-07-11 17:46 --------- d-sh--w C:\ProgramData\Bureau
2008-07-11 17:46 --------- d-sh--w C:\Program Files\Fichiers communs
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-12 18:36 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\divx.dll
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-07-06 12:44 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-07-06 12:44 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 12:44 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 12:44 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-11 22:03 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 03:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"VX3000"="C:\Windows\vVX3000.exe" [2006-06-30 01:55 707376]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-11 21:17 368640]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 20:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 20:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 20:59 81920]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-07-06 12:32 111928]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 15:52 4702208 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe [2008-07-11 20:53:22 845584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2970280E-D9B0-47FC-B0DA-1193365A4660}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8EDFE2E0-A65E-458A-B143-FF550306019A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{CBC2CD02-FB03-4435-8388-4F56F35D8C62}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{5F649A4F-AD7A-4608-AA1E-62FD80783FCE}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F57926A0-5E7E-4BBE-93F3-C900DBC7737E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6ED06CF2-A5D5-4BC3-937A-BC1A706B48F1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{7E76032E-7E7B-4845-A0E0-80FB7999E86E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5F20E471-610A-4BB2-904E-206A8372070C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4C11C3AC-FD8A-4EAC-B370-32D20A55637F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E127DB7C-8F69-4C3C-AE7E-1421675617E0}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{38223855-6F65-479E-88A3-C434341FE06C}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{528B0F61-2A51-4CC1-8DD7-CDACAF568D55}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{5B371EE4-8CB9-46C0-B392-55537EE9657A}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{B41B9D03-DF33-4BF8-A67A-DAEAF1B7E6D5}C:\\program files\\rayv\\rayv\\rayv.exe"= UDP:C:\program files\rayv\rayv\rayv.exe:RayV
"UDP Query User{21AC4D2C-5657-410D-8AE4-25C835328D61}C:\\program files\\rayv\\rayv\\rayv.exe"= TCP:C:\program files\rayv\rayv\rayv.exe:RayV
"TCP Query User{B49BEB4A-493E-4C41-AAF0-BAFF28C060BB}C:\\program files\\bmoworld\\bomberman.exe"= UDP:C:\program files\bmoworld\bomberman.exe:BomberMan
"UDP Query User{F15F21BB-1E13-4CE1-9860-9BE8208BC7BF}C:\\program files\\bmoworld\\bomberman.exe"= TCP:C:\program files\bmoworld\bomberman.exe:BomberMan
"{B087FA78-9A25-4E16-8638-DC245CE54F9F}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{DB4E8F8D-61B7-4AA1-8E25-4BE6A40F603E}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{E2DED0F2-6300-4F98-AD0D-596BC276C458}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{13453D73-97F7-4C50-A96E-2678F18FDDE8}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 17:19]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-07-11 21:17]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 11:21]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-09-24 13:09]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-11 22:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-01 C:\Windows\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:23]

2008-08-15 C:\Windows\Tasks\User_Feed_Synchronization-{84629B4B-CA0C-4423-885F-614F2D58C117}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2008-08-15 C:\Windows\Tasks\User_Feed_Synchronization-{FCD3F510-D1DA-476D-AD3D-6EE69FF6C796}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.7sur7.be/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=Pavilion&pf=desktop
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 20:18:40
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-15 20:22:07
ComboFix-quarantined-files.txt 2008-08-15 18:21:40

Pre-Run: 368,724,324,352 octets libres
Post-Run: 368,761,417,728 octets libres

338 --- E O F --- 2008-08-13 07:53:59
0
Réponse 6 / 8
Utilisateur anonyme
15 août 2008 à 20:37
Copie le texte ci-dessous :

File::
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Program Files\SweetIM\Messenger\SweetIM.exe

Folder::
C:\Users\All Users\SweetIM
C:\ProgramData\SweetIM
C:\Program Files\SweetIM
C:\Users\DARKMAN\AppData\Roaming\Symantec

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-

DirLook::
C:\7f9dcfb9a1bf089fc4736aa7f359fde4





Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.


0
Réponse 7 / 8
thedarkman30 Messages postés 7 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 16 juin 2015
16 août 2008 à 00:25
le pc est plus rapide au démarrage, je pense que le problème est résolu. Je n'ai pas su mettre inclure le fichier txt de combofix.
En tout cas, un grand merci pour votre aide....
0
Réponse 8 / 8
Utilisateur anonyme
16 août 2008 à 09:45
va dans ordinateur
entre dans le disuqe C
cherche : combofix.txt
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
télécharger et installer encarta junior
98653773 -
1 -

3 réponses