Bonjour, J'ai besoin de votre aide car mon antivirus AVG8.0 détecte un virus : TROJAN HORSE BHO.FFG AVG8.0 ne veut pasle supprimer ou le mettre en quarantaine. Ensuite j'ai essayé avec spybot et c'est pareil. J'ai aussi essayer avec AD-AWARE 2008 et le virus est toujours là. Je ne sais plus quoi faire. Pouvez-vous me dire si c'est grave comme VIRUS et me dire comment l'éradiquer définitivement. MERCI d'avance pour votre aide.

bonsoir recopie tes lien dans note pad comme ca t aura plus qu a les reinstaller par la suite

Trojan horse bho.ffg

Réponse 41 / 61

E..T Messages postés 6565 Statut Contributeur 428

Ouep,

Refais la même chose mais la tu choisis le choix 2
Laisse travailler le pc
Une fois le nettoyage fini ,une recherche sera relancée et un rapport
s'ouvrira automatiquement dans le Bloc-Notes.
Copies-colles le contenu de ce rapport sur le forum.

Et poste un rapport hijackthis.

++

anankronik Messages postés 39 Statut Membre

--------------------\\ Lop S&D 4.2.3-3 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
Phoenix ROM BIOS PLUS Version 1.10 A02
USER : IUSR_NMPR ( Not Administrator ! )
BOOT : Normal boot

