Sujet Précédent Sujet Suivant

Mon pc rame et pleins de spywayres

Résolu
aizen27 Messages postés 103 Statut Membre -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
bonsoir a tous moi ossi j'ai le meme probleme que gregoirevb, en plus il met du temp a demarrer alors que mon pc est performant je suis qu'un debutant j'ai fait le rapport avec hijackthis
le voici
LBoot mode: Normalogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:10, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [10be561b] rundll32.exe "C:\WINDOWS\system32\gmbauddk.dll",b
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe /onboot
O4 - HKCU\..\Run: [40882586584608286760973297715187] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EE3ECD-6547-4FDA-A61D-3A660E65499E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95BF803-257D-42A1-9E61-4DA135997B95}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: xchmwl.dll xjzqhp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

--
End of file - 12061 bytes

au secours j'ai vraiment besoin de votre aide SVP
A voir également:

91 réponses

Précédent
Réponse 21 / 91
aizen27 Messages postés 103 Statut Membre 6
 
il ya un probleme je ne peut pas demarrer windows mode sans echec avec la touche f8 tout a l'heure je l'ai fait avec ms config sinon je fait quoi la
0
Réponse 22 / 91
aizen27 Messages postés 103 Statut Membre 6
 
jme sui tromper excuse moi j pa lue le bon message
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
non c'est moi qui est changé juste après .... désolé ... ^^'
0
Réponse 23 / 91
aizen27 Messages postés 103 Statut Membre 6
 
h'ai fait exactement ce que tu m'as dit de faire mais au demarrage de windows je devais choisir entre windows xp ou une autre option je ne sais plus c'est quoi en tou cas le rapport il est la lais je ne sais pa s di c'est bon ou si je doit recommencer
ComboFix 08-11-18.A2 - Administrateur 2008-11-19 19:04:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1522 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
0
Réponse 24 / 91
aizen27 Messages postés 103 Statut Membre 6
 
et le rapport de rsit
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-19 19:19:28
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 55 GB (18%) free of 305 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19, on 2008-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\Administrateur.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {161DA1F5-2619-4D90-A5DB-7C14C5B647B6} - (no file)
O2 - BHO: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {979F5F2D-18EA-48D3-BB3A-EAB1517F53CF} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {DCBDF1F0-5A6B-405C-9C10-A1E755437094} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\Msconfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EE3ECD-6547-4FDA-A61D-3A660E65499E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95BF803-257D-42A1-9E61-4DA135997B95}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 91
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Le rapport Combofix n'est pas complet ^^

en fait tu m'as posté le " titre " du rapport ... si tu n'as pas le reste , c'est qu'il faut reprendre la manipe ...

0
Réponse 26 / 91
aizen27 Messages postés 103 Statut Membre 6
 
voila le rapport
ComboFix 08-11-18.A2 - Administrateur 2008-11-19 19:45:25.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1466 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrateur\Application Data\Adobe\Player.exe.bak
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\SoftwareProtection\Windows External Security Update.exe
c:\windows\system32\FMWDffii.ini
c:\windows\system32\FMWDffii.ini2
c:\windows\system32\jlfmie.dll
c:\windows\system32\lfdsuiqs.ini
c:\windows\system32\nvrkijiv.ini
c:\windows\system32\rnkmtwud.dll
c:\windows\system32\sysdm.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-19 au 2008-11-19 ))))))))))))))))))))))))))))))))))))
.

