Pc infecté rapport hitachi fait et avg que do

Résolu
marjo31 -  
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
j ai fait un nettoyage avec ccleaner un rapport avec avg et hitachi mais la je ne c est pas ce que je dois faire je n est plus d antivirus pas moyen d enlevé avast pour mettre kaspery et je n arrive pas a remettre avast non plus est que qqun pourrait m aider svp pour savoir ce que je dois faire je vous envoie le rapport de hitachi et avg merci
Logfile of HijackThis v1.99.1
Scan saved at 8:37:07, on 12/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Defenza\pcd-as.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [Control Kids] C:\Program Files\Control Kids\Control kids.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

et avg

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 9:33:14 12/12/2008

+ Résultat de l'analyse:



HKU\S-1-5-21-1045004141-474808527-140331961-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -> Adware.Generic : Aucune action entreprise.
C:\WINDOWS\system32\tdsspopup.dll -> Backdoor.UltimateDefender : Aucune action entreprise.
C:\WINDOWS\system32\18D.tmp -> Not-A-Virus.PUP.XPAntivirus.qj : Aucune action entreprise.
C:\WINDOWS\system32\26B.tmp -> Not-A-Virus.PUP.XPAntivirus.qj : Aucune action entreprise.
C:\WINDOWS\system32\29E.tmp -> Not-A-Virus.PUP.XPAntivirus.qj : Aucune action entreprise.
C:\WINDOWS\system32\29F.tmp -> Not-A-Virus.PUP.XPAntivirus.qj : Aucune action entreprise.
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.


Fin du rapport
A voir également:

149 réponses

Précédent
Réponse 41 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
beh non c est apres que je dois me déconnecté lol
0
Réponse 42 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
ca ne fonctionne pas quand je tape a puis enter ca se ferme et mon pc fait deux bip
0
Réponse 43 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
c/prog1/alwils1/avast4/aswmonds.sys
erreur: le systeme na pas pu trouvé la cle ou la valeur de registre specifiée

il ecrit ca avant de tapé a puis enter
0
Réponse 44 / 149
Utilisateur anonyme
 
poste un nouveau rapport hijackthis
do a scan systeme and save logfile
copie et colle le rapport dans ta prochaine reponse
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:56, on 13/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [Control Kids] C:\Program Files\Control Kids\Control kids.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 46 / 149
Utilisateur anonyme
 
ok on est presque au bout

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDAS"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : regedit 4 est sur la premiere ligne et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"





ensuite nouvelle citation pour ot moveit 3


:Processes
explorer.exe

:Services

:Reg

:Files
C:\Program Files\Defenza
c:\program files\defenza\pcd-as.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
C:\Program Files\GamesBar
C:\Program Files\Navilog1
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\Symantec Shared
C:\DOCUME~1\HP_PRO~1\APPLIC~1\GameHouse
C:\Program Files\GameHouse

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]



0
Réponse 47 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
voila
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Defenza\splash moved successfully.
C:\Program Files\Defenza\Setting moved successfully.
C:\Program Files\Defenza\QuarantineFolder moved successfully.
C:\Program Files\Defenza\pages\images2 moved successfully.
C:\Program Files\Defenza\pages\images moved successfully.
C:\Program Files\Defenza\pages moved successfully.
C:\Program Files\Defenza moved successfully.
File/Folder c:\program files\defenza\pcd-as.exe not found.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY\Licenses moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\Norton AntiVirus moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LiveUpdate moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec moved successfully.
C:\Program Files\GamesBar moved successfully.
C:\Program Files\Navilog1\Safebackup moved successfully.
C:\Program Files\Navilog1\Report moved successfully.
C:\Program Files\Navilog1\Contents moved successfully.
C:\Program Files\Navilog1\Backupnavi moved successfully.
C:\Program Files\Navilog1 moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared moved successfully.
C:\DOCUME~1\HP_PRO~1\APPLIC~1\GameHouse moved successfully.
C:\Program Files\GameHouse\Pizza Frenzy moved successfully.
C:\Program Files\GameHouse\Mystery P.I. - The Lottery Ticket\store\images moved successfully.
C:\Program Files\GameHouse\Mystery P.I. - The Lottery Ticket\store moved successfully.
C:\Program Files\GameHouse\Mystery P.I. - The Lottery Ticket moved successfully.
C:\Program Files\GameHouse\Cake Mania 2\store\images moved successfully.
C:\Program Files\GameHouse\Cake Mania 2\store moved successfully.
C:\Program Files\GameHouse\Cake Mania 2\help\img moved successfully.
C:\Program Files\GameHouse\Cake Mania 2\help\game_img moved successfully.
C:\Program Files\GameHouse\Cake Mania 2\help moved successfully.
C:\Program Files\GameHouse\Cake Mania 2\data moved successfully.
C:\Program Files\GameHouse\Cake Mania 2 moved successfully.
C:\Program Files\GameHouse moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF4414.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF442A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_C6G19xAwNMvRwhf scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_230348