"C:\Lop SD" ( MAJ : 21-08-2008|11:16 )
Option : [2] ( 21/08/2008|23:24 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[17/08/2008|15:55] C:\Users\maxime\AppData\Local\Adobe
[18/04/2008|20:02] C:\Users\maxime\AppData\Local\Apple
[15/08/2008|22:05] C:\Users\maxime\AppData\Local\Apple Computer
[05/01/2008|01:47] C:\Users\maxime\AppData\Local\Application Data
[10/01/2008|20:26] C:\Users\maxime\AppData\Local\Apps
[21/08/2008|19:19] C:\Users\maxime\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/01/2008|12:41] C:\Users\maxime\AppData\Local\Dell
[13/01/2008|15:36] C:\Users\maxime\AppData\Local\Deployment
[25/01/2008|17:36] C:\Users\maxime\AppData\Local\fmuldkbjbi.bat
[05/04/2008|16:04] C:\Users\maxime\AppData\Local\GDIPFONTCACHEV1.DAT
[14/01/2008|19:47] C:\Users\maxime\AppData\Local\Google
[05/01/2008|01:47] C:\Users\maxime\AppData\Local\Historique
[21/08/2008|18:10] C:\Users\maxime\AppData\Local\IconCache.db
[16/03/2008|18:11] C:\Users\maxime\AppData\Local\Installer6760
[19/08/2008|20:12] C:\Users\maxime\AppData\Local\Microsoft
[06/01/2008|13:25] C:\Users\maxime\AppData\Local\Microsoft Games
[27/01/2008|00:09] C:\Users\maxime\AppData\Local\Mozilla
[05/01/2008|01:51] C:\Users\maxime\AppData\Local\SupportSoft
[21/08/2008|23:24] C:\Users\maxime\AppData\Local\Temp
[05/01/2008|01:47] C:\Users\maxime\AppData\Local\Temporary Internet Files
[15/08/2008|23:37] C:\Users\maxime\AppData\Local\TF1 Vision
[12/01/2008|15:45] C:\Users\maxime\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[09/01/2008 22:13][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[21/08/2008 18:11][--ah-----] C:\Windows\tasks\SA.DAT
[21/08/2008 18:10][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[17/08/2008|15:55] C:\ProgramData\Adobe
[30/04/2008|20:07] C:\ProgramData\Apple
[15/08/2008|21:20] C:\ProgramData\Apple Computer
[05/01/2008|01:44] C:\ProgramData\Application Data
[17/08/2008|17:21] C:\ProgramData\avg8
[17/08/2008|10:32] C:\ProgramData\Avira
[05/01/2008|01:44] C:\ProgramData\Bureau
[02/08/2008|09:41] C:\ProgramData\Codemasters
[26/02/2008|20:57] C:\ProgramData\Dell
[05/01/2008|01:44] C:\ProgramData\Documents
[09/01/2008|20:44] C:\ProgramData\eMule
[05/01/2008|01:44] C:\ProgramData\Favoris
[05/01/2008|12:20] C:\ProgramData\FLEXnet
[21/08/2008|18:05] C:\ProgramData\Google
[05/01/2008|01:50] C:\ProgramData\Gtek
[02/01/2008|12:33] C:\ProgramData\InstallShield
[02/01/2008|12:28] C:\ProgramData\Intel
[16/08/2008|00:49] C:\ProgramData\Lavasoft
[18/08/2008|17:25] C:\ProgramData\Malwarebytes
[16/05/2008|18:09] C:\ProgramData\McAfee
[05/01/2008|01:44] C:\ProgramData\Menu D‚marrer
[13/01/2008|15:39] C:\ProgramData\Microsoft
[05/01/2008|01:44] C:\ProgramData\ModŠles
[17/08/2008|17:08] C:\ProgramData\NOS
[19/08/2008|20:28] C:\ProgramData\ntuser.pol
[16/08/2008|11:13] C:\ProgramData\NVIDIA
[02/01/2008|12:36] C:\ProgramData\Roxio
[02/01/2008|12:32] C:\ProgramData\Sonic
[21/08/2008|19:01] C:\ProgramData\Spybot - Search & Destroy
[02/01/2008|13:11] C:\ProgramData\SupportSoft
[26/01/2008|21:45] C:\ProgramData\Symantec
[17/08/2008|21:01] C:\ProgramData\TEMP
[26/07/2008|16:57] C:\ProgramData\Trymedia
[19/08/2008|19:18] C:\ProgramData\Ubisoft
[12/01/2008|15:39] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[02/08/2008|10:19] C:\Program Files\Activision
[17/08/2008|15:54] C:\Program Files\Adobe
[26/07/2008|16:54] C:\Program Files\AGEIA Technologies
[26/01/2008|22:08] C:\Program Files\Alwil Software
[30/04/2008|20:07] C:\Program Files\Apple Software Update
[17/08/2008|10:32] C:\Program Files\Avira
[15/08/2008|21:18] C:\Program Files\Bonjour
[15/08/2008|22:16] C:\Program Files\CCleaner
[02/08/2008|09:36] C:\Program Files\Codemasters
[16/05/2008|18:09] C:\Program Files\Common Files
[19/08/2008|19:05] C:\Program Files\DAEMON Tools Lite
[19/08/2008|19:05] C:\Program Files\DAEMON Tools Toolbar
[02/01/2008|13:13] C:\Program Files\Dell
[02/01/2008|13:11] C:\Program Files\Dell Support Center
[10/07/2008|10:33] C:\Program Files\desktop.ini
[14/01/2008|17:38] C:\Program Files\DIFX
[19/08/2008|18:24] C:\Program Files\DivX
[09/01/2008|20:44] C:\Program Files\eMule
[14/05/2008|19:49] C:\Program Files\ESTsoft
[05/01/2008|01:44] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[26/07/2008|11:04] C:\Program Files\Future Pinball
[21/08/2008|18:11] C:\Program Files\Google
[23/05/2008|13:51] C:\Program Files\Guitar Pro 5
[02/05/2008|20:30] C:\Program Files\IKEA HomePlanner
[19/08/2008|19:09] C:\Program Files\InstallShield Installation Information
[02/01/2008|12:28] C:\Program Files\Intel
[14/08/2008|03:09] C:\Program Files\Internet Explorer
[15/08/2008|21:20] C:\Program Files\iPod
[15/08/2008|21:20] C:\Program Files\iTunes
[25/01/2008|19:19] C:\Program Files\IZArc
[02/01/2008|12:20] C:\Program Files\Java
[16/08/2008|00:47] C:\Program Files\Lavasoft
[25/01/2008|17:36] C:\Program Files\Lecteur CANALPLAY
[02/01/2008|13:13] C:\Program Files\MAKEMSI Package Documentation
[18/08/2008|17:25] C:\Program Files\Malwarebytes' Anti-Malware
[10/08/2008|13:30] C:\Program Files\Micro Application
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[02/01/2008|12:25] C:\Program Files\Microsoft Office
[19/08/2008|13:24] C:\Program Files\Microsoft Silverlight
[16/08/2008|10:21] C:\Program Files\Microsoft Works
[02/11/2006|14:42] C:\Program Files\Movie Maker
[27/01/2008|00:21] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[09/01/2008|11:28] C:\Program Files\MSXML 4.0
[19/08/2008|20:12] C:\Program Files\Navilog1
[17/08/2008|17:08] C:\Program Files\NOS
[28/07/2008|21:22] C:\Program Files\OpenAL
[02/01/2008|13:12] C:\Program Files\Orange
[14/01/2008|17:38] C:\Program Files\Philips
[26/07/2008|16:16] C:\Program Files\Pro Pinball
[15/08/2008|21:18] C:\Program Files\QuickTime
[27/01/2008|00:07] C:\Program Files\Real
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[02/01/2008|12:36] C:\Program Files\Roxio
[15/08/2008|21:00] C:\Program Files\Safari
[29/02/2008|23:13] C:\Program Files\ScreenThemes
[26/07/2008|16:53] C:\Program Files\Sierra Online
[02/01/2008|12:07] C:\Program Files\Sigmatel
[02/01/2008|12:33] C:\Program Files\Sonic
[15/08/2008|23:08] C:\Program Files\Spybot - Search & Destroy
[17/08/2008|15:22] C:\Program Files\Sunbelt Software
[26/02/2008|20:45] C:\Program Files\SystemRequirementsLab
[08/01/2008|23:58] C:\Program Files\TELE2
[21/08/2008|22:50] C:\Program Files\TF1Vision
[07/01/2008|22:56] C:\Program Files\THQ
[17/08/2008|16:03] C:\Program Files\Trend Micro
[19/08/2008|19:09] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[11/05/2008|18:58] C:\Program Files\uTorrent
[12/05/2008|19:12] C:\Program Files\VideoLAN
[11/01/2008|19:36] C:\Program Files\Virtualis
[02/01/2008|12:21] C:\Program Files\WIDCOMM
[02/01/2008|19:59] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[02/01/2008|19:56] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[27/02/2008|22:57] C:\Program Files\Windows Live
[09/01/2008|22:13] C:\Program Files\Windows Live Favorites
[09/01/2008|22:13] C:\Program Files\Windows Live Toolbar
[14/08/2008|03:09] C:\Program Files\Windows Mail
[02/01/2008|20:01] C:\Program Files\Windows Media Player
[05/01/2008|01:44] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[09/01/2008|11:35] C:\Program Files\Windows Sidebar