2008-11-19 18:09 . 2008-11-19 18:15 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-19 18:09 . 2008-11-19 18:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-19 18:09 . 2008-11-19 18:09 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-19 18:09 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-19 18:09 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-19 16:12 . 2008-11-19 16:19 <REP> d-------- c:\program files\UsbFix
2008-11-19 15:37 . 2008-11-19 15:37 <REP> d-------- C:\rsit
2008-11-19 12:18 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-19 12:18 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-19 12:18 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-19 12:18 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-19 12:18 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-19 12:18 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-19 12:18 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-19 12:18 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-19 12:18 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-19 12:18 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-19 12:18 . 2008-11-19 14:44 2,194 --a------ c:\windows\system32\tmp.reg
2008-11-19 01:25 . 2008-11-19 11:16 <REP> d-------- c:\windows\NV5672780.TMP
2008-11-19 01:19 . 2008-11-19 01:19 27,840,512 --a------ c:\windows\system32\xa4164609.exe
2008-11-19 01:19 . 2008-11-19 01:19 27,840,512 --a------ c:\windows\system32\xa4162406.exe
2008-11-18 17:16 . 2008-11-18 17:16 <REP> d-------- c:\program files\Lavasoft
2008-11-18 17:16 . 2008-11-18 17:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-18 17:15 . 2008-11-18 17:15 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-17 21:26 . 2008-11-17 21:26 27,840,512 --a------ c:\windows\system32\xa11154171.exe
2008-11-17 21:26 . 2008-11-17 21:26 27,840,512 --a------ c:\windows\system32\xa11145093.exe
2008-11-17 21:08 . 2008-11-17 21:08 <REP> d-------- c:\program files\Sports Interactive
2008-11-17 20:55 . 2008-11-17 20:55 27,840,512 --a------ c:\windows\system32\xa9299109.exe
2008-11-17 20:55 . 2008-11-17 20:55 27,840,512 --a------ c:\windows\system32\xa9297218.exe
2008-11-17 17:32 . 2008-11-17 17:32 27,840,512 --a------ c:\windows\system32\xa6226343.exe
2008-11-17 17:32 . 2008-11-17 17:32 27,840,512 --a------ c:\windows\system32\xa6224421.exe
2008-11-16 22:11 . 2008-11-16 22:11 27,840,512 --a------ c:\windows\system32\xa653531.exe
2008-11-16 22:11 . 2008-11-16 22:11 27,840,512 --a------ c:\windows\system32\xa652546.exe
2008-11-16 22:09 . 2008-11-16 22:09 27,840,512 --a------ c:\windows\system32\xa568375.exe
2008-11-16 22:09 . 2008-11-16 22:09 27,840,512 --a------ c:\windows\system32\xa567078.exe
2008-11-16 22:05 . 2008-11-16 22:05 27,840,512 --a------ c:\windows\system32\xa298750.exe
2008-11-16 22:05 . 2008-11-16 22:05 27,840,512 --a------ c:\windows\system32\xa297156.exe
2008-11-16 21:33 . 2008-11-16 21:33 27,840,512 --a------ c:\windows\system32\xa212687.exe
2008-11-16 21:33 . 2008-11-16 21:33 27,840,512 --a------ c:\windows\system32\xa210968.exe
2008-11-16 18:54 . 2008-11-16 18:54 27,840,512 --a------ c:\windows\system32\xa8488656.exe
2008-11-16 18:54 . 2008-11-16 18:54 27,840,512 --a------ c:\windows\system32\xa8487687.exe
2008-11-16 18:54 . 2008-11-16 18:54 27,840,512 --a------ c:\windows\system32\xa8472625.exe
2008-11-16 18:54 . 2008-11-16 18:54 27,840,512 --a------ c:\windows\system32\xa8471078.exe
2008-11-16 18:54 . 2008-11-16 18:54 176,128 --a------ c:\windows\system32\wr97477.dll
2008-11-16 18:21 . 2008-11-17 21:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-16 18:19 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\d3dx9_37.dll
2008-11-14 13:30 . 2008-11-14 13:30 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-14 13:14 . 2008-11-14 13:30 <REP> d-------- c:\windows\NV29162104.TMP
2008-11-14 13:14 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-11-14 13:13 . 2008-11-14 13:13 <REP> d-------- C:\NVIDIA
2008-11-14 13:08 . 2008-11-14 13:30 <REP> d-------- c:\program files\ma-config.com
2008-11-14 13:08 . 2008-11-14 13:08 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-13 14:31 . 2008-11-13 14:31 <REP> d-------- c:\windows\San Andreas Mod Installer
2008-11-12 22:18 . 2008-11-13 14:31 <REP> d-------- c:\program files\San Andreas Mod Installer
2008-11-08 19:29 . 2008-11-13 13:54 <REP> d--h----- c:\documents and settings\Administrateur\Recent(2)
2008-10-21 19:11 . 2008-10-24 14:35 <REP> d-------- c:\program files\Disc2Phone

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 18:44 1,204 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-11-19 18:44 1,204 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2008-11-19 18:44 --------- d-----w c:\documents and settings\Administrateur\Application Data\DMCache
2008-11-19 18:42 337,348 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-11-19 18:42 337,348 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2008-11-19 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 13:44 --------- d-----w c:\program files\Google
2008-11-19 00:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\BitTorrent
2008-11-18 01:10 --------- d-----w c:\program files\Java
2008-11-17 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-16 11:22 --------- d-----w c:\program files\emule0.48a-Xtreme6.1
2008-11-16 00:03 --------- d-----w c:\program files\BitTorrent
2008-11-14 12:30 --------- d-----w c:\program files\iTunes
2008-11-14 12:30 --------- d-----w c:\program files\iPod
2008-11-13 19:28 --------- d-----w c:\program files\Opera 9.5 beta
2008-10-16 19:48 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-10-12 19:09 --------- d-----w c:\program files\Gabest
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-27 14:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Talkback
2008-09-23 13:44 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-09-22 20:31 --------- d-----w c:\program files\MSN Messenger
2008-09-22 20:31 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-01 12:45 7,040,192 ----a-w c:\windows\system32\Opera_952_10108_en.exe
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2002-07-26 16:02 153,088 ----a-w c:\program files\UNWISE.EXE
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-09-14 15:00 16,384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-09-14 15:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2004-08-28 15:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca c:\windows\system32\svchost.exe

2004-08-28 15:00 578048 4a048552ca537ef146a8c21a0881b1ba c:\windows\system32\user32.dll

