Sujet Précédent Sujet Suivant

Publicites intempestives

Résolu
lulugar34 Messages postés 31 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,à tous g depuis qq jours des pub qui apparaissent tres souvent qd je navigue sur internet g telecharge spybot et ad aware g fais une analyse ça pourai venir d internet game box g supprime le fichier mais g toujours autant e pub !
aidez moi svp ! utilisez des mots simples car je ne suis pas tres douee merci (je suis sur vista)
Configuration: Windows Vista
Internet Explorer 7.0
A voir également:

47 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le problème central est l'apparition fréquente de publicités pendant la navigation et des symptômes d'infection sur un PC Windows Vista, malgré des analyses avec Spybot et Ad Aware.
Plusieurs solutions proposées incluent un scan en ligne BitDefender, l'usage d'HijackThis et RSIT, et la désinfection des éléments identifiés, tout en ajustant temporairement le mode protégé d'IE.
Des échanges évoquent aussi des alertes de sécurité sur Hotmail et des infections signalées comme Backdoor.Prosti.EM, avec retours sur la désactivation du mode protégé ou des mesures similaires.
En dernier recours, il peut être utile de partager les rapports générés par RSIT et HijackThis pour identifier les restes de programmes malveillants et préparer une désinfection approfondie.

Généré automatiquement par IA
sur la base des meilleures réponses
Réponse 1 / 47
Utilisateur anonyme
 
Salut,

télécharge hijackthis
-> enregistre la cible sous .... "le bureau"

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

->Tuto hijackthis
0
Réponse 2 / 47
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Bonjour et bienvenue sur CCM

Ja vais te guider pour la désinfection de ton PC

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés C:\rsit
0
Réponse 3 / 47
Utilisateur anonyme
 
Re,

Bon laisse finir EP44.

Bon courage.

@+
0
Réponse 4 / 47
lulugar34 Messages postés 31 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:55, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\vVX1000.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\luce\AppData\Local\befcdf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\WerCon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DT Task] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [befcdf] "c:\users\luce\appdata\local\befcdf.exe" befcdf
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\luce\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_7_16/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 47
lulugar34 Messages postés 31 Statut Membre
 
merci pour ta reponse si rapide j espere que je ne me suis pas trompee
0
Réponse 6 / 47
lulugar34 Messages postés 31 Statut Membre
 
Logfile of random's system information tool 1.04 (written by random/random)
Run by luce at 2008-11-09 16:40:28
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 160 GB (69%) free of 230 GB
Total RAM: 1014 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:32, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\vVX1000.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\luce\AppData\Local\befcdf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\WerCon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\luce\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\luce.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DT Task] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [befcdf] "c:\users\luce\appdata\local\befcdf.exe" befcdf
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\luce\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_7_16/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 7 / 47
lulugar34 Messages postés 31 Statut Membre
 
info.txt logfile of random's system information tool 1.04 2008-11-09 16:40:39

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Alice ADSL - Installation principale-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
Droppix Recorder 2-->"C:\Program Files\Droppix\Droppix Recorder 2\unins001.exe"
EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Favorit-->c:\users\luce\appdata\local\befcdf.bat
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP My Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84288B51-B162-47FB-A74E-25C6D67E44BB}\setup.exe" -l0x40c -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP PhotoBack Plug-in-->MsiExec.exe /X{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}
HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LightScribe System Software 1.12.29.2-->MsiExec.exe /X{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}
LimeWire 4.18.3-->"C:\Users\luce\Desktop\shared\LimeWire\uninstall.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft LifeCam-->MsiExec.exe /X{968D41C3-25BB-4632-A6DF-2E1C8F0143A4}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x040c -removeonly
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 Antivirus System-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
oggcodecs-->MsiExec.exe /I{D65F0073-A820-4085-B997-A061171595A7}
OpenOffice.org 2.3-->MsiExec.exe /I{B087B0C3-F595-485A-B86B-73326BA8693A}
Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PDFCreator Toolbar-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_4249.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Solution de clavier multimédia amélioré-->C:\HP\KBD\Install.exe /u
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}