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[17/08/2008|15:54] C:\Program Files\Common Files\Adobe
[30/04/2008|20:58] C:\Program Files\Common Files\Apple
[14/01/2008|17:38] C:\Program Files\Common Files\ArcSoft
[26/07/2008|16:52] C:\Program Files\Common Files\InstallShield
[02/01/2008|12:28] C:\Program Files\Common Files\Intel
[02/01/2008|12:20] C:\Program Files\Common Files\Java
[02/01/2008|12:38] C:\Program Files\Common Files\Macrovision Shared
[09/01/2008|22:12] C:\Program Files\Common Files\microsoft shared
[12/05/2008|11:30] C:\Program Files\Common Files\PX Storage Engine
[27/01/2008|00:08] C:\Program Files\Common Files\Real
[02/01/2008|12:35] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/01/2008|12:35] C:\Program Files\Common Files\Sonic Shared
[14/01/2008|17:38] C:\Program Files\Common Files\SPC520NC
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[02/01/2008|13:11] C:\Program Files\Common Files\supportsoft
[02/01/2008|12:32] C:\Program Files\Common Files\SureThing Shared
[25/01/2008|17:36] C:\Program Files\Common Files\Symantec Shared
[02/01/2008|20:03] C:\Program Files\Common Files\System
[09/01/2008|22:11] C:\Program Files\Common Files\WindowsLiveInstaller
[16/08/2008|00:46] C:\Program Files\Common Files\Wise Installation Wizard
[27/01/2008|00:08] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 100 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 23:25:31
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\maxime\AppData\Roaming\uTorrent\3D Ultra Pinball Thrill Ride (PC Games) + Crack.torrent
C:\Users\maxime\Documents\Downloads\Guitar Pro 5.2 & RSE (Guitar - Bass - Drums) - Incl. Keymaker\Guitar Pro 5.2 + Keymaker\Keygen.exe

[F:40][D:23]-> C:\Users\maxime\AppData\Local\Temp
[F:127][D:1]-> C:\Users\maxime\AppData\Roaming\MICROS~1\Windows\Cookies
[F:514][D:5]-> C:\Users\maxime\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:124][D:11]-> C:\$Recycle.Bin

--------------------\\ Fin du rapport a 23:28:16
[ UAC => 1 ]

LE SCAN HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:14, on 21/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\VPro520.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [fmuldkbjbi] C:\Users\IUSR_NMPR\appdata\local\fmuldkbjbi.exe fmuldkbjbi (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\maxime\AppData\Local\Temp\~DFFF66.tmp C:\Users\maxime\AppData\Local\Temp\~DFFC1A.tmp C:\Users\maxime\AppData\Local\Temp\~DFF4B0.tmp C:\Users\maxime\AppData\Local\Temp\~DFEA40.tmp C:\Users\maxime\AppData\Local\Temp\~DFD9AD.tmp C:\Users\maxime\AppData\Local\Temp\~DFD1DB.tmp C:\Users\maxime\AppData\Local\Temp\~DFA306.tmp C:\Users\maxime\AppData\Local\Temp\~DF9833.tmp C:\Users\maxime\AppData\Local\Temp\~DF7F41.tmp C:\Users\maxime\AppData\Local\Temp\~DF763C.tmp C:\Users\maxime\AppData\Local\Temp\~DF75A.tmp C:\Users\maxime\AppData\Local\Temp\~DF6E86.tmp C:\Users\maxime\AppData\Local\Temp\~DF6AB8.tmp C:\Users\maxime\AppData\Local\Temp\~DF66E1.tmp C:\Users\maxime\AppData\Local\Temp\~DF411F.tmp C:\Users\maxime\AppData\Local\Temp\~DF3756.tmp C:\Users\maxime\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\maxime\AppData\Local\Temp\~DFEC4.tmp C:\Users\maxime\AppData\Local\Temp\~DFBA2.tmp C:\Users\maxime\AppData\Local\Temp\~D
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\maxime\AppData\Local\Temp\~DFFF66.tmp C:\Users\maxime\AppData\Local\Temp\~DFFC1A.tmp C:\Users\maxime\AppData\Local\Temp\~DFF4B0.tmp C:\Users\maxime\AppData\Local\Temp\~DFEA40.tmp C:\Users\maxime\AppData\Local\Temp\~DFD9AD.tmp C:\Users\maxime\AppData\Local\Temp\~DFD1DB.tmp C:\Users\maxime\AppData\Local\Temp\~DFA306.tmp C:\Users\maxime\AppData\Local\Temp\~DF9833.tmp C:\Users\maxime\AppData\Local\Temp\~DF7F41.tmp C:\Users\maxime\AppData\Local\Temp\~DF763C.tmp C:\Users\maxime\AppData\Local\Temp\~DF75A.tmp C:\Users\maxime\AppData\Local\Temp\~DF6E86.tmp C:\Users\maxime\AppData\Local\Temp\~DF6AB8.tmp C:\Users\maxime\AppData\Local\Temp\~DF66E1.tmp C:\Users\maxime\AppData\Local\Temp\~DF411F.tmp C:\Users\maxime\AppData\Local\Temp\~DF3756.tmp C:\Users\maxime\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\maxime\AppData\Local\Temp\~DFEC4.tmp C:\Users\maxime\AppData\Local\Temp\~DFBA2.tmp C:\Users\maxime\AppData\Local\Temp\~D
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: VPro520.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLC:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Réponse 42 / 61

E..T Messages postés 6565 Statut Contributeur 428

Bonjour,

Télécharge MSNFix (de !aur3n7 et Regis59) sur le bureau :
Utilise ce lien http://sosvirus.changelog.fr/MSNFix.exe
Explications >> https://www.malekal.com/supprimer-virus-desinfecter-pc/

Conseil : Toujours télécharger avant utilisation pour profiter des dernières mises à jour.
Remarque: Il est possible que l'antivirus détécte un virus au téléchargement, il s'agit de Process.exe qui est un faux positif.

* Décompresse-le (clic droit : Extraire tout).
A la racine du système, déplace le dossier décompressé, comme suit :
C:\MSNFix.
Ouvre-le et double clique sur le fichier MSNFix.bat

* Exécute l'option R.
* Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
* Sauvegarde ce rapport puis fais-en un copier/coller sur le forum, ainsi qu'un scan HijackThis fait en mode normal.
* Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste-le dans ta prochaine réponse.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

Poste un nouveau rapport HijackThis.

@+

anankronik Messages postés 39 Statut Membre

Il me met aucune infection détectée, donc je n'ai pas de rapport, faut-il quand même un rapport HIJACKTHIS ?

Réponse 43 / 61

E..T Messages postés 6565 Statut Contributeur 428

Non laisse tomber hijackthis.

