Des saletés sur mon PC
Résolu
Heylac
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
j'ai 2 vers sur mon PC je ne connais pas leur nom et le scanner en ligne de kaspersky ne marcxhe pas je n'ai que mon log de Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:54, on 07/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BOINC\boincmgr.exe
E:\Program Files\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_windows_intelx86
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_windows_intelx86
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {36E5ACFE-9E72-4AC8-9058-D181CBFC2A52} - C:\Windows\system32\xxyxWQIX.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: gksraemq - {1165626A-8567-4D29-A56A-38E542C1376C} - C:\Windows\gksraemq.dll (file missing)
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGwWOIY.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = E:\Program Files\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3220DE23-B223-43C7-BF06-8F9154F4740C}: NameServer = 212.27.53.252,211.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
j'ai 2 vers sur mon PC je ne connais pas leur nom et le scanner en ligne de kaspersky ne marcxhe pas je n'ai que mon log de Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:54, on 07/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BOINC\boincmgr.exe
E:\Program Files\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_windows_intelx86
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_windows_intelx86
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {36E5ACFE-9E72-4AC8-9058-D181CBFC2A52} - C:\Windows\system32\xxyxWQIX.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: gksraemq - {1165626A-8567-4D29-A56A-38E542C1376C} - C:\Windows\gksraemq.dll (file missing)
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGwWOIY.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = E:\Program Files\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3220DE23-B223-43C7-BF06-8F9154F4740C}: NameServer = 212.27.53.252,211.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
A voir également:
- Des saletés sur mon PC
- Mon pc est lent - Guide
- Télécharger musique gratuitement sur pc - Télécharger - Conversion & Extraction
- Plus de son sur mon pc - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
7 réponses
Bonsoir
Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
bonsoir
1)pour vista si infection.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html
2)Telecharges malwares bytes anti malwares :
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
1)pour vista si infection.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html
2)Telecharges malwares bytes anti malwares :
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
Bonsoir
je ne suis pas si sur que ça car ton rapport de combofix nous montre encore des infections
il faut aller au bout de ta désinfection sinon tu reviendra nous voir
il faut aussi poster ton rapport de malwarebytes pour voir si il c'est chargé des infections qui reste sur ton rapport de combofix
@+
je ne suis pas si sur que ça car ton rapport de combofix nous montre encore des infections
il faut aller au bout de ta désinfection sinon tu reviendra nous voir
il faut aussi poster ton rapport de malwarebytes pour voir si il c'est chargé des infections qui reste sur ton rapport de combofix
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 08-09-05.03 - Pycy 2008-09-07 22:41:10.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1328 [GMT 2:00]
Endroit: C:\Users\Pycy\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0/u.exe
C:\Program Files\PCHealthCenter\[u]0/u.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Windows\ewxk.exe
C:\Windows\system32\byXNhiGV.dll
C:\Windows\system32\byXQGwUo.dll
C:\Windows\system32\byXRijkl.dll
C:\Windows\system32\hgGwWOIY.dll
C:\Windows\system32\llRuCJjl.ini
C:\Windows\System32\llRuCJjl.ini2
C:\Windows\System32\lRrqYcdd.ini
C:\Windows\System32\lRrqYcdd.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\UuwFPqru.ini
C:\Windows\System32\UuwFPqru.ini2
C:\Windows\System32\XIQWxyxx.ini
C:\Windows\System32\XIQWxyxx.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 22:01 . 2008-09-07 22:01 322,560 --a------ C:\Windows\System32\ljJCuRll.dll
2008-09-07 18:47 . 2008-09-07 18:47 <REP> d-------- C:\VundoFix Backups
2008-09-07 18:33 . 2008-09-07 18:33 <REP> d-------- C:\Program Files\Trend Micro
2008-09-07 18:29 . 2008-09-07 18:29 322,560 --a------ C:\Windows\System32\urqPFwuU.dll
2008-09-07 18:23 . 2008-09-05 17:07 31,232 --a------ C:\Windows\System32\YUR95D8.exe
2008-09-07 16:11 . 2008-09-07 16:11 <REP> d-------- C:\kav
2008-09-07 15:08 . 2008-09-07 15:08 <REP> d-------- C:\Program Files\Java
2008-09-07 15:08 . 2008-09-07 15:08 <REP> d-------- C:\Program Files\Common Files\Java
2008-09-07 14:38 . 2008-09-07 14:38 322,560 --a------ C:\Windows\System32\xxyxWQIX.dll
2008-09-07 13:30 . 2008-09-05 17:07 106,496 --a------ C:\Windows\System32\YUR8D31.exe
2008-09-07 13:24 . 2008-09-05 17:07 31,232 --a------ C:\Windows\System32\YURF70A.exe
2008-09-07 07:45 . 2008-09-07 07:45 <REP> d-------- C:\Program Files\Alwil Software
2008-09-07 07:45 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-07 07:29 . 2008-09-07 02:06 131,072 --a------ C:\Windows\sxmaokgf.exe
2008-09-05 08:57 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-05 08:57 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-05 08:57 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-05 08:57 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-05 08:57 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-05 08:57 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-05 08:57 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-05 08:56 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-05 08:56 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 20:44 --------- d-----w C:\Program Files\BOINC
2008-09-07 19:55 --------- d-----w C:\Program Files\ESET
2008-09-07 16:52 --------- d-----w C:\Program Files\Yahoo!