Files moved on Reboot...
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log moved successfully.
File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF4414.tmp not found!
File C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF442A.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat not found!
File C:\WINDOWS\temp\sqlite_C6G19xAwNMvRwhf not found!
0
Réponse 48 / 149
afideg Messages postés 10517 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
 
Salut Martin

Regarde ceci (en ComboFix):

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
(==> vois avec SmitfraudFix)

c:\windows\Downloaded Program Files\DinerDash.1.0.0.80.dll - O16 -: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}

hxxp://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80.inf


Bonne nuit
Albert
0
Réponse 49 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
je vais dormir j espere qu on pourra continuer demain si tu c es
merci beaucoup pour ton aide
passe une bonne nuit
0
Réponse 50 / 149
Utilisateur anonyme
 
bonjour marjo31 , bonjour Afideg . Désolés j'ai capoté hier .

Afideg , merci pour le coups de pouce , je n'avais pas fait le rapprochement (-_-)


marjo31 fait ceci



télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.
0
Réponse 51 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
bonjour bonjour vous allez bien?
voici le rapport
encor merci a vous de m aider

SmitFraudFix v2.385

Rapport fait à 11:13:49,50, dim. 14/12/2008
Executé à partir de C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propriétaire


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propriétaire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{042D39EC-C809-4B1F-818D-28FF3BE59234}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{042D39EC-C809-4B1F-818D-28FF3BE59234}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{042D39EC-C809-4B1F-818D-28FF3BE59234}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 52 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
bonjour
je n est pas de cles usb est que je peux lancer sans
0
Réponse 53 / 149
Utilisateur anonyme
 
bonjour , Al ;-) et merci .

marjo31 oui tu peu le lancer usbfix sans clé usb si tu n'en as pas , ce n'est pas un soucis .
0
Réponse 54 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
voici le rapport je relance maintenant avec l option 2


-------------- UsbFix V2.413.4 ---------------

* User : HP_Propri‚taire - PROPRITAIRE
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 14:41:07 le dim. 14/12/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[04/08/2004 13:00][-rahs----] C:\NTDETECT.COM
[23/11/2008 15:10][--a------] C:\farm_frenzy_2-setup.exe
[23/11/2008 15:10][--a------] C:\fff-reflexv2.exe
[23/11/2008 15:10][--a------] C:\HJTInstall.exe
[31/10/2007 10:13][-rahs----] C:\boot.ini
[12/12/2008 22:20][--a------] C:\ComboFix.txt
[12/12/2008 22:20][--a------] C:\fixnavi.txt
[12/12/2008 22:20][--a------] C:\lopR.txt
[12/12/2008 22:20][--a------] C:\rapport.txt
[12/12/2008 22:20][--a------] C:\UsbFix.txt
[][] C:\hiberfil.sys
[][] C:\IO.SYS
[][] C:\MSDOS.SYS
[][] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe


+- Listing des fichiers présents :

[27/07/2001 22:07][---hs----] D:\AUTOEXEC.BAT
[25/07/2001 14:00][---hs----] D:\NTDETECT.COM
[30/11/2004 11:01][---hs----] D:\Info.exe
[09/01/2002 10:52][---hs----] D:\BOOT.INI
[09/01/2002 10:52][---hs----] D:\Desktop.ini
[09/01/2002 10:52][---hs----] D:\ST_LOG.INI
[09/01/2002 10:52][---hs----] D:\WINBOM.INI
[10/09/2002 00:21][---hs----] D:\Folder.htt
[27/07/2001 22:07][---hs----] D:\CONFIG.SYS
[27/07/2001 22:07][---hs----] D:\IO.SYS
[27/07/2001 22:07][---hs----] D:\MSDOS.SYS
[27/07/2001 22:07][---hs----] D:\HPCD.sys

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
uTorrent="C:\Program Files\uTorrent\uTorrent.exe"
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RTHDCPL=RTHDCPL.EXE
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /installquiet /keeploaded /nodetect
HPHUPD08=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
PCMService="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
HPBootOp="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
PinnacleDriverCheck=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
AGEIA PhysX SysTray=C:\Program Files\AGEIA Technologies\TrayIcon.exe
BigDogPath=C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
Control Kids=C:\Program Files\Control Kids\Control kids.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [14/12/2008 11:13][--a------] C:\WINDOWS\system32\tmp.reg
Supprimé ! - [14/12/2008 11:13][--a------] C:\WINDOWS\system32\tmp.txt
Supprimé ! - [10/09/2002 00:21][---hs----] D:\Folder.htt
Supprimé ! - [30/11/2004 11:01][---hs----] D:\info.exe

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[04/08/2004 13:00][-rahs----] C:\NTDETECT.COM
[23/11/2008 15:10][--a------] C:\farm_frenzy_2-setup.exe
[23/11/2008 15:10][--a------] C:\fff-reflexv2.exe
[23/11/2008 15:10][--a------] C:\HJTInstall.exe
[31/10/2007 10:13][-rahs----] C:\boot.ini
[27/07/2001 22:07][---hs----] D:\AUTOEXEC.BAT
[25/07/2001 14:00][---hs----] D:\NTDETECT.COM
[09/01/2002 10:52][---hs----] D:\BOOT.INI
[09/01/2002 10:52][---hs----] D:\Desktop.ini
[09/01/2002 10:52][---hs----] D:\ST_LOG.INI
[09/01/2002 10:52][---hs----] D:\WINBOM.INI