Télécharger ComboFix (par sUBs) sur le Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt
* Refaire un rapport hijackhthis, et fixer les lignes correspondantes comme indiqué plus haut.

Ne t'inquiète pas si windows te dit que c'est un virus ce n'est pas le cas.
@++

anankronik Messages postés 39 Statut Membre

Je ne comprends pas quand tu dis

"fixer les lignes correspondantes comme indiqué plus haut"

??

Réponse 44 / 61

E..T Messages postés 6565 Statut Contributeur 428

Erreur d'écriture fais le scan ;-)
++

anankronik Messages postés 39 Statut Membre

ComboFix 08-08-21.02 - maxime 2008-08-22 13:21:39.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2591 [GMT 2:00]
Endroit: C:\Users\maxime\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 11:20 1,260 ----a-w C:\Users\maxime\AppData\Roaming\wklnhst.dat
2008-08-22 11:18 1,310,720 --sha-w C:\Users\Invité\ntuser.dat
2008-08-22 11:18 1,310,720 --sha-w C:\Users\Invité\ntuser.dat
2008-08-22 11:13 --------- d-----w C:\Program Files\Apple Software Update
2008-08-22 08:47 --------- d-----w C:\Program Files\MSNFix
2008-08-21 20:50 --------- d-----w C:\Program Files\TF1Vision
2008-08-21 17:01 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-08-21 16:11 --------- d-----w C:\Program Files\Google
2008-08-19 20:14 --------- d-----w C:\Users\maxime\AppData\Roaming\Ubisoft
2008-08-19 18:12 --------- d-----w C:\Program Files\Navilog1
2008-08-19 17:18 --------- d-----w C:\PROGRA~2\Ubisoft
2008-08-19 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 17:09 --------- d-----w C:\Program Files\Ubisoft
2008-08-19 17:05 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-08-19 17:05 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-19 16:24 --------- d-----w C:\Program Files\DivX
2008-08-19 11:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 15:25 --------- d-----w C:\Users\maxime\AppData\Roaming\Malwarebytes
2008-08-18 15:25 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 15:25 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-08-17 19:01 --------- d---a-w C:\PROGRA~2\TEMP
2008-08-17 15:21 --------- d-----w C:\PROGRA~2\avg8
2008-08-17 15:08 --------- d-----w C:\Program Files\NOS
2008-08-17 15:08 --------- d-----w C:\PROGRA~2\NOS
2008-08-17 14:03 --------- d-----w C:\Program Files\Trend Micro
2008-08-17 13:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-17 13:22 --------- d-----w C:\Program Files\Sunbelt Software
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-17 08:32 --------- d-----w C:\Program Files\Avira
2008-08-17 08:32 --------- d-----w C:\PROGRA~2\Avira
2008-08-16 09:13 --------- d-----w C:\PROGRA~2\NVIDIA
2008-08-16 08:21 --------- d-----w C:\Program Files\Microsoft Works
2008-08-15 22:49 --------- d-----w C:\PROGRA~2\Lavasoft
2008-08-15 22:47 --------- d-----w C:\Program Files\Lavasoft
2008-08-15 22:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 21:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-15 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-15 19:23 --------- d-----w C:\Users\maxime\AppData\Roaming\Apple Computer
2008-08-15 19:20 --------- d-----w C:\Program Files\iTunes
2008-08-15 19:20 --------- d-----w C:\Program Files\iPod
2008-08-15 19:20 --------- d-----w C:\PROGRA~2\Apple Computer
2008-08-15 19:18 --------- d-----w C:\Program Files\QuickTime
2008-08-15 19:18 --------- d-----w C:\Program Files\Bonjour
2008-08-15 19:00 --------- d-----w C:\Program Files\Safari
2008-08-14 21:15 --------- d-----w C:\Users\maxime\AppData\Roaming\uTorrent
2008-08-14 14:56 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-08-14 14:56 --------- d-----w C:\Users\maxime\AppData\Roaming\DAEMON Tools
2008-08-14 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 11:30 --------- d-----w C:\Program Files\Micro Application
2008-08-02 08:19 --------- d-----w C:\Program Files\Activision
2008-08-02 07:41 --------- d-----w C:\PROGRA~2\Codemasters
2008-08-02 07:40 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-08-02 07:40 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-08-02 07:36 --------- d-----w C:\Program Files\Codemasters
2008-07-28 19:31 --------- d-----w C:\Users\maxime\AppData\Roaming\InstallShield
2008-07-28 19:22 --------- d-----w C:\Program Files\OpenAL
2008-07-26 14:58 --------- d-----w C:\Users\maxime\AppData\Roaming\Switchball
2008-07-26 14:57 --------- d-----w C:\PROGRA~2\Trymedia
2008-07-26 14:54 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-26 14:53 --------- d-----w C:\Program Files\Sierra Online
2008-07-26 14:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-26 14:16 --------- d-----w C:\Program Files\Pro Pinball
2008-07-26 09:04 --------- d-----w C:\Program Files\Future Pinball
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-16 07:57 269,736 ----a-r C:\Windows\system32\drivers\SbFw.sys
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 08:33 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-22 12:57 805,400 ----a-r C:\Windows\System32\tmp88DF.tmp
2008-05-22 12:57 805,400 ----a-r C:\Windows\System32\tmp88CE.tmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 06:40 218032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 08:03 17920]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 10:40 405504]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-02 12:20 77824]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 21:03 178712]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 12:14 439512]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 12:18 215256]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-02 13:12 1838592]
"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 12:12 243240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-27 00:07 185896]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 16:56 339968]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-12 01:53 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-12 01:53 92704]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-08 01:50 9728 C:\Windows\System32\HCIMNTR.DLL]
"PMX Daemon"="ICO.EXE" [2006-11-08 17:01 49152 C:\Windows\System32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 13:43:38 715568]
VPro520.lnk - C:\Windows\VPro520.exe [2008-01-14 17:38:05 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLC:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DE97DF50-E42F-4C8F-832F-90D3ED90850D}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{1453211E-7F3E-4FBE-8E1F-18810A82D9C6}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{984198AA-9CEF-4956-87D7-6088E7CB6B6F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{15AA5C7C-DB6E-497F-B279-66881DE5F423}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{CD3F8692-37A2-45C5-A2E0-CDB8BEA6F2A8}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{BFD5B5C7-E851-4103-BAFD-0E809B2EE480}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{3BA84A9E-4FC5-40CA-9614-67156605F911}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0A8C5AC4-F52A-4796-B752-A168E851067F}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{E811E594-518B-4B9B-BF27-481640B56DCB}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{0B93EF22-83CE-4245-ADB8-F359EEC1C4CB}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E7272A5D-A17F-4514-894E-ABB685B911FF}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EC3D2470-6B86-447D-BD7B-EDFCF6BA51E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9C051919-9934-4247-B2B7-5335CCF935FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B9F0E5E-3D61-4E71-B18A-825D0ED0E79B}"= UDP:C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe:eBay Motors GRID Demo
"{5B9C0980-973F-4A6C-99C0-9412723BDA15}"= TCP:C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe:eBay Motors GRID Demo
"{5DAFA1A5-6455-42F6-BD4D-83D2C3E8E55F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{505B259E-2BFB-480B-B954-7B009BB52181}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C0441CD8-5440-4551-BF31-A42E3129B454}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6B9D115C-4E75-4DF3-A01C-3C6646F9E528}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9CC82556-31A1-4FBE-84D9-1CA4AC050246}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2FE1B0C1-AF11-444A-A30B-85A93F125863}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{37D458FB-B4BA-4807-A4AF-27A30E1A260F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{40233806-FD31-46A8-865B-496B6F6DC313}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8C005BED-3A49-4584-8589-F204885016B7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{1F8B5B52-11D6-4F21-B938-7FE7A20DD43B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F17F4FFB-C969-4E7B-8E1D-D9C86F84924A}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys [2008-07-16 09:57]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-01-02 12:27]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 15:41]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 18:44]
S1 sbhips;Sunbelt HIPS Driver;C:\Windows\system32\drivers\sbhips.sys [2008-06-21 04:54]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 02:45]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 13:46]
S2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
S2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 12:13]
S2 NMSCore;Intel(R) NMSCore;C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 12:14]
S2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 22:34]
S2 QualityManager;Intel(R) Quality Manager;C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 12:17]
S2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 10:36]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 10:36]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-04-02 06:42]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-02 06:42]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-02 06:42]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 12:15]
S3 phaudlwr;Philips Audio Filter;C:\Windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 09:40]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 SPC520;Philips SPC520NC PC Camera;C:\Windows\system32\drivers\SPC520.sys [2007-10-01 14:38]
S3 SPC520m;Philips SPC520NC PC Cameram;C:\Windows\system32\drivers\SPC520m.sys [2007-10-01 14:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{696b26ad-5fd0-11dd-9444-001c26dcc51c}]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85429cec-6e0b-11dd-88a0-001c26dcc51c}]
\shell\AutoRun\command - K:\autorun.exe

