Aidez moi jai un virus impossible a enlever

Résolu
Davdu10 -  
 Davdu10 -
Bonjour a tous j'orai voulu savoir si quelqu'un serai lire mon raport pck je ni compren rien et mon ordi rame trop et j'ai trop de pub

aidez moi si vou plai

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:05, on 29/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\David\AppData\Local\Temp\yaywwVOE.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [7df08cda] rundll32.exe "C:\Users\David\AppData\Local\Temp\hqnlukia.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\David\AppData\Local\Temp\iifcCutu.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Configuration: Windows Vista
Firefox 3.0.1

9 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    tu es infécté ici:
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\David\AppData\Local\Temp\yaywwVOE.dll,#1
    O4 - HKCU\..\Run: [7df08cda] rundll32.exe "C:\Users\David\AppData\Local\Temp\hqnlukia.dll",b
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\David\AppData\Local\Temp\iifcCutu.dll,c

    plus serieusement fais ceci:

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    1
  2. Kulbuto Messages postés 34 Statut Membre
     
    Bonjour,
    Essayes de voir sur la toile les (antivirus en ligne)et fait une demande de scan de ton D.D.(securiser.com).
    0
  3. Davdu10
     
    toujour rien

    aider moi si vous plai
    0
  4. Kulbuto Messages postés 34 Statut Membre
     
    C'est bizarre. Une analyse de ton système dure envirron 1H sur securiser.com.Elle te donne un rapport effectif et détruit le virus.Si ce nest pas le cas, et bien dommage, il faudra formater ta machine.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Kulbuto Messages postés 34 Statut Membre
     
    Merci pour ton aide jlpjlp!
    0
  7. Davdu10
     
    a yai g fai come tu ma di voila le raport

    ComboFix 08-08-29.02 - David 2008-08-30 0:09:48.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1221 [GMT 2:00]
    Endroit: C:\Users\David\Downloads\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\FBrowserAdvisor
    C:\Program Files\FBrowsingAdvisor
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
    C:\Program Files\FBrowsingAdvisor\Logo.png
    C:\Program Files\FBrowsingAdvisor\main.db-journal
    C:\Program Files\FBrowsingAdvisor\main.db
    C:\Program Files\FBrowsingAdvisor\unins000.dat
    C:\Program Files\FBrowsingAdvisor\unins000.exe
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
    C:\Program Files\PlayMP3z
    C:\Program Files\PlayMP3z\uninstall.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
    C:\Users\David\AppData\Local\Temp\hqnlukia.dll
    C:\Windows\system32\KBL.LOG