2004-08-28 15:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\system32\ws2_32.dll

2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\SoftwareDistribution\Download\1ab0912ceedadb58752b89532a3339bf\SP2GDR\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\SoftwareDistribution\Download\1ab0912ceedadb58752b89532a3339bf\SP2QFE\wininet.dll
2004-08-28 15:00 838656 1cc220712da13c68aa19ab97436aed79 c:\windows\system32\wininet.dll

2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP2GDR\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\SP3QFE\tcpip.sys
2004-08-28 15:00 360576 c7be59b07c6eb74bea6fd67c1b164015 c:\windows\system32\drivers\tcpip.sys

2004-08-28 15:00 507904 fb66744d525ea5df9a719f1db9b2dff4 c:\windows\system32\winlogon.exe

2004-08-28 15:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2004-08-28 15:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2004-08-28 15:00 2175488 ef82e2aba188743cb88c220e22953966 c:\windows\system32\ntkrnlpa.exe

2004-08-28 15:00 2295808 2f8ac58c3a7f73bc5ae132f2b452f6ce c:\windows\system32\ntoskrnl.exe

2004-08-28 15:00 1934848 1630d57b8370b7a20a41bb4c1e459edf c:\windows\explorer.exe

2004-08-28 15:00 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\system32\services.exe

2004-08-28 15:00 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\system32\lsass.exe

2004-08-28 15:00 25088 43836cffabac8d6779e8ee55e308df2c c:\windows\system32\ctfmon.exe

2004-08-28 15:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\system32\spoolsv.exe

2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b c:\windows\SoftwareDistribution\SelfUpdate\Default\wuauclt.exe
2004-08-28 15:00 125720 5dcdc592f8911f5110fa9e75f3c3dd23 c:\windows\system32\wuauclt.exe

2004-08-28 15:00 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\system32\userinit.exe

2004-08-28 15:00 297984 70921de4c83652dc301a05f0cc46c985 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-28 25088]
"IDMan"="c:\documents and settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe" [2007-10-02 2553264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AliceSAV"="c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 81408]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]
"VisualTaskTips"="c:\windows\System32\VisualTaskTips.exe" [2004-08-28 36864]
"Vistadrv"="c:\windows\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"TransBar"="c:\windows\System32\TransBar.exe" [2004-08-28 65536]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-28 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 19:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xchmwl.dll xjzqhp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 11:29 220544 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-28 15:00 25088 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--a------ 2004-09-08 05:47 106496 c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-10-02 08:02 2553264 c:\documents and settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 21:55 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
--a------ 2006-03-28 00:53 25474 c:\program files\Soft4Ever\looknstop\looknstop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2004-02-03 14:13 49152 c:\progra~1\Pinnacle\PPE\PPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
--a------ 2005-10-30 01:56 606208 c:\program files\pspvideo9\pspVideo9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 14:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 10:43 2097488 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
--a------ 2006-05-03 10:48 307200 c:\program files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2004-09-03 17:16 139264 c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 22:22 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
--a------ 2005-08-12 19:52 180224 c:\program files\UberIcon\UberIcon Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2004-04-23 11:00 192512 c:\program files\Pinnacle Systems\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-13 15:48 3411968 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2004-09-08 05:00 233472 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-17 03:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS [2007-09-14 58800]
R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS [2007-09-14 49968]
R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS [2007-09-14 15792]
R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS [2007-09-14 190640]
R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2007-09-14 76160]
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS [2007-09-14 23:43:45 121392]
R1 ShldDrv;Panda File Shield Driver;\??\c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-09-14 31104]
R1 SMSFLT;SMS Filter Plugin;\??\c:\windows\system32\Drivers\SMSFLT.SYS [2007-09-14 36016]
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\Drivers\WNMFLT.SYS [2007-09-14 29360]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-09-14 17792]
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2007-09-14 170800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2007-09-14 35840]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [2007-09-14 141872]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []
R3 SunkFilt62;USB 6/1 Driver;c:\windows\system32\DRIVERS\sunkfilt62.sys [2004-07-23 46536]
S0 ndbwgn;ndbwgn;c:\windows\system32\drivers\jwrfo.sys []
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc []
S3 CH341;CH341WDM;c:\windows\system32\Drivers\CH341WDM.SYS [2008-05-23 19392]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2008-09-26 29184]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2007-10-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2007-10-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2007-10-30 94000]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys []
.
Contenu du dossier 'Tâches planifiées'

2008-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{161DA1F5-2619-4D90-A5DB-7C14C5B647B6} - (no file)
BHO-{979F5F2D-18EA-48D3-BB3A-EAB1517F53CF} - (no file)
BHO-{DCBDF1F0-5A6B-405C-9C10-A1E755437094} - (no file)
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Position - (no file)
MSConfigStartUp-40882586584608286760973297715187 - c:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\BitTorrent_DNA\dna.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\eb7j6prb.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 19:48:11
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-19 19:58:42
ComboFix-quarantined-files.txt 2008-11-19 18:58:37

Avant-CF: 58,048,630,784 octets libres
Après-CF: 58,034,130,944 octets libres

310
0
Réponse 27 / 91
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bien ...