*Newly Created Service* - ECACHE
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-DelayShred - c:\program files\mcafee\mshr\ShrCL.EXE
MSConfigStartUp-a6825057 - C:\Users\maxime\AppData\Local\Temp\vwtdvsll.dll
MSConfigStartUp-cmds - C:\Users\maxime\AppData\Local\Temp\khFWmMeb.dll
MSConfigStartUp-MSServer - C:\Users\maxime\AppData\Local\Temp\wvUmjIyW.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\maxime\AppData\Roaming\Mozilla\Firefox\Profiles\60yv8tne.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 13:23:49
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-22 13:24:59
ComboFix-quarantined-files.txt 2008-08-22 11:24:10

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 414,132,662,272 octets libres

249 --- E O F --- 2008-08-22 07:58:00

Réponse 45 / 61

E..T Messages postés 6565 Statut Contributeur 428

Peux tu envoyer un nouveau rapport hijackthis.
++

anankronik Messages postés 39 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:14, on 21/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\VPro520.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [fmuldkbjbi] C:\Users\IUSR_NMPR\appdata\local\fmuldkbjbi.exe fmuldkbjbi (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-244751156-2771948051-3926594744-1000\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\maxime\AppData\Local\Temp\~DFFF66.tmp C:\Users\maxime\AppData\Local\Temp\~DFFC1A.tmp C:\Users\maxime\AppData\Local\Temp\~DFF4B0.tmp C:\Users\maxime\AppData\Local\Temp\~DFEA40.tmp C:\Users\maxime\AppData\Local\Temp\~DFD9AD.tmp C:\Users\maxime\AppData\Local\Temp\~DFD1DB.tmp C:\Users\maxime\AppData\Local\Temp\~DFA306.tmp C:\Users\maxime\AppData\Local\Temp\~DF9833.tmp C:\Users\maxime\AppData\Local\Temp\~DF7F41.tmp C:\Users\maxime\AppData\Local\Temp\~DF763C.tmp C:\Users\maxime\AppData\Local\Temp\~DF75A.tmp C:\Users\maxime\AppData\Local\Temp\~DF6E86.tmp C:\Users\maxime\AppData\Local\Temp\~DF6AB8.tmp C:\Users\maxime\AppData\Local\Temp\~DF66E1.tmp C:\Users\maxime\AppData\Local\Temp\~DF411F.tmp C:\Users\maxime\AppData\Local\Temp\~DF3756.tmp C:\Users\maxime\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\maxime\AppData\Local\Temp\~DFEC4.tmp C:\Users\maxime\AppData\Local\Temp\~DFBA2.tmp C:\Users\maxime\AppData\Local\Temp\~D
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\maxime\AppData\Local\Temp\~DFFF66.tmp C:\Users\maxime\AppData\Local\Temp\~DFFC1A.tmp C:\Users\maxime\AppData\Local\Temp\~DFF4B0.tmp C:\Users\maxime\AppData\Local\Temp\~DFEA40.tmp C:\Users\maxime\AppData\Local\Temp\~DFD9AD.tmp C:\Users\maxime\AppData\Local\Temp\~DFD1DB.tmp C:\Users\maxime\AppData\Local\Temp\~DFA306.tmp C:\Users\maxime\AppData\Local\Temp\~DF9833.tmp C:\Users\maxime\AppData\Local\Temp\~DF7F41.tmp C:\Users\maxime\AppData\Local\Temp\~DF763C.tmp C:\Users\maxime\AppData\Local\Temp\~DF75A.tmp C:\Users\maxime\AppData\Local\Temp\~DF6E86.tmp C:\Users\maxime\AppData\Local\Temp\~DF6AB8.tmp C:\Users\maxime\AppData\Local\Temp\~DF66E1.tmp C:\Users\maxime\AppData\Local\Temp\~DF411F.tmp C:\Users\maxime\AppData\Local\Temp\~DF3756.tmp C:\Users\maxime\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\maxime\AppData\Local\Temp\~DFEC4.tmp C:\Users\maxime\AppData\Local\Temp\~DFBA2.tmp C:\Users\maxime\AppData\Local\Temp\~D
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: VPro520.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLC:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Réponse 46 / 61

