Sujet Précédent Sujet Suivant

Antivirus 2009

Fermé
manas0314 Messages postés 2 Date d'inscription vendredi 25 janvier 2008 Statut Membre Dernière intervention 16 août 2008 - 16 août 2008 à 08:33
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 16 août 2008 à 12:30
Bonjour,
tout est dans le titre, apres un scan d'avast et spybot, j'arrive pas a le supprimer,
voici le rapport demandé avec hijackth
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:25, on 16/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Quoiquipasse\qqp_agent.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\AV9\av2009.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\Administrateur\Bureau\abcdes.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Quoiquipasse] C:\Program Files\Quoiquipasse\qqp_agent.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [42801297700139400757324417312266] C:\Program Files\AV9\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with Rapget - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.609\RapGet www.tripper.fr by loolka\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
A voir également:

2 réponses

Réponse 1 / 2
manas0314 Messages postés 2 Date d'inscription vendredi 25 janvier 2008 Statut Membre Dernière intervention 16 août 2008
16 août 2008 à 10:07
et ceci est le rapport fait avec combo fix
ComboFix 08-08-14.05 - Administrateur 2008-08-16 10:00:24.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.516 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\inst.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\Administrateur\Application Data\ShoppingReport
C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\config.ini
C:\WINDOWS\mywallpaper.bmp
C:\WINDOWS\system32\sysdm.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.

2008-08-16 08:03 . 2008-08-16 08:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-08-16 00:12 . 2008-08-16 00:12 <REP> d-------- C:\Program Files\AV9
2008-08-15 21:12 . 2008-08-15 21:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
2008-08-15 21:11 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-08-15 21:10 . 2008-08-15 21:11 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-08-15 21:10 . 2008-08-15 21:10 <REP> d-------- C:\Program Files\Samsung
2008-08-15 21:10 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-08-15 21:10 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-08-14 17:02 . 2008-07-07 22:28 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-14 17:02 . 2008-06-24 18:44 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-14 17:00 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 17:00 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-09 13:20 . 2008-04-14 04:34 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-09 13:20 . 2008-04-14 04:33 29,184 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-09 13:20 . 2008-04-14 04:33 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-09 09:21 . 2008-08-09 22:11 50 --a------ C:\WINDOWS\MegaManager.INI
2008-08-04 13:35 . 2008-08-04 13:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-07-31 21:24 . 2005-08-03 13:48 389,120 --a------ C:\WINDOWS\Adventure Inlay.scr
2008-07-26 23:14 . 2008-07-26 23:14 <REP> d-------- C:\Program Files\Sun
2008-07-22 22:01 . 2008-07-26 10:08 <REP> d-------- C:\Downloads
2008-07-21 16:02 . 2008-07-21 16:02 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-17 08:11 . 2008-05-09 12:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-07-17 08:11 . 2008-05-09 12:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll
2008-07-17 08:11 . 2008-05-09 12:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-07-17 08:11 . 2008-05-09 12:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-07-17 08:11 . 2008-05-08 13:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-07-17 08:11 . 2008-05-09 10:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
2008-07-17 08:11 . 2008-05-09 12:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-07-16 21:07 . 2008-07-16 21:08 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-16 20:58 . 2008-07-16 20:58 <REP> d-------- C:\WINDOWS\system32\xircom
2008-07-16 20:58 . 2008-07-16 20:58 <REP> d-------- C:\WINDOWS\system32\npp
2008-07-16 20:58 . 2008-07-16 20:58 <REP> d-------- C:\Program Files\microsoft frontpage
2008-07-16 20:58 . 2004-08-04 02:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-16 20:52 . 2008-07-16 20:52 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-16 20:52 . 2008-07-16 20:52 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-16 20:52 . 2008-07-16 20:52 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-16 20:50 . 2008-07-16 20:53 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-16 20:47 . 2008-07-16 20:53 <REP> d-------- C:\WINDOWS\EHome
2008-07-16 20:41 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-16 20:41 . 2008-04-13 19:34 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-16 19:43 . 2008-07-16 19:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 06:04 --------- d-----w C:\Program Files\Ad-Aware
2008-08-15 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 19:00 --------- d-----w C:\Program Files\Quoiquipasse
2008-08-14 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-14 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MegauploadToolbar
2008-08-11 16:36 --------- d-----w C:\Program Files\Zylom Games
2008-08-11 16:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Zylom
2008-08-09 11:39 --------- d-----w C:\Program Files\eMule
2008-08-02 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-07-31 10:57 --------- d-----w C:\Program Files\DivX
2008-07-26 21:13 --------- d-----w C:\Program Files\Java
2008-07-19 14:12 --------- d-----w C:\Program Files\Big Kahuna Reef
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 19:08 68,517 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-07-16 19:08 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-16 18:08 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-16 18:02 --------- d-----w C:\Program Files\Symantec
2008-07-16 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-16 17:59 --------- d-----w C:\Program Files\eTarget20d
2008-07-16 17:35 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FileZilla
2008-07-15 14:12 --------- d-----w C:\Program Files\ma-config.com
2008-07-15 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-07-15 08:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Vso
2008-07-13 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-13 18:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PlayFirst
2008-07-10 17:32 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2008-07-10 17:28 --------- d-----w C:\Program Files\VideoLAN
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 07:43 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LuckyTender
2008-07-05 20:51 --------- d-----w C:\Program Files\LuckyTender
2008-07-03 08:34 --------- d-----w C:\Program Files\RayV
2008-07-02 13:49 --------- d-----w C:\Program Files\Steek
2008-07-02 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Steek
2008-06-30 16:20 --------- d-----w C:\Program Files\EMBIRD32
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 18:15 --------- d-----w C:\Program Files\Graphex3
2008-06-21 18:42 --------- d-----w C:\Program Files\QuickTime
2008-06-21 18:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-21 18:42 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-06-06 12:29 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
2008-06-06 12:29 44,544 ----a-w C:\WINDOWS\system32\msxml4a.dll
2008-06-06 12:29 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-24 10:10 47,360 ----a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
2006-10-08 23:18 145,920 ----a-w C:\WINDOWS\inf\hdaudio.sys
2007-10-24 10:55 23 --sha-w C:\WINDOWS\system32\eaedb4_r.dll
2006-07-29 17:18 112 --sha-w C:\WINDOWS\system32\Vistadrive\unistl.cmd
.