======Security center information======

AV: ESET NOD32 antivirus system 2.70
AS: Avira AntiVir PersonalEdition
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne

-----------------EOF-----------------
0
Réponse 8 / 47
lulugar34 Messages postés 31 Statut Membre
 
voila c fait ep44 j espere pas d erreur de ma part
0
Réponse 9 / 47
lulugar34 Messages postés 31 Statut Membre
 
ep 44 faut il que je fasse d autre manipulation ?
0
Réponse 10 / 47
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Oui en effet il va y avoir surement plusieurs manipulation car ton PC est bien infecté

Pour la suite

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre</gras.

Ensuite

Télécharge <gras>combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Déconnecte toi d'internet et ferme toutes tes applications.

* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,

* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.

* Si la console de récupération n'est pas installer il va te proposer de l'installer fait le et laisse toi guider 

* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\


* Attends que Combofix ait terminé, un rapport sera créé.

* réactive ton parefeu, ton antivirus, la garde de ton antispyware

* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt

* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

@+
0
Réponse 11 / 47
lulugar34
 
ComboFix 08-11-07.01 - luce 2008-11-09 17:48:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.350 [GMT 1:00]
Lancé depuis: c:\users\luce\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\internetgamebox
c:\program files\internetgamebox\InternetGameBox.exe
c:\program files\internetgamebox\language
c:\program files\internetgamebox\ressources\AttenteOff.html
c:\program files\internetgamebox\ressources\AttenteOn.html
c:\program files\internetgamebox\ressources\configv2_en.xml
c:\program files\internetgamebox\ressources\configv2_es.xml
c:\program files\internetgamebox\ressources\configv2_fr.xml
c:\program files\internetgamebox\ressources\favoris\defaultv2.swf
c:\program files\internetgamebox\skins\skinv2.skn
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
c:\users\luce\AppData\Local\befcdf.dat
c:\users\luce\AppData\Local\befcdf.exe
c:\users\luce\AppData\Local\befcdf_nav.dat
c:\users\luce\AppData\Local\befcdf_navps.dat
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 16:40 . 2008-11-09 16:40 <REP> d-------- C:\rsit
2008-11-09 16:30 . 2008-11-09 16:30 <REP> d-------- c:\program files\Trend Micro
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 08:00 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\programdata\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:04 <REP> d-------- c:\program files\Lavasoft
2008-11-08 18:03 . 2008-11-08 18:03 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-03 12:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 12:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 12:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 12:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 12:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 08:42 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 08:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 08:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-16 11:42 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 11:42 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 11:42 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 11:42 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-16 11:42 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 11:41 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 11:51 --------- d-----w c:\users\luce\AppData\Roaming\OpenOffice.org2
2008-11-09 11:44 --------- d-----w c:\program files\Everest Poker
2008-11-01 14:02 --------- d-----w c:\users\luce\AppData\Roaming\LimeWire
2008-10-17 06:12 --------- d-----w c:\program files\Windows Mail
2008-10-17 06:04 --------- d-----w c:\programdata\Microsoft Help
2008-10-06 14:30 --------- d-----w c:\program files\oovooToolbar
2008-10-06 14:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 14:16 --------- d-----w c:\users\luce\AppData\Roaming\ooVoo Details
2008-10-02 13:53 --------- d-----w c:\program files\Microsoft LifeCam
2008-09-30 20:10 --------- d-----w c:\program files\Intel
2008-09-30 20:02 --------- d-----w c:\users\luce\AppData\Roaming\Image Zone Express
2008-09-19 13:33 --------- d-----w c:\programdata\Sony Ericsson
2008-09-19 13:33 --------- d-----w c:\program files\Sony Ericsson
2008-09-19 13:31 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-17 20:30 174 --sha-w c:\program files\desktop.ini
2008-09-17 20:22 --------- d-----w c:\program files\Windows Sidebar
2008-09-17 20:22 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-17 20:22 --------- d-----w c:\program files\Windows Journal
2008-09-17 20:22 --------- d-----w c:\program files\Windows Defender
2008-09-17 20:22 --------- d-----w c:\program files\Windows Collaboration