E..T Messages postés 6565 Statut Contributeur 428

Bon on va essayer un autre truc,

1/ Télécharges le fichier GenProc.zip http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur le bureau
2/ Sur le bureau, dézippes le dossier GenProc.zip (clic droit sur le dossier téléchargé)
3/ Sur le bureau, le dossier GenProc est créé
4/ Ouvrir le dossier GenProc d'un double clique le scan se lance.
Ne t 'étonnes pas si le rapport s'affiche en très peu de temps, c'est normal.

Un tuto complet >> ici regarde le ;-)

@+

Réponse 47 / 61

VladTepes72 Messages postés 431 Statut Membre 12

bonjour

tu peux avoir autant de scanner anti virus ou anti malware mais l important
est d en avoir un seul anti virus ET un seul anti spyware en meme temps resident
c est a dire actif en permanence

par exemple avast en antivirus et spybot comme anti malware residents, il n y a pas de
verité dans le choix des deux c est au feeling et a la preference d interface

@+

Réponse 48 / 61

E..T Messages postés 6565 Statut Contributeur 428

Salut,
VladTepes72, j'ai pas tout compris le pc du naute est bien protégé non ?
++

anankronik Messages postés 39 Statut Membre

Il m'a mit appuyé sur une touche pour continuer et après il m'a mit "Accès refusé" et Pas de rapport.

Réponse 49 / 61

VladTepes72 Messages postés 431 Statut Membre 12

Super oups, je m etais arrete a la premiere page du post
lol
ma reponse ne veut rien dire ici, si un moderateur peut l effacer...

desolé

Réponse 50 / 61

E..T Messages postés 6565 Statut Contributeur 428

anankronik

Télécharge ToolsCleaner il permet de supprimer les logiciels installés pendant la désinfection.
--> https://www.commentcamarche.net/telecharger/
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression .
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Je vais demander de l'aide ;-)
Car j'ai pas envi de faire des conneries!
Si tu trouves le temps trop long pour la réponse regarde >> ici

@++

Réponse 51 / 61

anankronik Messages postés 39 Statut Membre

Je ferais ça plus tard ce soir car je dois m'absenter cet après-midi. A plus tard

Réponse 52 / 61

E..T Messages postés 6565 Statut Contributeur 428

Pas de soucis ;-)
@++

Réponse 53 / 61

Utilisateur anonyme

Salut je prend la suite

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK

ensuite refais un scan combofix et post le rapport stp

anankronik Messages postés 39 Statut Membre

Salut Chiquitine29 et merci d'avance pour ton aide,

Est-ce que je dois télécharger Toolscleaner comme E.T. m'a dit ou est-ce que je doit suivre tout de suite tes instructions?

Réponse 54 / 61

E..T Messages postés 6565 Statut Contributeur 428

Merci chiqui ;-))
anankronik, suit ses conseils à la lettre sinon cacahuètes ;-)
Bonne suite à vous deux je suis le topic.
Et encore merci chiqui.
^@++

Réponse 55 / 61

Utilisateur anonyme

PASSE direct a combofix

anankronik Messages postés 39 Statut Membre

Salut,

Voici le rapport combofix :