2008-09-07 12:32 --------- d-----w C:\Program Files\Google
2008-09-07 12:25 --------- d-----w C:\Users\Pycy\AppData\Roaming\Skype
2008-09-07 11:25 --------- d-----w C:\Users\Pycy\AppData\Roaming\skypePM
2008-09-06 13:04 --------- d-----w C:\Users\Pycy\AppData\Roaming\FileZilla
2008-09-06 11:12 --------- d-----w C:\Users\Pycy\AppData\Roaming\uTorrent
2008-09-05 14:20 --------- d-----w C:\Users\Pycy\AppData\Roaming\foobar2000
2008-09-04 17:27 --------- d-----w C:\ProgramData\CanonIJPLM
2008-07-31 16:47 --------- d-----w C:\Program Files\CCleaner
2008-07-15 18:40 --------- d-----w C:\Program Files\Quicken
2008-07-06 14:56 2,829 ----a-w C:\Windows\War3Unin.pif
2008-07-06 14:56 139,264 ----a-w C:\Windows\War3Unin.exe
2008-04-02 21:19 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36E5ACFE-9E72-4AC8-9058-D181CBFC2A52}]
2008-09-07 14:38 322560 --a------ C:\Windows\system32\xxyxWQIX.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
C:\Users\Pycy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2008-03-04 4150016]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - E:\Program Files\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-05 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6DF551DF-B732-4B4F-A36B-9FC0E63282FE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{88790AAC-0599-494A-BB2A-2CAF1B2CC4C7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4805B194-4721-46FB-8572-57155468DE1B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{255D20A2-11F1-4A68-94B3-447331A0E468}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{8C8D821D-4E94-4D07-94CB-877405D9029B}E:\\games\\warcraft iii\\war3.exe"= UDP:E:\games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{CC6129F1-E881-4250-8E12-8F9690ED51FF}E:\\games\\warcraft iii\\war3.exe"= TCP:E:\games\warcraft iii\war3.exe:Warcraft III
"{37F31CE7-711A-4AFD-A6CE-AF8329345AAA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{36B521D4-9822-4955-B630-D572299D1925}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:emule.exe
"UDP Query User{E27A6A3D-E42C-4AED-A8CA-73607408C9EA}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:emule.exe
"{F77CEA94-A1EC-47EB-B417-34D7E2546D78}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{ED477DF1-ADA0-4D89-A2A4-41E5B983306F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1354BAFF-CE49-487A-A333-7C8591C52620}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{1AB70B06-F8AC-4F66-871B-A2DDA12EB566}D:\\games\\warcraft iii\\war3.exe"= UDP:D:\games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{001042E0-3C47-4DCB-AD0B-B6D79175C826}D:\\games\\warcraft iii\\war3.exe"= TCP:D:\games\warcraft iii\war3.exe:Warcraft III
"TCP Query User{76080185-F3D6-4E6F-88C9-67F0770C548B}C:\\kav\\kav8.0\\french\\setup.exe"= UDP:C:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"UDP Query User{9CBF1A10-1D86-4472-90D9-3B5DF54CD004}C:\\kav\\kav8.0\\french\\setup.exe"= TCP:C:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Users\\Pycy\\AppData\\Local\\Temp\\IXP000.TMP\\vc.exe"= C:\Users\Pycy\AppData\Local\Temp\IXP000.TMP\vc.exe:*:Enabled:Windows Application Service
"C:\\Users\\Pycy\\AppData\\Local\\Temp\\IXP001.TMP\\vc.exe"= C:\Users\Pycy\AppData\Local\Temp\IXP001.TMP\vc.exe:*:Enabled:Windows Application Service
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-15 2427392]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-04-03 240128]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3a5501c-e87b-11dc-bb7b-0018f3fd10cf}]