2008-09-17 20:22 --------- d-----w c:\program files\Windows Calendar
2008-09-17 19:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-17 19:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-17 19:13 --------- d-----w c:\program files\Windows Live
2008-09-17 19:11 --------- d-----w c:\program files\MSN Messenger
2008-09-17 19:03 --------- d-----w c:\programdata\WLInstaller
2008-09-16 15:34 --------- d-----w c:\users\luce\AppData\Roaming\InstallShield
2008-09-10 07:23 --------- d-----w c:\program files\Microsoft Works
2008-04-20 11:15 63,488 ----a-w c:\users\luce\xobglu16.dll
2008-04-20 11:15 23,552 ----a-w c:\users\luce\xobglu32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-19 12800]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"DT Task"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-08 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Outil de notification Live Search.lnk - c:\users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-05 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-07-22 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-01-21 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72DD83E0-4D27-41C9-A1EC-8C3D7F5D31B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C9414CF8-1FA5-4313-B40A-7E591E7A8E55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{233B72E7-E510-4821-A2B6-1AC6438FE0F0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B42FC54E-0F3C-40D8-8AE2-E8A941C39090}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5F61583-2E84-449A-BCDB-919E06871F8B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBCFE79C-3412-47AA-9A04-C412B6C9FD7F}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D04FD3A4-E378-44FD-B615-6B055485B243}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{98FD8090-C19B-42A7-856B-1CE5FEB19594}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{32718E1D-44C9-4A5F-B99D-6B992ACB1DD3}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A37C43B9-D2CE-4F3D-AE1D-7378F8A7C2BD}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BFD0D5ED-F2E4-43A6-97FA-8DC9DE5B2ECC}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{56BBC8CD-4B1E-4574-A9AC-F49BDF84E296}"= UDP:c:\program files\ESET\nod32.exe:NOD32
"{222D3508-6C52-4CB8-9BE3-EF3CA4894795}"= TCP:c:\program files\ESET\nod32.exe:NOD32
"{EDE5818E-C8A8-4BFE-A9C4-BB6F8F12EF9A}"= UDP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{03924C09-61BF-4D3A-8129-0B412D001D53}"= TCP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{15168C84-89D5-48C1-91FD-AA2E076435E6}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1EB64B6E-F27C-4AC9-A069-8BCDB0BD11AB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3049732-9624-4D78-9C2B-A5F5C2F179C4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F226C08C-85B5-477A-A13E-EBFC4C1329A4}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{74B60682-BA3B-4E29-A830-1C8EED7130AC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1BA01925-33DD-4424-BF7C-3F65FF8C6997}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{2057978E-A4F2-4D69-99B9-9085E35D30C4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B09D2A3-AF90-4412-BC21-B54A01B42B1B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{50DC97D4-CC35-47CA-998E-3BED103B81E2}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E2496D18-7672-4763-8F8A-9A93C1023215}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{0324D3EF-E29C-43E4-AA7E-DF93B022596F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{554F64D2-44EB-4372-99BD-EF90A14A9C0C}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{8238661E-6ED4-4E2C-AB86-44D56A05EECA}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{B874F3F6-0D39-4F6D-8D8D-E5DCA644301F}"= Disabled:UDP:443:TCP port 443 ooVoo
"{DCF0307F-1CDC-4798-86F7-A560C0AE8982}"= Disabled:TCP:443:UDP port 443 ooVoo
"{5CC3ABA6-0733-4E75-A07B-C3FE998FFC7E}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{171052F1-420C-4E75-A4E8-66D68D7CA419}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{1B6D856D-80CB-4EBC-AACC-AAB6C6F65E9E}"= Disabled:TCP:37675:UDP port 37675 ooVoo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-01-21 33792]
R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2008-02-01 151552]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb5cc877-6841-11dd-81e2-001bfc23b411}]
\shell\AutoRun\command - J:\memorybar.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-03 c:\windows\Tasks\Norton Internet Security - Analyse système complète - luce.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2008-01-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
HKCU-Run-befcdf - c:\users\luce\appdata\local\befcdf.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\luce\AppData\Roaming\Mozilla\Firefox\Profiles\xhizm8qh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/intl/fr/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 17:53:24
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-09 17:55:04
ComboFix-quarantined-files.txt 2008-11-09 16:55:00

