Probleme virale?

Résolu
Utilisateur anonyme -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, Pour ceux qui me connaise et OUI! je suis de retour bon je vous raconte mon probleme:

Mon pc est devenu plus lent que d'habitude (je l'ai demonté mais j'ai bien fais attention de pas forcer et ne pas toucher au endroit fragile car j'ai bloquez une mini sd dans un fente a carte sd que je n'ai pas reussis a enlever Lol)
je vous donne le raport hijacktis mais je ne pense pas que sa a rapport etant donné que le son et l'image sont decalé des fois [exemple : quand j'ouvre msn j'entend msn mais je le vois pas ] mais bon je vous montre quand meme le rapport !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:16, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Avira\Avira Premium Security Suite\avscan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA541] command /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3058] cmd /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8743] command /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3736] cmd /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4573] command /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7620] cmd /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1492] command /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8423] cmd /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9012] command /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKLM\..\RunOnce: [SpybotDeletingC679] cmd /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB2183] command /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8657] cmd /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4528] command /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8289] cmd /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKCU\..\RunOnce: [SpybotDeletingB393] command /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7959] cmd /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4996] command /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9569] cmd /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4534] command /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKCU\..\RunOnce: [SpybotDeletingD570] cmd /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9838 bytes
Configuration: Windows XP
Opera 9.61

13 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    vire ce qui est en quarantaine (sauvegarde) de spybot puis desinstalle spybot

    ensuite si tu as la suite avira il ne faut pas activer le parefeu de cette suite si tu as zone alarm actif!