\shell\AutoRun\command - G:\setup.exe
\shell\dinstall\command - G:\directx\dxsetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{1165626A-8567-4D29-A56A-38E542C1376C} - C:\Windows\gksraemq.dll
HKLM-Run-MSServer - C:\Windows\system32\hgGwWOIY.dll
ShellExecuteHooks-{4F7E9D97-BEE7-4F55-811D-19F15F2120AD} - C:\Windows\system32\hgGwWOIY.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Pycy\AppData\Roaming\Mozilla\Firefox\Profiles\5bit4dyr.default\
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 22:47:34
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 22:53:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 20:52:35
Pre-Run: 1,580,572,672 octets libres
Post-Run: 1,509,318,656 octets libres
195 --- E O F --- 2008-06-14 08:06:19
voila
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1328 [GMT 2:00]
Endroit: C:\Users\Pycy\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0/u.exe
C:\Program Files\PCHealthCenter\[u]0/u.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Windows\ewxk.exe
C:\Windows\system32\byXNhiGV.dll
C:\Windows\system32\byXQGwUo.dll
C:\Windows\system32\byXRijkl.dll
C:\Windows\system32\hgGwWOIY.dll
C:\Windows\system32\llRuCJjl.ini
C:\Windows\System32\llRuCJjl.ini2
C:\Windows\System32\lRrqYcdd.ini
C:\Windows\System32\lRrqYcdd.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\UuwFPqru.ini
C:\Windows\System32\UuwFPqru.ini2
C:\Windows\System32\XIQWxyxx.ini
C:\Windows\System32\XIQWxyxx.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 22:01 . 2008-09-07 22:01 322,560 --a------ C:\Windows\System32\ljJCuRll.dll
2008-09-07 18:47 . 2008-09-07 18:47 <REP> d-------- C:\VundoFix Backups
2008-09-07 18:33 . 2008-09-07 18:33 <REP> d-------- C:\Program Files\Trend Micro
2008-09-07 18:29 . 2008-09-07 18:29 322,560 --a------ C:\Windows\System32\urqPFwuU.dll
2008-09-07 18:23 . 2008-09-05 17:07 31,232 --a------ C:\Windows\System32\YUR95D8.exe
2008-09-07 16:11 . 2008-09-07 16:11 <REP> d-------- C:\kav
2008-09-07 15:08 . 2008-09-07 15:08 <REP> d-------- C:\Program Files\Java
2008-09-07 15:08 . 2008-09-07 15:08 <REP> d-------- C:\Program Files\Common Files\Java
2008-09-07 14:38 . 2008-09-07 14:38 322,560 --a------ C:\Windows\System32\xxyxWQIX.dll
2008-09-07 13:30 . 2008-09-05 17:07 106,496 --a------ C:\Windows\System32\YUR8D31.exe
2008-09-07 13:24 . 2008-09-05 17:07 31,232 --a------ C:\Windows\System32\YURF70A.exe
2008-09-07 07:45 . 2008-09-07 07:45 <REP> d-------- C:\Program Files\Alwil Software
2008-09-07 07:45 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-07 07:29 . 2008-09-07 02:06 131,072 --a------ C:\Windows\sxmaokgf.exe
2008-09-05 08:57 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-05 08:57 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-05 08:57 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-05 08:57 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-05 08:57 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-05 08:57 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-05 08:57 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-05 08:56 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-05 08:56 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 20:44 --------- d-----w C:\Program Files\BOINC
2008-09-07 19:55 --------- d-----w C:\Program Files\ESET
2008-09-07 16:52 --------- d-----w C:\Program Files\Yahoo!