Avant-CF: 168 462 327 808 octets libres
Après-CF: 168,484,327,424 octets libres

236 --- E O F --- 2008-11-08 10:12:36
0
Réponse 12 / 47
lulugar34
 
voila ep44 j espere que g envoye le bon rapport merci de ta patience
0
Réponse 13 / 47
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
 
selectionne ceci 

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings]       

File::
c:\program files\Everest Poker

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt 

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

@+
0
Réponse 14 / 47
lulugar34 Messages postés 31 Statut Membre
 
ComboFix 08-11-07.01 - luce 2008-11-10 8:13:15.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.309 [GMT 1:00]
Lancé depuis: c:\users\luce\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\luce\Desktop\CFScript.lnk
* Un nouveau point de restauration a été créé
* Resident AV is active

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 16:40 . 2008-11-09 16:40 <REP> d-------- C:\rsit
2008-11-09 16:30 . 2008-11-09 16:30 <REP> d-------- c:\program files\Trend Micro
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 08:00 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\programdata\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:04 <REP> d-------- c:\program files\Lavasoft
2008-11-08 18:03 . 2008-11-08 18:03 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-03 12:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 12:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 12:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 12:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 12:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 08:42 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 08:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 08:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-16 11:42 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 11:42 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 11:42 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 11:42 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-16 11:42 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 11:41 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 06:52 --------- d-----w c:\users\luce\AppData\Roaming\OpenOffice.org2
2008-11-09 11:44 --------- d-----w c:\program files\Everest Poker
2008-11-01 14:02 --------- d-----w c:\users\luce\AppData\Roaming\LimeWire
2008-10-17 06:12 --------- d-----w c:\program files\Windows Mail
2008-10-17 06:04 --------- d-----w c:\programdata\Microsoft Help
2008-10-06 14:30 --------- d-----w c:\program files\oovooToolbar
2008-10-06 14:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 14:16 --------- d-----w c:\users\luce\AppData\Roaming\ooVoo Details
2008-10-02 13:53 --------- d-----w c:\program files\Microsoft LifeCam
2008-09-30 20:10 --------- d-----w c:\program files\Intel
2008-09-30 20:02 --------- d-----w c:\users\luce\AppData\Roaming\Image Zone Express
2008-09-19 13:33 --------- d-----w c:\programdata\Sony Ericsson
2008-09-19 13:33 --------- d-----w c:\program files\Sony Ericsson
2008-09-19 13:31 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-17 20:30 174 --sha-w c:\program files\desktop.ini
2008-09-17 20:22 --------- d-----w c:\program files\Windows Sidebar
2008-09-17 20:22 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-17 20:22 --------- d-----w c:\program files\Windows Journal
2008-09-17 20:22 --------- d-----w c:\program files\Windows Defender
2008-09-17 20:22 --------- d-----w c:\program files\Windows Collaboration
2008-09-17 20:22 --------- d-----w c:\program files\Windows Calendar
2008-09-17 19:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-17 19:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-17 19:13 --------- d-----w c:\program files\Windows Live
2008-09-17 19:11 --------- d-----w c:\program files\MSN Messenger
2008-09-17 19:03 --------- d-----w c:\programdata\WLInstaller
2008-09-16 15:34 --------- d-----w c:\users\luce\AppData\Roaming\InstallShield
2008-09-10 07:23 --------- d-----w c:\program files\Microsoft Works
2008-04-20 11:15 63,488 ----a-w c:\users\luce\xobglu16.dll
2008-04-20 11:15 23,552 ----a-w c:\users\luce\xobglu32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_17.54.02,43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-09 11:50:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-10 06:51:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-09 11:50:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-10 06:51:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-09 11:52:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 06:52:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 06:52:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-09 11:51:55 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 06:52:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 06:52:31 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-04 10:40:43 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-09 17:27:21 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-04 10:40:43 123,350 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-09 17:27:21 123,350 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-04 10:40:43 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-09 17:27:21 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-04 10:40:43 669,328 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-09 17:27:21 669,328 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-09 11:52:24 11,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239344008-4258272380-537787552-1000_UserData.bin
+ 2008-11-10 06:53:23 11,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239344008-4258272380-537787552-1000_UserData.bin
- 2008-11-09 11:52:24 58,300 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 06:53:23 58,300 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-09 11:52:19 50,492 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 06:53:21 50,548 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-09 14:45:38 228,664 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-11-10 06:42:38 228,830 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-19 12800]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"DT Task"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-08 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Outil de notification Live Search.lnk - c:\users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-05 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-07-22 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-01-21 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72DD83E0-4D27-41C9-A1EC-8C3D7F5D31B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C9414CF8-1FA5-4313-B40A-7E591E7A8E55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{233B72E7-E510-4821-A2B6-1AC6438FE0F0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B42FC54E-0F3C-40D8-8AE2-E8A941C39090}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5F61583-2E84-449A-BCDB-919E06871F8B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBCFE79C-3412-47AA-9A04-C412B6C9FD7F}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D04FD3A4-E378-44FD-B615-6B055485B243}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{98FD8090-C19B-42A7-856B-1CE5FEB19594}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{32718E1D-44C9-4A5F-B99D-6B992ACB1DD3}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A37C43B9-D2CE-4F3D-AE1D-7378F8A7C2BD}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BFD0D5ED-F2E4-43A6-97FA-8DC9DE5B2ECC}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{56BBC8CD-4B1E-4574-A9AC-F49BDF84E296}"= UDP:c:\program files\ESET\nod32.exe:NOD32
"{222D3508-6C52-4CB8-9BE3-EF3CA4894795}"= TCP:c:\program files\ESET\nod32.exe:NOD32
"{EDE5818E-C8A8-4BFE-A9C4-BB6F8F12EF9A}"= UDP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{03924C09-61BF-4D3A-8129-0B412D001D53}"= TCP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{15168C84-89D5-48C1-91FD-AA2E076435E6}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1EB64B6E-F27C-4AC9-A069-8BCDB0BD11AB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3049732-9624-4D78-9C2B-A5F5C2F179C4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F226C08C-85B5-477A-A13E-EBFC4C1329A4}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{74B60682-BA3B-4E29-A830-1C8EED7130AC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1BA01925-33DD-4424-BF7C-3F65FF8C6997}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{2057978E-A4F2-4D69-99B9-9085E35D30C4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B09D2A3-AF90-4412-BC21-B54A01B42B1B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{50DC97D4-CC35-47CA-998E-3BED103B81E2}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E2496D18-7672-4763-8F8A-9A93C1023215}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{0324D3EF-E29C-43E4-AA7E-DF93B022596F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{554F64D2-44EB-4372-99BD-EF90A14A9C0C}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{8238661E-6ED4-4E2C-AB86-44D56A05EECA}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{B874F3F6-0D39-4F6D-8D8D-E5DCA644301F}"= Disabled:UDP:443:TCP port 443 ooVoo
"{DCF0307F-1CDC-4798-86F7-A560C0AE8982}"= Disabled:TCP:443:UDP port 443 ooVoo
"{5CC3ABA6-0733-4E75-A07B-C3FE998FFC7E}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{171052F1-420C-4E75-A4E8-66D68D7CA419}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{1B6D856D-80CB-4EBC-AACC-AAB6C6F65E9E}"= Disabled:TCP:37675:UDP port 37675 ooVoo