ComboFix 08-08-21.02 - maxime 2008-08-26 19:28:08.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2607 [GMT 2:00]
Endroit: C:\Users\maxime\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 17:25 1,310,720 --sha-w C:\Users\Invité\ntuser.dat
2008-08-26 17:25 1,310,720 --sha-w C:\Users\Invité\ntuser.dat
2008-08-24 18:43 3,219,083,206 ----a-w C:\Windows\DUMP6556.tmp
2008-08-22 11:30 1,260 ----a-w C:\Users\maxime\AppData\Roaming\wklnhst.dat
2008-08-22 11:13 --------- d-----w C:\Program Files\Apple Software Update
2008-08-22 08:47 --------- d-----w C:\Program Files\MSNFix
2008-08-21 20:50 --------- d-----w C:\Program Files\TF1Vision
2008-08-21 17:01 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-08-21 16:11 --------- d-----w C:\Program Files\Google
2008-08-19 20:14 --------- d-----w C:\Users\maxime\AppData\Roaming\Ubisoft
2008-08-19 18:12 --------- d-----w C:\Program Files\Navilog1
2008-08-19 17:18 --------- d-----w C:\PROGRA~2\Ubisoft
2008-08-19 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 17:09 --------- d-----w C:\Program Files\Ubisoft
2008-08-19 17:05 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-08-19 17:05 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-19 16:24 --------- d-----w C:\Program Files\DivX
2008-08-19 11:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 15:25 --------- d-----w C:\Users\maxime\AppData\Roaming\Malwarebytes
2008-08-18 15:25 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 15:25 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-08-17 19:01 --------- d---a-w C:\PROGRA~2\TEMP
2008-08-17 15:21 --------- d-----w C:\PROGRA~2\avg8
2008-08-17 15:08 --------- d-----w C:\Program Files\NOS
2008-08-17 15:08 --------- d-----w C:\PROGRA~2\NOS
2008-08-17 14:03 --------- d-----w C:\Program Files\Trend Micro
2008-08-17 13:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-17 13:22 --------- d-----w C:\Program Files\Sunbelt Software
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-17 08:32 --------- d-----w C:\Program Files\Avira
2008-08-17 08:32 --------- d-----w C:\PROGRA~2\Avira
2008-08-16 09:13 --------- d-----w C:\PROGRA~2\NVIDIA
2008-08-16 08:21 --------- d-----w C:\Program Files\Microsoft Works
2008-08-15 22:49 --------- d-----w C:\PROGRA~2\Lavasoft
2008-08-15 22:47 --------- d-----w C:\Program Files\Lavasoft
2008-08-15 22:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 21:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-15 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-15 19:23 --------- d-----w C:\Users\maxime\AppData\Roaming\Apple Computer
2008-08-15 19:20 --------- d-----w C:\Program Files\iTunes
2008-08-15 19:20 --------- d-----w C:\Program Files\iPod
2008-08-15 19:20 --------- d-----w C:\PROGRA~2\Apple Computer
2008-08-15 19:18 --------- d-----w C:\Program Files\QuickTime
2008-08-15 19:18 --------- d-----w C:\Program Files\Bonjour
2008-08-15 19:00 --------- d-----w C:\Program Files\Safari
2008-08-14 21:15 --------- d-----w C:\Users\maxime\AppData\Roaming\uTorrent
2008-08-14 14:56 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-08-14 14:56 --------- d-----w C:\Users\maxime\AppData\Roaming\DAEMON Tools
2008-08-14 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 11:30 --------- d-----w C:\Program Files\Micro Application
2008-08-02 08:19 --------- d-----w C:\Program Files\Activision
2008-08-02 07:41 --------- d-----w C:\PROGRA~2\Codemasters
2008-08-02 07:40 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-08-02 07:40 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-08-02 07:36 --------- d-----w C:\Program Files\Codemasters
2008-07-28 19:31 --------- d-----w C:\Users\maxime\AppData\Roaming\InstallShield
2008-07-28 19:22 --------- d-----w C:\Program Files\OpenAL
2008-07-26 14:58 --------- d-----w C:\Users\maxime\AppData\Roaming\Switchball
2008-07-26 14:57 --------- d-----w C:\PROGRA~2\Trymedia
2008-07-26 14:54 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-26 14:53 --------- d-----w C:\Program Files\Sierra Online
2008-07-26 14:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-26 14:16 --------- d-----w C:\Program Files\Pro Pinball
2008-07-26 09:04 --------- d-----w C:\Program Files\Future Pinball
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-16 07:57 269,736 ----a-r C:\Windows\system32\drivers\SbFw.sys
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 08:33 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 06:40 218032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 14:11 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:29 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 08:03 17920]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 10:40 405504]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-02 12:20 77824]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 21:03 178712]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 12:14 439512]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 12:18 215256]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-02 13:12 1838592]
"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 12:12 243240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-27 00:07 185896]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 16:56 339968]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-12 01:53 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-12 01:53 92704]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-08 01:50 9728 C:\Windows\System32\HCIMNTR.DLL]
"PMX Daemon"="ICO.EXE" [2006-11-08 17:01 49152 C:\Windows\System32\ico.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 13:43:38 715568]
VPro520.lnk - C:\Windows\VPro520.exe [2008-01-14 17:38:05 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLC:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DE97DF50-E42F-4C8F-832F-90D3ED90850D}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{1453211E-7F3E-4FBE-8E1F-18810A82D9C6}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{984198AA-9CEF-4956-87D7-6088E7CB6B6F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{15AA5C7C-DB6E-497F-B279-66881DE5F423}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{CD3F8692-37A2-45C5-A2E0-CDB8BEA6F2A8}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{BFD5B5C7-E851-4103-BAFD-0E809B2EE480}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{3BA84A9E-4FC5-40CA-9614-67156605F911}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0A8C5AC4-F52A-4796-B752-A168E851067F}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{E811E594-518B-4B9B-BF27-481640B56DCB}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{0B93EF22-83CE-4245-ADB8-F359EEC1C4CB}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E7272A5D-A17F-4514-894E-ABB685B911FF}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EC3D2470-6B86-447D-BD7B-EDFCF6BA51E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9C051919-9934-4247-B2B7-5335CCF935FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B9F0E5E-3D61-4E71-B18A-825D0ED0E79B}"= UDP:C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe:eBay Motors GRID Demo
"{5B9C0980-973F-4A6C-99C0-9412723BDA15}"= TCP:C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe:eBay Motors GRID Demo
"{5DAFA1A5-6455-42F6-BD4D-83D2C3E8E55F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{505B259E-2BFB-480B-B954-7B009BB52181}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C0441CD8-5440-4551-BF31-A42E3129B454}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6B9D115C-4E75-4DF3-A01C-3C6646F9E528}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9CC82556-31A1-4FBE-84D9-1CA4AC050246}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2FE1B0C1-AF11-444A-A30B-85A93F125863}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{37D458FB-B4BA-4807-A4AF-27A30E1A260F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{40233806-FD31-46A8-865B-496B6F6DC313}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8C005BED-3A49-4584-8589-F204885016B7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{1F8B5B52-11D6-4F21-B938-7FE7A20DD43B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F17F4FFB-C969-4E7B-8E1D-D9C86F84924A}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys [2008-07-16 09:57]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-01-02 12:27]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 15:41]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 18:44]
S1 sbhips;Sunbelt HIPS Driver;C:\Windows\system32\drivers\sbhips.sys [2008-06-21 04:54]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 02:45]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 13:46]
S2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
S2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 12:13]
S2 NMSCore;Intel(R) NMSCore;C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 12:14]
S2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 22:34]
S2 QualityManager;Intel(R) Quality Manager;C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 12:17]
S2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 10:36]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 10:36]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-04-02 06:42]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-02 06:42]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-02 06:42]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 12:15]
S3 phaudlwr;Philips Audio Filter;C:\Windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 09:40]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 SPC520;Philips SPC520NC PC Camera;C:\Windows\system32\drivers\SPC520.sys [2007-10-01 14:38]
S3 SPC520m;Philips SPC520NC PC Cameram;C:\Windows\system32\drivers\SPC520m.sys [2007-10-01 14:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{696b26ad-5fd0-11dd-9444-001c26dcc51c}]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85429cec-6e0b-11dd-88a0-001c26dcc51c}]
\shell\AutoRun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff293037-66cd-11dd-aa04-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - ECACHE
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\maxime\AppData\Roaming\Mozilla\Firefox\Profiles\60yv8tne.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 19:30:30
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-26 19:31:38
ComboFix-quarantined-files.txt 2008-08-26 17:30:50
ComboFix2.txt 2008-08-22 11:25:00