2008-09-07 12:32 --------- d-----w C:\Program Files\Google
2008-09-07 12:25 --------- d-----w C:\Users\Pycy\AppData\Roaming\Skype
2008-09-07 11:25 --------- d-----w C:\Users\Pycy\AppData\Roaming\skypePM
2008-09-06 13:04 --------- d-----w C:\Users\Pycy\AppData\Roaming\FileZilla
2008-09-06 11:12 --------- d-----w C:\Users\Pycy\AppData\Roaming\uTorrent
2008-09-05 14:20 --------- d-----w C:\Users\Pycy\AppData\Roaming\foobar2000
2008-09-04 17:27 --------- d-----w C:\ProgramData\CanonIJPLM
2008-07-31 16:47 --------- d-----w C:\Program Files\CCleaner
2008-07-15 18:40 --------- d-----w C:\Program Files\Quicken
2008-07-06 14:56 2,829 ----a-w C:\Windows\War3Unin.pif
2008-07-06 14:56 139,264 ----a-w C:\Windows\War3Unin.exe
2008-04-02 21:19 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36E5ACFE-9E72-4AC8-9058-D181CBFC2A52}]
2008-09-07 14:38 322560 --a------ C:\Windows\system32\xxyxWQIX.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
C:\Users\Pycy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2008-03-04 4150016]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - E:\Program Files\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-05 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6DF551DF-B732-4B4F-A36B-9FC0E63282FE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{88790AAC-0599-494A-BB2A-2CAF1B2CC4C7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4805B194-4721-46FB-8572-57155468DE1B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{255D20A2-11F1-4A68-94B3-447331A0E468}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{8C8D821D-4E94-4D07-94CB-877405D9029B}E:\\games\\warcraft iii\\war3.exe"= UDP:E:\games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{CC6129F1-E881-4250-8E12-8F9690ED51FF}E:\\games\\warcraft iii\\war3.exe"= TCP:E:\games\warcraft iii\war3.exe:Warcraft III
"{37F31CE7-711A-4AFD-A6CE-AF8329345AAA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{36B521D4-9822-4955-B630-D572299D1925}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:emule.exe
"UDP Query User{E27A6A3D-E42C-4AED-A8CA-73607408C9EA}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:emule.exe
"{F77CEA94-A1EC-47EB-B417-34D7E2546D78}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{ED477DF1-ADA0-4D89-A2A4-41E5B983306F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1354BAFF-CE49-487A-A333-7C8591C52620}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{1AB70B06-F8AC-4F66-871B-A2DDA12EB566}D:\\games\\warcraft iii\\war3.exe"= UDP:D:\games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{001042E0-3C47-4DCB-AD0B-B6D79175C826}D:\\games\\warcraft iii\\war3.exe"= TCP:D:\games\warcraft iii\war3.exe:Warcraft III
"TCP Query User{76080185-F3D6-4E6F-88C9-67F0770C548B}C:\\kav\\kav8.0\\french\\setup.exe"= UDP:C:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"UDP Query User{9CBF1A10-1D86-4472-90D9-3B5DF54CD004}C:\\kav\\kav8.0\\french\\setup.exe"= TCP:C:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Users\\Pycy\\AppData\\Local\\Temp\\IXP000.TMP\\vc.exe"= C:\Users\Pycy\AppData\Local\Temp\IXP000.TMP\vc.exe:*:Enabled:Windows Application Service
"C:\\Users\\Pycy\\AppData\\Local\\Temp\\IXP001.TMP\\vc.exe"= C:\Users\Pycy\AppData\Local\Temp\IXP001.TMP\vc.exe:*:Enabled:Windows Application Service
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-15 2427392]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-04-03 240128]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3a5501c-e87b-11dc-bb7b-0018f3fd10cf}]
\shell\AutoRun\command - G:\setup.exe
\shell\dinstall\command - G:\directx\dxsetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{1165626A-8567-4D29-A56A-38E542C1376C} - C:\Windows\gksraemq.dll
HKLM-Run-MSServer - C:\Windows\system32\hgGwWOIY.dll
ShellExecuteHooks-{4F7E9D97-BEE7-4F55-811D-19F15F2120AD} - C:\Windows\system32\hgGwWOIY.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Pycy\AppData\Roaming\Mozilla\Firefox\Profiles\5bit4dyr.default\
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 22:47:34
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 22:53:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 20:52:35
Pre-Run: 1,580,572,672 octets libres
Post-Run: 1,509,318,656 octets libres
195 --- E O F --- 2008-06-14 08:06:19
voila