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-01-21 33792]
R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2008-02-01 151552]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb5cc877-6841-11dd-81e2-001bfc23b411}]
\shell\AutoRun\command - J:\memorybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-03 c:\windows\Tasks\Norton Internet Security - Analyse système complète - luce.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-10 c:\windows\Tasks\User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2008-01-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 08:17:37
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-10 8:19:47
ComboFix-quarantined-files.txt 2008-11-10 07:19:41
ComboFix2.txt 2008-11-09 16:55:05

Avant-CF: 167 794 188 288 octets libres
Après-CF: 167,765,970,944 octets libres

229 --- E O F --- 2008-11-08 10:12:36
0
Réponse 15 / 47
lulugar34 Messages postés 31 Statut Membre
 
salut ep44 voila le rapport demandé je suis désolée pour le retard je n avais pas vu ton message
0
Réponse 16 / 47
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Bonjour

Décidément Hier au soir j'étais vraiment fatiguer j'ai tout fait à l'envers :(

recommence la manip stp

mais avec ceci

selectionne ceci 

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"SearchSettings"=-


Folder::
c:\program files\Everest Poker


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ensuite

Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69

Ensuite

* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68

=> Installe le
=> Ensuite va en mode sans echec

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

@+

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
0
Réponse 17 / 47
lulugar34 Messages postés 31 Statut Membre
 