Redémarres ton PC !

ensuite refais ceci :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilises pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : cliques sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...
0
Réponse 28 / 91
aizen27 Messages postés 103 Statut Membre 6
 
j redemarrer fait la manipulation rien il ya rien pas de rapport
le rapport de hijacthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03, on 2008-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5600363C-B1A7-464C-9D48-B57A901A74FA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {979F5F2D-18EA-48D3-BB3A-EAB1517F53CF} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AE5619CA-D637-3A0E-B048-83627B096D00} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {DCBDF1F0-5A6B-405C-9C10-A1E755437094} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [10be561b] rundll32.exe "C:\WINDOWS\system32\vijikrvn.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe /onboot
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EE3ECD-6547-4FDA-A61D-3A660E65499E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95BF803-257D-42A1-9E61-4DA135997B95}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: ssqPhIcY - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
0
Réponse 29 / 91
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
il me faut le rapport de Combofix ...

il est ici -> C:\Combofix.txt

0
Réponse 30 / 91
aizen27 Messages postés 103 Statut Membre 6
 
ya rien dedans comme tout a leur je recommencr encore ?
0
Réponse 31 / 91
aizen27 Messages postés 103 Statut Membre 6
 
sa marche meme plus sa fe planter le pc au demmarage je fait quoi ? merci
0
Réponse 32 / 91
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
je répète au cas où :

il faut désactiver toutes tes défenses :

Tous les services de Panda + le pare feu Windows ....

fais ceci donc :

1-Crées un doc texte sur ton bureau :
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

File::
c:\documents and settings\Administrateur\Application Data\Adobe\Player.exe.bak
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\SoftwareProtection\Windows External Security Update.exe
c:\windows\system32\FMWDffii.ini
c:\windows\system32\FMWDffii.ini2
c:\windows\system32\jlfmie.dll
c:\windows\system32\lfdsuiqs.ini
c:\windows\system32\nvrkijiv.ini
c:\windows\system32\rnkmtwud.dll
c:\windows\system32\sysdm.exe
c:\windows\system32\tmp.reg
c:\windows\NV5672780.TMP
c:\windows\system32\xa4164609.exe
c:\windows\system32\xa4162406.exe
c:\windows\system32\xa11154171.exe
c:\windows\system32\xa11145093.exe
c:\windows\system32\xa9299109.exe
c:\windows\system32\xa9297218.exe
c:\windows\system32\xa6226343.exe
c:\windows\system32\xa6224421.exe
c:\windows\system32\xa653531.exe
c:\windows\system32\xa652546.exe
c:\windows\system32\xa568375.exe
c:\windows\system32\xa567078.exe
c:\windows\system32\xa298750.exe
c:\windows\system32\xa297156.exe
c:\windows\system32\xa212687.exe
c:\windows\system32\xa210968.exe
c:\windows\system32\xa8488656.exe
c:\windows\system32\xa8487687.exe
c:\windows\system32\xa8472625.exe
c:\windows\system32\xa8471078.exe
c:\windows\system32\wr97477.dll
c:\windows\NV29162104.TMP

Driver::
ASC3550P

Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...

2-Nettoyage :

!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
0
Réponse 33 / 91
aizen27 Messages postés 103 Statut Membre 6
 
j'ai fait exactement ce que tu m'as dit de faire l'encadrer bleu se boque au demarrage j'ai patienter mais rien ja appyer sur la crois et le bureau s'est afficher regarde le rapport de hijackthis pour voir si la supressions a ete faite
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44, on 2008-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5600363C-B1A7-464C-9D48-B57A901A74FA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {979F5F2D-18EA-48D3-BB3A-EAB1517F53CF} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: D - {AE5619CA-D637-3A0E-B048-83627B096D00} - C:\WINDOWS\system32\xwr97477.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {DCBDF1F0-5A6B-405C-9C10-A1E755437094} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF26299.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe /onboot
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EE3ECD-6547-4FDA-A61D-3A660E65499E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95BF803-257D-42A1-9E61-4DA135997B95}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: ssqPhIcY - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
0
Réponse 34 / 91
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bon ...

1-refais un coup de CCleaner (registre compris )

2- refais un scan RSIT et postes moi lr nouveau rapport "Log.txt" obtenu et attends la suite ...