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 409,355,550,720 octets libres

249 --- E O F --- 2008-08-22 07:58:00

Réponse 56 / 61

Utilisateur anonyme

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Windows\DUMP6556.tmp
C:\Users\maxime\AppData\Roaming\wklnhst.dat
C:\Program Files\Navilog1
C:\Users\maxime\AppData\Local\Temp\~DFFF66.tmp
C:\Users\maxime\AppData\Local\Temp\~DFFC1A.tmp
C:\Users\maxime\AppData\Local\Temp\~DFF4B0.tmp
C:\Users\maxime\AppData\Local\Temp\~DFEA40.tmp
C:\Users\maxime\AppData\Local\Temp\~DFD9AD.tmp
C:\Users\maxime\AppData\Local\Temp\~DFD1DB.tmp
C:\Users\maxime\AppData\Local\Temp\~DFA306.tmp
C:\Users\maxime\AppData\Local\Temp\~DF9833.tmp
C:\Users\maxime\AppData\Local\Temp\~DF7F41.tmp
C:\Users\maxime\AppData\Local\Temp\~DF763C.tmp
C:\Users\maxime\AppData\Local\Temp\~DF75A.tmp
C:\Users\maxime\AppData\Local\Temp\~DF6E86.tmp
C:\Users\maxime\AppData\Local\Temp\~DF6AB8.tmp
C:\Users\maxime\AppData\Local\Temp\~DF66E1.tmp
C:\Users\maxime\AppData\Local\Temp\~DF411F.tmp
C:\Users\maxime\AppData\Local\Temp\~DF3756.tmp
C:\Users\maxime\AppData\Local\Temp\Low\HSPERF~1.SH!
C:\Users\maxime\AppData\Local\Temp\~DFEC4.tmp
C:\Users\maxime\AppData\Local\Temp\~DFBA2.tmp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

anankronik Messages postés 39 Statut Membre

Il me met que OTMoveIt.exe n'est pas une application Xin 32 valide et donc je ne peux pas l'ouvrir

Réponse 57 / 61

E..T Messages postés 6565 Statut Contributeur 428

Hello les nautes,
Il me met que OTMoveIt.exe n'est pas une application Xin 32 valide et donc je ne peux pas l'ouvrir
As tu réussis ?

Sinon essaye en mode sans échec.
* Démarre en mode sans échec
Comment faire (au cas ou ;-)>> https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
Redémarres l’ordinateur
Dès le chargement du BIOS, commences à appuyer sur la touche F8 de ton clavier,i jusqu'au ou le menu des options avancées de Windows apparait.
Sélectionne "Mode sans échec" dans le menu puis appuyez sur Entrée.

++

anankronik Messages postés 39 Statut Membre

C'est pareil en mode sans échec

Réponse 58 / 61

Utilisateur anonyme

Telecharge FindB :

- Fas un clic droit sur le lien, enregistrer sous .... sur le bureau

---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.exe

--> Double clic sur FindB

--> Post le rapport FindB.txt dans ton prochain message

Note : le rapport FindB.txt est sauvegardé a la racine du disque

anankronik Messages postés 39 Statut Membre

Salut,

il me met accès Refusé et que le rapport FindB.txt est introuvable

Réponse 59 / 61

E..T Messages postés 6565 Statut Contributeur 428

Merci pour ton intervention chiqui, !!
(c'est bon les 013 ;-) jo vu)

En attente de ton rapport anankronik

++

Réponse 60 / 61

E..T Messages postés 6565 Statut Contributeur 428

Ouep,
Pour MSN fais l'inverse du lien ;-)
http://www.commentcamarche.net/faq/sujet 5715 comment bloquer l acces a msn windows live messenger
Dis moi quoi.
++

anankronik Messages postés 39 Statut Membre

Salut,

Je ne comprends pas car dans la configuration de Kerio je ne vois pas la ligne où msn est bloqué, il n'est pas bloqué par Kerio mais c'est moi qui avait modifier le paramètre de démarrage de mon ordinateur pour que MSN ne s'allume pas automatiquement.

Alors, que dois-je faire.

PS : Depuis que j'ai enlevé Google et que j'ai téléchargé tous les logiciels de dépannage ou d'analyse que vous m'avez prescris, mon ordi est beaucoup plus lent notamment pour les recherches sur internet et pour le démarrage de mon ordinateur, est-ce normal ?

Trojan horse bho.ffg

61 réponses

Votre réponse

Discussions similaires

Newsletters