ComboFix 08-11-07.01 - luce 2008-11-10 8:54:32.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.267 [GMT 1:00]
Lancé depuis: c:\users\luce\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\luce\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Everest Poker
c:\program files\Everest Poker\data\fonts\kgp-en.ttf
c:\program files\Everest Poker\data\mp-lobby\fr.gvt
c:\program files\Everest Poker\data\mp-lobby\shared.gvt
c:\program files\Everest Poker\data\mp-poker\background\default.gvt
c:\program files\Everest Poker\data\mp-poker\fr\bitmaps.gvt
c:\program files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt
c:\program files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt
c:\program files\Everest Poker\data\mp-poker\shared.gvt
c:\program files\Everest Poker\data\shared\fr\country.txt
c:\program files\Everest Poker\data\shared\fr\language.txt
c:\program files\Everest Poker\data\shared\fr\ordinal.txt
c:\program files\Everest Poker\data\shared\shared\bitmaps\check.art
c:\program files\Everest Poker\data\startup\en\startup_strings.txt
c:\program files\Everest Poker\data\startup\fr\cstart.txt
c:\program files\Everest Poker\data\startup\fr\startup_strings.txt
c:\program files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
c:\program files\Everest Poker\history\4.txt
c:\program files\Everest Poker\history\5.txt
c:\program files\Everest Poker\history\7.txt
c:\program files\Everest Poker\history\8.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 16:40 . 2008-11-09 16:40 <REP> d-------- C:\rsit
2008-11-09 16:30 . 2008-11-09 16:30 <REP> d-------- c:\program files\Trend Micro
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 12:47 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-09 08:00 . 2008-11-09 08:00 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:05 <REP> d-------- c:\programdata\Lavasoft
2008-11-08 18:04 . 2008-11-08 18:04 <REP> d-------- c:\program files\Lavasoft
2008-11-08 18:03 . 2008-11-08 18:03 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-03 12:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 12:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 12:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 12:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 12:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 08:42 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 08:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 08:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-16 11:42 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 11:42 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 11:42 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 11:42 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-16 11:42 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 11:41 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 06:52 --------- d-----w c:\users\luce\AppData\Roaming\OpenOffice.org2
2008-11-01 14:02 --------- d-----w c:\users\luce\AppData\Roaming\LimeWire
2008-10-17 06:12 --------- d-----w c:\program files\Windows Mail
2008-10-17 06:04 --------- d-----w c:\programdata\Microsoft Help
2008-10-06 14:30 --------- d-----w c:\program files\oovooToolbar
2008-10-06 14:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 14:16 --------- d-----w c:\users\luce\AppData\Roaming\ooVoo Details
2008-10-02 13:53 --------- d-----w c:\program files\Microsoft LifeCam
2008-09-30 20:10 --------- d-----w c:\program files\Intel
2008-09-30 20:02 --------- d-----w c:\users\luce\AppData\Roaming\Image Zone Express
2008-09-19 13:33 --------- d-----w c:\programdata\Sony Ericsson
2008-09-19 13:33 --------- d-----w c:\program files\Sony Ericsson
2008-09-19 13:31 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-17 20:30 174 --sha-w c:\program files\desktop.ini
2008-09-17 20:22 --------- d-----w c:\program files\Windows Sidebar
2008-09-17 20:22 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-17 20:22 --------- d-----w c:\program files\Windows Journal
2008-09-17 20:22 --------- d-----w c:\program files\Windows Defender
2008-09-17 20:22 --------- d-----w c:\program files\Windows Collaboration
2008-09-17 20:22 --------- d-----w c:\program files\Windows Calendar
2008-09-17 19:45 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-17 19:45 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-17 19:13 --------- d-----w c:\program files\Windows Live
2008-09-17 19:11 --------- d-----w c:\program files\MSN Messenger
2008-09-17 19:03 --------- d-----w c:\programdata\WLInstaller
2008-09-16 15:34 --------- d-----w c:\users\luce\AppData\Roaming\InstallShield
2008-09-10 07:23 --------- d-----w c:\program files\Microsoft Works
2008-04-20 11:15 63,488 ----a-w c:\users\luce\xobglu16.dll