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-29 18:29 . 2008-08-29 18:33 <REP> d-------- C:\Program Files\a-squared Free
    2008-08-29 18:04 . 2008-08-29 18:04 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-28 12:06 . 2008-08-28 12:06 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-08-25 18:36 . 2008-08-25 18:41 <REP> d-------- C:\Program Files\Norton Internet Security
    2008-08-25 18:33 . 2008-08-25 18:56 <REP> d-------- C:\Program Files\Symantec
    2008-08-25 18:33 . 2008-08-25 18:56 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
    2008-08-25 18:33 . 2008-08-25 18:56 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
    2008-08-25 18:33 . 2008-08-25 18:56 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
    2008-08-23 11:20 . 2008-08-28 12:30 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-08-23 11:20 . 2008-08-28 12:30 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-08-23 11:19 . 2008-08-23 11:19 <REP> d-------- C:\Program Files\Alwil Software
    2008-08-23 10:45 . 2008-08-23 10:45 <REP> d-------- C:\Program Files\Xvid
    2008-08-23 03:09 . 2008-07-16 01:48 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-23 00:14 . 2008-06-19 05:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-23 00:14 . 2008-06-19 05:25 272,896 --a------ C:\Windows\System32\polstore.dll
    2008-08-23 00:14 . 2008-06-19 05:25 61,440 --a------ C:\Windows\System32\winipsec.dll
    2008-08-23 00:14 . 2008-06-19 05:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
    2008-08-11 19:25 . 2008-08-11 19:25 <REP> d-------- C:\Users\David\AppData\Roaming\Template
    2008-08-10 16:15 . 2003-06-16 18:46 1,334,032 --a------ C:\Windows\System32\msvbvm50.dll
    2008-08-10 16:15 . 2003-06-16 18:46 195,856 --a------ C:\Windows\System32\richtx32.ocx
    2008-08-10 16:15 . 2003-06-16 18:46 192,272 --a------ C:\Windows\System32\mci32.ocx
    2008-08-10 16:15 . 2003-06-16 18:46 94,992 --a------ C:\Windows\System32\vb5fr.dll
    2008-08-08 18:24 . 2008-08-08 18:24 <REP> dr-h----- C:\Users\David\AppData\Roaming\SecuROM
    2008-08-08 17:39 . 2008-08-08 22:42 <REP> d-------- C:\Program Files\EA GAMES
    2008-08-08 17:39 . 2004-08-18 05:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
    2008-08-01 12:33 . 2008-08-01 12:33 532,480 --a------ C:\Windows\System32\ReyXp.ocx
    2008-08-01 12:33 . 2008-08-01 12:33 140,288 --a------ C:\Windows\System32\dialogg.ocx
    2008-08-01 12:33 . 2008-08-01 12:33 98,304 --a------ C:\Windows\System32\Rey_SubClasser.dll
    2008-08-01 12:31 . 2008-08-01 12:31 152,848 --a------ C:\Windows\System32\comdlg32.ocx
    2008-08-01 12:31 . 2008-08-01 12:31 115,920 --a------ C:\Windows\System32\msinet.ocx
    2008-08-01 01:45 . 2008-08-01 01:46 <REP> d-------- C:\Windows\System32\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-29 11:36 --------- d-----w C:\Users\David\AppData\Roaming\LimeWire
    2008-08-29 11:36 --------- d-----w C:\Users\David\AppData\Roaming\Azureus
    2008-08-27 07:03 --------- d-----w C:\ProgramData\Symantec
    2008-08-25 16:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-08-23 22:41 --------- d-----w C:\Program Files\Windows Mail
    2008-08-23 01:12 --------- d-----w C:\ProgramData\Microsoft Help
    2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
    2008-07-10 10:13 174 --sha-w C:\Program Files\desktop.ini
    2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-06-01 15:04 80,707 ----a-w C:\Users\David\AppData\Roaming\nvModes.dat
    2008-04-26 19:39 0 ----a-w C:\Users\David\AppData\Roaming\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-26 19:12 1232896]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
    "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 10:14 202024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 18:12 1029416]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 19:47 51048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{B59C9D50-D069-464B-9354-E0E731DB870A}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{147BF480-3470-456F-8A59-9C0B6DE84872}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
    "{795479E2-5677-44B3-86DA-E94493EB4749}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{7066374E-28A8-4A8D-8AA3-4715B07115BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{FED043E3-DAD9-4DC3-83D4-CE7BBDD888ED}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080828.002\IDSvix86.sys [2008-03-20 22:37]
    R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 19:47]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
    R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 20:34]
    R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 20:34]
    R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 11:30]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
    S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
    S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 01:33]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26feab0c-2c1d-11dd-a1a0-001e6826422e}]
    \shell\AutoRun\command - setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91740f23-1af1-11dd-82c8-001e6826422e}]
    \shell\AutoRun\command - G:\MafiaLauncher.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91740f26-1af1-11dd-82c8-001e6826422e}]
    \shell\AutoRun\command - H:\MafiaLauncher.EXE

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-29 C:\Windows\Tasks\User_Feed_Synchronization-{66303728-4654-49D9-96BA-FD4C98DCF229}.job
    - C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tx2bvhym.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-30 00:15:00
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\System32\drivers\XAudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\System32\conime.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    C:\Windows\System32\dllhost.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-30 0:21:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-29 22:21:21

    Pre-Run: 151,559,483,392 octets libres
    Post-Run: 151,689,703,424 octets libres

    192 --- E O F --- 2008-08-23 01:12:55
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    recolles un rapport hijackhtis et dis tes soucis
    0