0
Réponse 35 / 91
aizen27 Messages postés 103 Statut Membre 6
 
ok le voila
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-19 23:12:39
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 55 GB (18%) free of 305 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12, on 2008-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5600363C-B1A7-464C-9D48-B57A901A74FA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {979F5F2D-18EA-48D3-BB3A-EAB1517F53CF} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: D - {AE5619CA-D637-3A0E-B048-83627B096D00} - C:\WINDOWS\system32\xwr97477.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {DCBDF1F0-5A6B-405C-9C10-A1E755437094} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF26299.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IDMan.exe /onboot
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Administrateur\Mes documents\IDM 5.11.7+Crack\Crack IDM v5.11.7\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EE3ECD-6547-4FDA-A61D-3A660E65499E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95BF803-257D-42A1-9E61-4DA135997B95}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B67DDA5-9C1C-487F-888D-F37A0313BA13}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: ssqPhIcY - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
0
Réponse 36 / 91
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Bien ...

1- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous, 

:Processes
explorer.exe

:Services
an5f5w7f
apmvr2o6

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE5619CA-D637-3A0E-B048-83627B096D00}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqPhIcY]

:Files
C:\WINDOWS\system32\xwr97477.dll
C:\WINDOWS\system32\xa1418453.exe 
C:\WINDOWS\system32\xa1416718.exe 
C:\WINDOWS\hhxjm.txt 
C:\WINDOWS\system32\1b9d9265-.txt 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).

=====================

2- Télécharges DirLook de jpshortstuff sur ton bureau :

http://jpshortstuff.247fixes.com/DirLook.exe

* Double-cliques sur "DirLook.exe" pour lancer l'outil .

-> Vérifies que "Show Hidden Files" et "BBCode Ouput" soient cochées .

-> Copies/colles le texte ci-dessous dans la fenêtre :

C:\cmdcons

* Cliques sur le bouton [DirLook] pour lancer l'examen .

( laisse travailler , cela peut être plus ou moins long )

Quand il est terminé, une fenêtre du Bloc-notes s'ouvre avec le résultat du scan.

-> Postes ce rapport dans ta prochaine réponse pour analyse ...

( Note : Le rapport est en outre sauvegardé ici C:\dl_log.txt )

==================

3- Télécharges GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

!!Déconnectes toi et fermes tes application en cours !!

Dézippes (=extraire tout) le contenu de ce que tu viens de télécharger sur ton bureau .

Ouvres le dossier Genproc :
double-cliques sur GenProc.bat et laisses faire ...

Une fois terminé, postes le contenu du rapport qui s'ouvre ...

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

0
Réponse 37 / 91
aizen27 Messages postés 103 Statut Membre 6
 
voici le premier rapport
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service an5f5w7f .
Unable to stop service apmvr2o6 .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE5619CA-D637-3A0E-B048-83627B096D00}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqPhIcY\\ deleted successfully.
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\xwr97477.dll
C:\WINDOWS\system32\xwr97477.dll NOT unregistered.
C:\WINDOWS\system32\xwr97477.dll moved successfully.
C:\WINDOWS\system32\xa1418453.exe moved successfully.
C:\WINDOWS\system32\xa1416718.exe moved successfully.
C:\WINDOWS\hhxjm.txt moved successfully.
C:\WINDOWS\system32\1b9d9265-.txt moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11202008_015051
0
Réponse 38 / 91
aizen27 Messages postés 103 Statut Membre 6
 
voici le deuxieme

DirLook.exe v2.0 by jpshortstuff
Log created at 01:57 on 20/11/2008
==================================[b]
Contents of "C:\cmdcons"
[/b]
[b][color=blue]---FOLDERS---[/b][/color]

[b]SYSTEM32[/b] (Created on 19/11/2008 at 17:58) d-----

[b][color=blue]---FILES---[/b][/color]