    ensuite

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  2. Utilisateur anonyme
     
    ComboFix 08-11-27.03 - MUSTAPHA 2008-11-27 20:06:58.6 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1443 [GMT 1:00]
    Lancé depuis: c:\documents and settings\MUSTAPHA\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\ktd32.atm
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-27 14:47 . 2008-11-27 14:47 <REP> d--hs---- C:\FOUND.003
    2008-11-26 18:53 . 2008-11-26 18:53 <REP> d--hs---- C:\FOUND.002
    2008-11-25 18:38 . 2008-11-25 23:07 99 -r-hs---- c:\windows\smms.bat
    2008-11-22 16:29 . 2008-11-22 16:29 0 --a------ c:\windows\optiflash.INI
    2008-11-21 18:07 . 2008-11-21 18:07 <REP> d-------- c:\program files\SCi
    2008-11-20 20:00 . 2008-11-20 20:00 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\Jasc
    2008-11-20 19:39 . 2008-11-20 19:39 <REP> d-------- c:\program files\Jasc Software Inc
    2008-11-20 19:36 . 2008-11-20 19:36 <REP> d-------- c:\program files\WMV9_VCM
    2008-11-20 19:36 . 2008-11-20 19:36 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\MAGIX
    2008-11-20 19:35 . 2008-11-20 19:35 <REP> d-------- c:\program files\Fichiers communs\MAGIX Shared
    2008-11-20 19:35 . 2008-11-20 19:35 <REP> d-------- c:\documents and settings\All Users\Application Data\MAGIX
    2008-11-20 19:31 . 2008-11-20 19:31 <REP> d-------- c:\windows\system32\MAGIX
    2008-11-20 19:31 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
    2008-11-20 19:31 . 2007-04-27 10:43 120,200 --a------ c:\windows\system32\DLLDEV32i.dll
    2008-11-20 19:31 . 2008-11-20 19:31 7,023 --a------ c:\windows\mgxoschk.ini
    2008-11-19 22:21 . 2008-11-19 22:21 <REP> d-------- c:\program files\PCMesh
    2008-11-19 22:21 . 2008-11-19 22:21 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\PCMesh
    2008-11-19 22:13 . 2008-11-19 22:13 <REP> d-------- c:\program files\NetConceal
    2008-11-19 21:42 . 2008-11-19 21:42 <REP> d-------- c:\program files\Lavalys
    2008-11-19 21:31 . 2008-11-19 21:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-11-16 18:47 . 2008-11-17 18:20 783 --a------ c:\windows\Gfact.ini
    2008-11-16 18:47 . 2008-11-16 18:47 27 --a------ c:\windows\gdx.ini
    2008-11-16 18:41 . 2000-07-08 15:06 87,040 --a------ c:\windows\UnGins.exe
    2008-11-15 23:01 . 2008-11-15 23:01 <REP> d-------- c:\documents and settings\MUSTAPHA\.housecall6.6
    2008-11-13 20:53 . 2008-11-16 00:28 4,194,378 --a------ c:\windows\pfirewall.log.old
    2008-11-13 17:43 . 2008-11-13 17:43 <REP> d-------- c:\program files\MSXML 4.0
    2008-11-13 17:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-13 17:40 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-08 17:19 . 2008-11-08 17:19 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\gtk-2.0
    2008-11-08 17:18 . 2008-11-08 17:18 <REP> d-------- c:\documents and settings\MUSTAPHA\.thumbnails
    2008-11-08 16:32 . 2008-11-08 16:32 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\mioObjects
    2008-11-08 16:31 . 2008-11-08 16:31 <REP> d-------- c:\program files\Mioplanet
    2008-11-08 16:31 . 2008-11-08 16:31 407,047 --a------ c:\windows\system32\mioengine.exe
    2008-11-08 16:23 . 2008-11-08 16:23 <REP> d-------- c:\program files\PSPad editor
    2008-11-08 16:23 . 2008-11-08 16:23 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\PSpad
    2008-11-06 23:00 . 2008-11-06 23:00 <REP> d--h----- c:\windows\PIF
    2008-11-06 17:07 . 2008-11-06 17:07 <REP> d-------- c:\program files\ArtMoney
    2008-11-02 19:18 . 2008-11-02 19:18 268 --ah----- C:\sqmdata04.sqm
    2008-11-02 19:18 . 2008-11-02 19:18 172 --ah----- C:\sqmnoopt04.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-27 16:48 32 --sha-w c:\windows\system32\drivers\fidbox.idx
    2008-11-27 16:48 32 --sha-w c:\windows\system32\drivers\fidbox.dat
    2008-11-27 14:19 1,497,600 ------w c:\windows\Internet Logs\xDB9.tmp
    2008-11-20 19:42 2,990,592 ------w c:\windows\Internet Logs\xDB1E8.tmp
    2008-11-20 19:42 1,484,800 ------w c:\windows\Internet Logs\xDB1E9.tmp
    2008-11-20 18:51 1,501,184 ------w c:\windows\Internet Logs\xDB8.tmp
    2008-11-17 20:16 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
    2008-11-16 21:52 1,483,776 ------w c:\windows\Internet Logs\xDB7.tmp
    2008-10-29 08:11 2,882,048 ------w c:\windows\Internet Logs\xDB6.tmp
    2008-10-27 10:16 1,426,944 ------w c:\windows\Internet Logs\xDB5.tmp
    2008-10-26 17:14 1,420,800 ------w c:\windows\Internet Logs\xDB4.tmp
    2008-10-25 18:30 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\dvdcss
    2008-10-25 18:07 983,040 ------w c:\windows\Internet Logs\xDB2.tmp
    2008-10-25 18:07 1,419,776 ------w c:\windows\Internet Logs\xDB3.tmp
    2008-10-25 15:41 --------- d-----w c:\program files\BitTorrent
    2008-10-25 15:41 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\BitTorrent
    2008-10-25 14:49 25,600 ------w c:\windows\Internet Logs\xDB1.tmp
    2008-10-25 13:59 2,921,984 ------w c:\windows\Internet Logs\xDB9F.tmp
    2008-10-25 13:59 1,419,776 ------w c:\windows\Internet Logs\xDBA0.tmp
    2008-10-25 13:48 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Samsung
    2008-10-25 13:33 --------- d-----w c:\program files\Samsung
    2008-10-24 23:03 --------- d-----w c:\documents and settings\adelus\Application Data\vlc
    2008-10-24 20:09 --------- d-----w c:\program files\Gimp-2.0
    2008-10-24 20:07 --------- d-----w c:\program files\Unlocker