------- Sigcheck -------

2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2006-10-04 09:05 978432 7e395d8d31827ee84d94c2a3969c9668 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}]
2008-05-30 00:42 188416 --a------ C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23 36864]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07 907264]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-09-10 11:29 1477568]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-09-28 10:05 722160]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-05-07 15:26 4568360]
"42801297700139400757324417312266"="C:\Program Files\AV9\av2009.exe" [2008-08-16 00:12 982016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38 892928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"Quoiquipasse"="C:\Program Files\Quoiquipasse\qqp_agent.exe" [2007-09-06 19:49 49152]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2008-04-14 04:33 138240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23 36864]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07 907264]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-06 22:43:02 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-11-07 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=2 (0x2)
"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Documents and Settings\\Administrateur\\Bureau\\plugdvb\\PlugDVB.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:34]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-01-24 16:45]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-14 10:13]
S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys [2003-04-24 13:03]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1393fbc0-3560-11dd-959c-0015f2f2b1f4}]
\Shell\Auto\command - K:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40cf210-8215-11dc-8092-806d6172696f}]
\Shell\AutoRun\command - E:\wizard.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - STAROPEN
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-24 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1193229971.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-LDM - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
MSConfigStartUp-{05CD0D77-4947-4a56-94FA-0DF0DC644D7B} - C:\WINDOWS\sysqyzwud.exe
MSConfigStartUp-{9754B85A-3B34-4969-BE1F-CD03227E9470} - C:\WINDOWS\syszweuas.exe
MSConfigStartUp-{B081DB1F-4EE6-4021-9DD4-8B300F0D636D} - C:\WINDOWS\syssngbeh.exe
MSConfigStartUp-{DD651081-A909-45ad-BD71-2335B0ADE043} - C:\WINDOWS\sysutrnez.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\gdarr9hi.default\
FF -: plugin - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\gdarr9hi.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.969.23408\npCIDetect11.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nprayvplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 10:02:47
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\setupapi]
"ImagePath"="\??\¸_\[u]0[/u]8"
.
Temps d'accomplissement: 2008-08-16 10:03:43
ComboFix-quarantined-files.txt 2008-08-16 08:03:37

Pre-Run: 13,530,673,152 octets libres
Post-Run: 13,542,277,120 octets libres

286 --- E O F --- 2008-08-14 18:58:43
0
Réponse 2 / 2
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 août 2008 à 12:30
lt,



Télécharge et installe SmitFraudFix (par S!Ri)

Double-clique sur SmitfraudFix.exe
Dans le menu, fais le choix 1 et appuie sur "Entrée" pour créer un
rapport que tu trouveras à la racine du disque système C:\rapport.txt

Poste-le.
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Télécharger le logiciel Encarta gratuit 2015 version française.
Rémy M. SAKI -
medab -

13 réponses
Telecharger encarta junior 2015 Gratuit en Francais
Chairman -
Weuz -

2 réponses