[b]1394BUS.SY_[/b] (29992 bytes - created on 03/08/2004 at 22:10, modified on 03/08/2004 at 22:10) --a---
[b]1394VDBG.SY_[/b] (6259 bytes - created on 17/08/2001 at 13:06, modified on 17/08/2001 at 13:06) --a---
[b]ABP480N5.SY_[/b] (13699 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]ACPI.SY_[/b] (92341 bytes - created on 03/08/2004 at 23:36, modified on 03/08/2004 at 23:36) --a---
[b]ACPIEC.SY_[/b] (6517 bytes - created on 23/08/2001 at 07:57, modified on 23/08/2001 at 07:57) --a---
[b]ADPU160M.SY_[/b] (50331 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]AHA154X.SY_[/b] (8038 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]AIC78U2.SY_[/b] (29912 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]AIC78XX.SY_[/b] (30488 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]ALIIDE.SY_[/b] (2839 bytes - created on 17/08/2001 at 12:51, modified on 17/08/2001 at 12:51) --a---
[b]AMSINT.SY_[/b] (7277 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]ASC.SY_[/b] (15258 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]ASC3350P.SY_[/b] (13211 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]ASC3550.SY_[/b] (8936 bytes - created on 17/08/2001 at 12:51, modified on 17/08/2001 at 12:51) --a---
[b]ATAPI.SY_[/b] (49558 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]autochk.exe[/b] (625152 bytes - created on 19/11/2008 at 17:58, modified on 28/08/2004 at 14:00) --a---
[b]autofmt.exe[/b] (616960 bytes - created on 19/11/2008 at 17:58, modified on 28/08/2004 at 14:00) --a---
[b]BIOSINFO.INF[/b] (48046 bytes - created on 03/08/2004 at 21:17, modified on 03/08/2004 at 21:17) --a---
[b]BOOTFONT.BIN[/b] (4952 bytes - created on 21/07/2001 at 13:13, modified on 21/07/2001 at 13:13) --a---
[b]bootsect.dat[/b] (8192 bytes - created on 19/11/2008 at 17:59, modified on 19/11/2008 at 17:59) --a---
[b]BOOTVID.DL_[/b] (6232 bytes - created on 17/08/2001 at 12:49, modified on 17/08/2001 at 12:49) --a---
[b]CBIDF2K.SY_[/b] (7630 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]CD20XRNT.SY_[/b] (3975 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]CDFS.SY_[/b] (33703 bytes - created on 03/08/2004 at 22:14, modified on 03/08/2004 at 22:14) --a---
[b]CDROM.SY_[/b] (24812 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]CLASSPNP.SY_[/b] (27951 bytes - created on 03/08/2004 at 22:14, modified on 03/08/2004 at 22:14) --a---
[b]CMDIDE.SY_[/b] (3681 bytes - created on 23/08/2001 at 08:04, modified on 23/08/2001 at 08:04) --a---
[b]CPQARRAY.SY_[/b] (8537 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]C_1252.NL_[/b] (1479 bytes - created on 21/07/2001 at 13:20, modified on 21/07/2001 at 13:20) --a---
[b]C_850.NL_[/b] (1614 bytes - created on 21/07/2001 at 13:20, modified on 21/07/2001 at 13:20) --a---
[b]DAC2W2K.SY_[/b] (29302 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]DAC960NT.SY_[/b] (8001 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]DISK.SY_[/b] (19989 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]DISK101[/b] (2 bytes - created on 04/08/2004 at 01:49, modified on 04/08/2004 at 01:49) --a---
[b]DISK102[/b] (2 bytes - created on 04/08/2004 at 01:49, modified on 04/08/2004 at 01:49) --a---
[b]DISK103[/b] (2 bytes - created on 04/08/2004 at 01:49, modified on 04/08/2004 at 01:49) --a---
[b]DISK104[/b] (2 bytes - created on 04/08/2004 at 01:49, modified on 04/08/2004 at 01:49) --a---
[b]DISK105[/b] (2 bytes - created on 04/08/2004 at 01:49, modified on 04/08/2004 at 01:49) --a---
[b]DISK106[/b] (2 bytes - created on 04/08/2004 at 01:49, modified on 04/08/2004 at 01:49) --a---
[b]DMBOOT.SY_[/b] (125249 bytes - created on 03/08/2004 at 23:46, modified on 03/08/2004 at 23:46) --a---
[b]DMIO.SY_[/b] (70459 bytes - created on 03/08/2004 at 23:46, modified on 03/08/2004 at 23:46) --a---
[b]DMLOAD.SY_[/b] (2859 bytes - created on 17/08/2001 at 12:58, modified on 17/08/2001 at 12:58) --a---
[b]DPTI2O.SY_[/b] (10997 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]DRVMAIN.SDB[/b] (9424 bytes - created on 03/08/2004 at 23:56, modified on 03/08/2004 at 23:56) --a---
[b]FASTFAT.SY_[/b] (72696 bytes - created on 03/08/2004 at 22:14, modified on 03/08/2004 at 22:14) --a---
[b]FDC.SY_[/b] (15204 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]FLPYDISK.SY_[/b] (11325 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]FTDISK.SY_[/b] (61023 bytes - created on 23/08/2001 at 08:17, modified on 23/08/2001 at 08:17) --a---
[b]HAL.DL_[/b] (53234 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]HALAACPI.DL_[/b] (47111 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]HALACPI.DL_[/b] (40176 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]HALAPIC.DL_[/b] (51352 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]HALMACPI.DL_[/b] (48507 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]HALMPS.DL_[/b] (52583 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]HALSP.DL_[/b] (37788 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]HIDCLASS.SY_[/b] (20061 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]HIDPARSE.SY_[/b] (12727 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]HIDUSB.SY_[/b] (5265 bytes - created on 17/08/2001 at 13:02, modified on 17/08/2001 at 13:02) --a---
[b]HPN.SY_[/b] (15648 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]I2OMGMT.SY_[/b] (4064 bytes - created on 03/08/2004 at 22:00, modified on 03/08/2004 at 22:00) --a---
[b]I2OMP.SY_[/b] (10324 bytes - created on 03/08/2004 at 22:00, modified on 03/08/2004 at 22:00) --a---
[b]I8042PRT.SY_[/b] (26299 bytes - created on 03/08/2004 at 23:41, modified on 03/08/2004 at 23:41) --a---
[b]INI910U.SY_[/b] (8560 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]INTELIDE.SY_[/b] (2909 bytes - created on 03/08/2004 at 23:43, modified on 03/08/2004 at 23:43) --a---
[b]ISAPNP.SY_[/b] (20455 bytes - created on 23/08/2001 at 07:58, modified on 23/08/2001 at 07:58) --a---