    2008-10-24 20:07 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Desktopicon
    2008-10-24 20:02 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\vlc
    2008-10-24 20:00 --------- d-----w c:\program files\VideoLAN
    2008-10-24 19:51 --------- d-----w c:\program files\Fichiers communs\Reallusion
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 19:53 --------- d-----w c:\program files\PhotoFiltre
    2008-10-22 18:06 --------- d-----w c:\program files\Avira
    2008-10-22 18:06 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2008-10-22 17:58 --------- d-----w c:\program files\Zone Labs
    2008-10-22 17:55 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2008-10-22 17:32 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\XnView
    2008-10-22 17:20 --------- d-----w c:\program files\Opera
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-20 16:43 --------- d-----w c:\program files\Lphant
    2008-10-20 16:43 --------- d-----w c:\program files\Conduit
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-15 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
    2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 16:46 --------- d-----w c:\program files\UsbFix
    2008-10-14 20:37 24,282,856 ------w c:\windows\Internet Logs\vsmon_on_demand_2008_10_14_21_33_03_full.dmp.zip
    2008-10-14 18:40 --------- d-----w c:\program files\Counter-Strike Source
    2008-10-14 18:40 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\InstallShield Installation Information
    2008-10-14 18:10 --------- d-----w c:\program files\Valve Lan
    2008-10-13 18:31 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-10-13 18:31 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Malwarebytes
    2008-10-13 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-10-12 19:33 --------- d-----w c:\documents and settings\adelus\Application Data\MailFrontier
    2008-10-12 16:10 --------- d-----w c:\program files\Alwil Software
    2008-10-12 13:31 --------- d-----w c:\program files\Sunbelt Software
    2008-10-12 13:22 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-10-12 11:37 --------- d-----w c:\program files\MSN Password Recovery
    2008-10-11 22:19 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\FileZilla
    2008-10-11 22:09 --------- d-----w c:\program files\Yahoo!
    2008-10-11 09:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-10-10 15:53 --------- d-----w c:\program files\OpenDNS Updater
    2008-10-09 20:03 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Smart PC Solutions
    2008-10-09 19:56 --------- d-----w c:\program files\Free Window Registry Repair
    2008-10-09 18:41 --------- d-----w c:\program files\Microsoft Works
    2008-10-09 18:37 --------- d-----w c:\program files\Microsoft.NET
    2008-10-09 18:26 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Uniblue
    2008-10-09 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-10-08 22:15 --------- d-----w c:\program files\MSN Messenger
    2008-10-08 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
    2008-10-08 10:10 --------- d-----w c:\documents and settings\adelus\Application Data\HiYo
    2008-10-07 06:46 --------- d-----w c:\program files\Windows Live Toolbar
    2008-10-07 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
    2008-10-06 17:36 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\HiYo
    2008-10-04 18:49 --------- d-----w c:\program files\MessengerDiscovery
    2008-10-03 18:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-10-02 21:30 --------- d-----w c:\program files\Wakfu
    2008-10-01 14:47 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Hide IP NG
    2008-10-01 12:41 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-29 20:35 --------- d-----w c:\documents and settings\MERZA2\Application Data\SiteAdvisor
    2008-09-28 14:08 --------- d-----w c:\program files\MSBuild
    2008-09-28 14:07 --------- d-----w c:\program files\Reference Assemblies
    2008-09-27 20:27 --------- d-----w c:\program files\WinPcap
    2008-09-27 19:55 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
    2008-09-27 19:45 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
    2006-06-15 19:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-25 17:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 13:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 12:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 11:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 17:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 10:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 10:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 10:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 10:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    2006-10-12 03:09 94,208 --sh--w c:\windows\system32\SalaatTime.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
    "ccleaner"="c:\documents and settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" [2008-09-24 1279216]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB2183"="command" [X]
    "SpybotDeletingD8657"="del" [X]
    "SpybotDeletingB4528"="command" [X]
    "SpybotDeletingD8289"="del" [X]
    "SpybotDeletingB393"="command" [X]
    "SpybotDeletingD7959"="del" [X]
    "SpybotDeletingB4996"="command" [X]
    "SpybotDeletingD9569"="del" [X]
    "SpybotDeletingB4534"="command" [X]
    "SpybotDeletingD570"="del" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