2008-04-20 11:15 23,552 ----a-w c:\users\luce\xobglu32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_17.54.02,43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-09 11:50:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-10 06:51:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-09 11:50:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-10 06:51:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-09 11:52:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 06:52:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-10 06:52:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-09 11:51:55 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 06:52:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-10 06:52:31 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-04 10:40:43 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-09 17:27:21 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-04 10:40:43 123,350 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-09 17:27:21 123,350 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-04 10:40:43 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-09 17:27:21 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-04 10:40:43 669,328 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-09 17:27:21 669,328 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-09 11:52:24 11,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239344008-4258272380-537787552-1000_UserData.bin
+ 2008-11-10 06:53:23 11,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239344008-4258272380-537787552-1000_UserData.bin
- 2008-11-09 11:52:24 58,300 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 06:53:23 58,300 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-09 11:52:19 50,492 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-10 06:53:21 50,548 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-09 14:45:38 228,664 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-11-10 06:42:38 228,830 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-19 12800]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"DT Task"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-08 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Outil de notification Live Search.lnk - c:\users\luce\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-05 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-07-22 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-01-21 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72DD83E0-4D27-41C9-A1EC-8C3D7F5D31B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C9414CF8-1FA5-4313-B40A-7E591E7A8E55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{233B72E7-E510-4821-A2B6-1AC6438FE0F0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B42FC54E-0F3C-40D8-8AE2-E8A941C39090}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5F61583-2E84-449A-BCDB-919E06871F8B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBCFE79C-3412-47AA-9A04-C412B6C9FD7F}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D04FD3A4-E378-44FD-B615-6B055485B243}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{98FD8090-C19B-42A7-856B-1CE5FEB19594}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{32718E1D-44C9-4A5F-B99D-6B992ACB1DD3}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A37C43B9-D2CE-4F3D-AE1D-7378F8A7C2BD}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BFD0D5ED-F2E4-43A6-97FA-8DC9DE5B2ECC}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{56BBC8CD-4B1E-4574-A9AC-F49BDF84E296}"= UDP:c:\program files\ESET\nod32.exe:NOD32
"{222D3508-6C52-4CB8-9BE3-EF3CA4894795}"= TCP:c:\program files\ESET\nod32.exe:NOD32
"{EDE5818E-C8A8-4BFE-A9C4-BB6F8F12EF9A}"= UDP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{03924C09-61BF-4D3A-8129-0B412D001D53}"= TCP:c:\program files\ESET\nod32kui.exe:NOD32 Control Center
"{15168C84-89D5-48C1-91FD-AA2E076435E6}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1EB64B6E-F27C-4AC9-A069-8BCDB0BD11AB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3049732-9624-4D78-9C2B-A5F5C2F179C4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F226C08C-85B5-477A-A13E-EBFC4C1329A4}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{74B60682-BA3B-4E29-A830-1C8EED7130AC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1BA01925-33DD-4424-BF7C-3F65FF8C6997}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{2057978E-A4F2-4D69-99B9-9085E35D30C4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B09D2A3-AF90-4412-BC21-B54A01B42B1B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{50DC97D4-CC35-47CA-998E-3BED103B81E2}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E2496D18-7672-4763-8F8A-9A93C1023215}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{0324D3EF-E29C-43E4-AA7E-DF93B022596F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{554F64D2-44EB-4372-99BD-EF90A14A9C0C}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{8238661E-6ED4-4E2C-AB86-44D56A05EECA}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{B874F3F6-0D39-4F6D-8D8D-E5DCA644301F}"= Disabled:UDP:443:TCP port 443 ooVoo
"{DCF0307F-1CDC-4798-86F7-A560C0AE8982}"= Disabled:TCP:443:UDP port 443 ooVoo
"{5CC3ABA6-0733-4E75-A07B-C3FE998FFC7E}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{171052F1-420C-4E75-A4E8-66D68D7CA419}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{1B6D856D-80CB-4EBC-AACC-AAB6C6F65E9E}"= Disabled:TCP:37675:UDP port 37675 ooVoo