[b]KBDA1.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDA2.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDA3.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDAL.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDARME.DLL[/b] (5120 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDARMW.DLL[/b] (5120 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDAZE.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDAZEL.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDBE.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDBLR.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDBR.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDBU.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDCA.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDCLASS.SY_[/b] (12375 bytes - created on 03/08/2004 at 23:45, modified on 03/08/2004 at 23:45) --a---
[b]KBDCR.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDCZ.DLL[/b] (7168 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDCZ1.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDCZ2.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDDA.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDDIV1.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDDIV2.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDDV.DLL[/b] (5120 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDES.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDEST.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDFA.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDFC.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDFI.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDFR.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDGAE.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDGEO.DLL[/b] (5120 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDGKL.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDGR.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDGR1.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDHE.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDHE220.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDHE319.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDHEB.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDHELA2.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDHELA3.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDHEPT.DLL[/b] (8192 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDHID.SY_[/b] (7985 bytes - created on 03/08/2004 at 23:45, modified on 03/08/2004 at 23:45) --a---
[b]KBDHU.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDHU1.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDIC.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDINDEV.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDINGUJ.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDINHIN.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDINKAN.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDINMAR.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDINPUN.DLL[/b] (6144 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDINTAM.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDINTEL.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDIR.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDIT.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDIT142.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDKAZ.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDKYR.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDLA.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDLT.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDLT1.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDLV.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDLV1.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDMON.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDNE.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDNEC.DLL[/b] (7168 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDNO.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDPL.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDPL1.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDPO.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDRO.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDRU.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDRU1.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDSF.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDSG.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDSL.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDSL1.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDSP.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDSW.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDSYR1.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDSYR2.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDTAT.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDTH0.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDTH1.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDTH2.DLL[/b] (6144 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDTH3.DLL[/b] (6144 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDTUF.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDTUQ.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDUK.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDUR.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDURDU.DLL[/b] (5632 bytes - created on 23/08/2001 at 08:45, modified on 23/08/2001 at 08:45) --a---
[b]KBDUS.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDUSL.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDUSR.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDUSX.DLL[/b] (6144 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDUZB.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDVNTC.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDYCC.DLL[/b] (5632 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KBDYCL.DLL[/b] (6656 bytes - created on 17/08/2001 at 13:55, modified on 17/08/2001 at 13:55) --a---
[b]KD1394.DL_[/b] (3985 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]KDCOM.DL_[/b] (4184 bytes - created on 17/08/2001 at 12:49, modified on 17/08/2001 at 12:49) --a---
[b]KSECDD.SYS[/b] (92032 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]LBRTFDC.SY_[/b] (14614 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]L_INTL.NL_[/b] (847 bytes - created on 21/07/2001 at 13:20, modified on 21/07/2001 at 13:20) --a---