    c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

    c:\documents and settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

    c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

    c:\documents and settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

    c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

    c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "<NO NAME>"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
    "c:\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Lphant\\eLePhantClient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-10-22 258305]
    R2 AVEService;Service d'assistance Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-10-22 41217]
    R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2006-08-18 14336]
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-18 24576]
    R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
    R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-13 38496]
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
    R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-11-30 57024]
    S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2007-01-25 42000]
    S3 RTSTOR;USB Mass Stroage Device; []
    S4 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-10-22 164097]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d92fee2-bb17-11dd-943c-001d60c57f04}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o

    *Newly Created Service* - MBAMSWISSARMY

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-_BackupService - c:\program files\Astase\UltraBackup\4.9\bin\tbs.exe

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-27 20:09:50
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1688)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(1744)
    c:\windows\system32\avsda.dll
    .
    Heure de fin: 2008-11-27 20:11:14
    ComboFix-quarantined-files.txt 2008-11-27 19:11:10

    Avant-CF: 52 493 484 032 octets libres
    Après-CF: 52,604,010,496 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    284 --- E O F --- 2008-11-13 16:48:42

    Voila je n'ai pas utilisez votre topic pour me depecher j'espere que sa ira :)
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    remet un hijakchthis et dis tes soucis
    0
  4. Utilisateur anonyme
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:30:46, on 27/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
    C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
    C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkCSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Opera\opera.exe
    C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
    O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
    O4 - Startup: CCC.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
    O17 - HKLM\Software\..\Telephony: DomainName = ORDI
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ORDI
    O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
    O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
    O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    si tu connais la premiere ligne tu laisse sinon tu vire les deux

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com

    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    le rapport est clean!

    ___________

    vire combofix

    _____________

    encore des soucis? fais un scan avec antivir pour verifier
    0
  7. Utilisateur anonyme
     
    Y a t'il un moyen de savoir si ma carte son et video on un default?

    y a t'il un moyen d'essuyez le ventilo? car il y a de la poussiere et sa pourrai ralentir mon ordinateur? si oui, combien coute t'il?
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour le ventilo si c'est un fixe tu ouvre et tu vire la poussiere en utilisant eventuellement un aérosol à air comprimé ,
    si c'est un portable tu achète un aérosol a air (qui envoie de l'air) après avoir eteinds l'ordi depuis un petit moment et par la suite attendre un quart d'heure avant de le rallumer

    ____________________

    pour voir la carte son : utilise

    GPUZ https://tt-hardware.com/?option=com_content&view=article&id=11705

    ou sisoft sandra

    https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/308.html

    ou
    EVERSET home edition:

    https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/30728.html
    0
  9. Utilisateur anonyme
     
    aérosol a air? Sa coute cher?
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    moins de 10 euros:

    pour voir:

    http://www.leguide.net/go/search/idx/2081000/mot/Bombe_air_comprime/t/1/go.htm

    mais meme si c'est de l'air il faut avoir eteind l'ordi un moment et attendre avant de le rallumer!!!!
    0
  11. Utilisateur anonyme
     
    puis je l'utilise sans probleme? ou je dois faire attention aux autres partis de l'ordinateur?
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    non sans problème si ordi non chaud!!!
    0
  13. Utilisateur anonyme
     
    Ok merci pour tous et Envoir.
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    juste pour verifier:

    Telecharge UsbFix sur ton bureau
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    --> Lance l installation avec les parametres par default

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Double clic sur le raccourci UsbFix sur ton bureau

    --> Le pc va redémarer

    -->Apres redémarrage post le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
    Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
    0