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-01-21 33792]
R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2008-02-01 151552]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb5cc877-6841-11dd-81e2-001bfc23b411}]
\shell\AutoRun\command - J:\memorybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-03 c:\windows\Tasks\Norton Internet Security - Analyse système complète - luce.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-10 c:\windows\Tasks\User_Feed_Synchronization-{1DE3C184-CBFC-4606-A1EB-F79F44D022DF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2008-01-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 08:57:52
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-10 8:59:18
ComboFix-quarantined-files.txt 2008-11-10 07:59:14
ComboFix2.txt 2008-11-10 07:19:48
ComboFix3.txt 2008-11-09 16:55:05

Avant-CF: 169 033 318 400 octets libres
Après-CF: 169,002,389,504 octets libres

253 --- E O F --- 2008-11-08 10:12:36
0
Réponse 18 / 47
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
 
Fait Démarrer > Exécuter et suit ce chemin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run\SearchSettings
et supprime ce SearchSettings

ensuite

Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69

Ensuite

* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68

=> Installe le
=> Ensuite va en mode sans echec

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

0
Réponse 19 / 47
luluga34
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1379
Windows 6.0.6001 Service Pack 1

10/11/2008 10:01:11
mbam-log-2008-11-10 (10-01-11).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 149626
Temps écoulé: 24 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 20 / 47
lulugar34 Messages postés 31 Statut Membre
 
voila j ai ete longue mais je crois que j ai reussi.g travaillée toute la nuit donc je fais une pause je reviendrai dans l apres midi merci encore pour ton aide. juste un détail depuis toutes c manipulations qd je veux ouvrir hotmail voila ce qui s affiche : alerte sécurité : la connexion que vous allez utiliser n'est pas sécurisée d'autres utilisateurs du web pourront accéder aux informations que vous envoyez voulez vous continuer? que dois je faire pour sécuriser a nouveau hotmail? a tout a l heure
0
  • 1
  • 2
  • 3

Discussions similaires

Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
comment desactiver un bloqueur de pub
amour10 -
MPMP10 -

4 réponses
M6 Replay désactiver le bloqueur de publicité
katydel88 -
Mathieu -

14 réponses
publicité intempestive
alost -
HelpiOS -

5 réponses
Adblock plus et france.tv
boutxy -
anna -

3 réponses