[b]migrate.inf[/b] (56575 bytes - created on 19/11/2008 at 17:59, modified on 19/11/2008 at 17:59) --a---
[b]MOUNTMGR.SY_[/b] (20981 bytes - created on 03/08/2004 at 21:58, modified on 03/08/2004 at 21:58) --a---
[b]MRAID35X.SY_[/b] (9785 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]NTDETECT.COM[/b] (47564 bytes - created on 03/08/2004 at 21:38, modified on 03/08/2004 at 21:38) --a---
[b]NTFS.SYS[/b] (574592 bytes - created on 03/08/2004 at 22:15, modified on 03/08/2004 at 22:15) --a---
[b]NTKRNLMP.EX_[/b] (1037995 bytes - created on 03/08/2004 at 23:48, modified on 03/08/2004 at 23:48) --a---
[b]OHCI1394.SY_[/b] (38047 bytes - created on 03/08/2004 at 22:10, modified on 03/08/2004 at 22:10) --a---
[b]OPRGHDLR.SY_[/b] (1629 bytes - created on 17/08/2001 at 12:57, modified on 17/08/2001 at 12:57) --a---
[b]PARTMGR.SY_[/b] (10256 bytes - created on 17/08/2001 at 21:24, modified on 17/08/2001 at 21:24) --a---
[b]PCI.SY_[/b] (37314 bytes - created on 03/08/2004 at 23:37, modified on 03/08/2004 at 23:37) --a---
[b]PCIIDE.SY_[/b] (1711 bytes - created on 23/08/2001 at 08:15, modified on 23/08/2001 at 08:15) --a---
[b]PCIIDEX.SY_[/b] (13610 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]PCMCIA.SY_[/b] (54835 bytes - created on 03/08/2004 at 23:37, modified on 03/08/2004 at 23:37) --a---
[b]PERC2.SY_[/b] (16328 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]PERC2HIB.SY_[/b] (3363 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]QL1080.SY_[/b] (22761 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]QL10WNT.SY_[/b] (18888 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]QL12160.SY_[/b] (25938 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]QL1240.SY_[/b] (22855 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]QL1280.SY_[/b] (27359 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]RAMDISK.SY_[/b] (12010 bytes - created on 03/08/2004 at 22:00, modified on 03/08/2004 at 22:00) --a---
[b]SBP2PORT.SY_[/b] (23453 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]SCSIPORT.SY_[/b] (52069 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]SERENUM.SY_[/b] (8420 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]SERIAL.SY_[/b] (30359 bytes - created on 03/08/2004 at 23:41, modified on 03/08/2004 at 23:41) --a---
[b]SETUPDD.SY_[/b] (205502 bytes - created on 03/08/2004 at 22:05, modified on 03/08/2004 at 22:05) --a---
[b]SETUPLDR.BIN[/b] (263488 bytes - created on 03/08/2004 at 22:00, modified on 03/08/2004 at 22:00) --a---
[b]SETUPREG.HIV[/b] (262144 bytes - created on 03/08/2004 at 21:01, modified on 03/08/2004 at 21:01) --a---
[b]SFLOPPY.SY_[/b] (6310 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]SLIP.SY_[/b] (5597 bytes - created on 03/08/2004 at 22:10, modified on 03/08/2004 at 22:10) --a---
[b]SPARROW.SY_[/b] (11098 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]SPCMDCON.SYS[/b] (241152 bytes - created on 03/08/2004 at 23:44, modified on 03/08/2004 at 23:44) --a---
[b]SPDDLANG.SY_[/b] (1599 bytes - created on 17/08/2001 at 12:56, modified on 17/08/2001 at 12:56) --a---
[b]STREAMIP.SY_[/b] (6863 bytes - created on 03/08/2004 at 22:10, modified on 03/08/2004 at 22:10) --a---
[b]SYMC810.SY_[/b] (8352 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]SYMC8XX.SY_[/b] (18304 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]SYM_HI.SY_[/b] (16761 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]SYM_U3.SY_[/b] (17923 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---
[b]TFFSPORT.SY_[/b] (68787 bytes - created on 03/08/2004 at 22:00, modified on 03/08/2004 at 22:00) --a---
[b]TOSIDE.SY_[/b] (2657 bytes - created on 23/08/2001 at 08:00, modified on 23/08/2001 at 08:00) --a---
[b]txtsetup.sif[/b] (468517 bytes - created on 19/11/2008 at 17:58, modified on 04/08/2004 at 00:32) --a---
[b]ULTRA.SY_[/b] (15864 bytes - created on 17/08/2001 at 12:52, modified on 17/08/2001 at 12:52) --a---
[b]USBCCGP.SY_[/b] (14592 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]USBD.SY_[/b] (2495 bytes - created on 17/08/2001 at 13:03, modified on 17/08/2001 at 13:03) --a---
[b]USBEHCI.SY_[/b] (15034 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]USBHUB.SY_[/b] (30383 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]USBOHCI.SY_[/b] (9350 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]USBPORT.SY_[/b] (61918 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]USBSTOR.SY_[/b] (14618 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]USBUHCI.SY_[/b] (11188 bytes - created on 03/08/2004 at 22:08, modified on 03/08/2004 at 22:08) --a---
[b]VGA.SY_[/b] (10544 bytes - created on 03/08/2004 at 22:07, modified on 03/08/2004 at 22:07) --a---
[b]VGA850.FO_[/b] (2467 bytes - created on 21/07/2001 at 13:40, modified on 21/07/2001 at 13:40) --a---
[b]VIAIDE.SY_[/b] (2943 bytes - created on 03/08/2004 at 21:59, modified on 03/08/2004 at 21:59) --a---
[b]VIDEOPRT.SY_[/b] (38449 bytes - created on 03/08/2004 at 22:07, modified on 03/08/2004 at 22:07) --a---
[b]winnt.sif[/b] (438 bytes - created on 19/11/2008 at 17:59, modified on 19/11/2008 at 17:59) --a---
[b]WMILIB.SY_[/b] (2509 bytes - created on 17/08/2001 at 13:07, modified on 17/08/2001 at 13:07) --a---

=============================
0
Réponse 39 / 91
aizen27 Messages postés 103 Statut Membre 6
 
et le dernier

Rapport GenProc 2.223 [1] -2008-11-20- Windows XP

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt
0
Réponse 40 / 91
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Bien ...

Dis moi comment va le PC maitenant .... du mieux ?

puis fait ceci :

1-Avoir accès aux fichiers cachés :

Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

2- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\cmdcons\autochk.exe

Cliques sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copies le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

Fais de même pour :
C:\cmdcons\autofmt.exe
C:\cmdcons\BOOTVID.DL_
C:\cmdcons\bootsect.dat
C:\cmdcons\NTDETECT.COM
C:\cmdcons\NTFS.SYS

postes moi donc ces 6 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...

je te dis a demain ... ^^
0