--------------- ! Fin du rapport ! ----------------
0
Réponse 55 / 149
Utilisateur anonyme
 
Bien poste un nouveau rapport hijackthis on va regarder ce qu'il en est .
0
Réponse 56 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
ok voila
Logfile of HijackThis v1.99.1
Scan saved at 15:13:58, on 14/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [Control Kids] C:\Program Files\Control Kids\Control kids.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 57 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
voila


Logfile of HijackThis v1.99.1
Scan saved at 15:13:58, on 14/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [Control Kids] C:\Program Files\Control Kids\Control kids.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 58 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
bonjour afideg

est que je dois faire quelque chose avec le lien envoyé ?
0
Réponse 59 / 149
afideg Messages postés 10517 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
 
Re,

Oui, tu dois exécuter ceci http://www.commentcamarche.net/forum/affich 9866034 pc infecte rapport hitachi fait et avg que do?page=3#63

Mais le lien du tutoriel donné par MLKing est bloqué
Utilise celui de Malekal_morte


à+..
Al.

-

Patience-Vigilance-Amour.
0
Réponse 60 / 149
marjo31 Messages postés 174 Date d'inscription   Statut Membre Dernière intervention   2
 
voila le rapport fait avec le lien activ scan panda


This action will cancel the scan.
Are you sure you want to cancel the scan?
US$ 12.95Close US$ 12.95Close
Language >>
Deutsch English Español Français Italiano Nederlands Português Русский Svenska | Sign out | My account marjoriedetournai@hotmail.com Home | Give us your opinion! | Help
Results
Scanning
Searching for viruses, spyware, Trojans and other threats. This process can take more than an hour, depending on the amount of information stored on your computer.

100%
Item in progress: D:\I386\DRV\APP31174\SRC\runHSC.exe
Files scanned: 582907
Files infected: 51
Suspicious files detected: 21
Vulnerabilities detected: 0


You are infected!



We have detected that the avast! antivirus 4.8.1229 [VPS 000000-0] protection installed on your PC is disabled and not up-to-date.

You need better protection for your PC. With Panda solutions you will be protected against more than 13 million viruses, spyware and other threats.





















«« Back to homeBASIC

Export to:
Threats with free disinfection (8)
Medium danger level (4) Trj/Hino.F Virus Latent Show + Info Not disinfectable
1. C:\Documents and Settings\HP_Propriétaire\Sha...e][file.exe][mpxpass.exe][mpxa.exe]

Trj/Zlob.IS Virus Latent Show + Info Not disinfectable
1. C:\Documents and Settings\HP_Propriétaire\Sha...xe][file.exe][mpxpass.exe][mpt.exe]

W32/OscarBot.U... Virus Latent Show + Info Not disinfectable
1. C:\Documents and Settings\HP_Propriétaire\Sha...xe][MediaTubeCodec_ver1.1504.0.exe]

Trj/Keylogger.... Virus Latent Show + Info
1. C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe


Low danger level (4) Generic Malwar... Virus Latent Show + Info Not disinfectable
1. C:\System Volume Information\_restore{F75EEC6...23\A0027747.exe][SDFix\catchme.exe]
2. C:\SDFix\apps\Cghtme.exe
3. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP123\A0027679.exe
4. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP123\A0027769.exe
5. C:\Documents and Settings\HP_Propriétaire\Bur...ureau\SDFix.exe][SDFix\catchme.exe]
6. C:\Documents and Settings\HP_Propriétaire\Bur...u\SDFix.exe][SDFix\apps\Cghtme.exe]
7. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP124\A0028015.exe
8. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP122\A0027380.exe
9. C:\SDFix\catchme.exe
10. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP122\A0027381.exe
11. C:\System Volume Information\_restore{F75EEC6...0027747.exe][SDFix\apps\Cghtme.exe]
12. C:\System Volume Information\_restore{F75EEC6...0027369.exe][SDFix\apps\Cghtme.exe]
13. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP123\A0027680.exe
14. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP124\A0028008.exe
15. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP123\A0027770.exe
16. C:\System Volume Information\_restore{F75EEC6...22\A0027369.exe][SDFix\catchme.exe]
17. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP123\A0027553.exe
18. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP123\A0027554.exe

Rootkit/Booto.... Virus Latent Show + Info
1. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP124\A0027910.sys

Generic Trojan Virus Latent Show + Info Not disinfectable
1. C:\jeux\Jeux Zylom\Installe games et crack.rar[CRACK\tumblebugs.exe]

Generic Trojan Virus Latent Show + Info Not disinfectable
1. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP121\A0025924.exe
2. C:\film\PhotoFiltre Studio 9 + Keygen[Team@QC...io 9 + Keygen[Team@QCP]\Keygen.exe]



Threats disinfected with the paid version (18)
Medium danger level (1) spyware/client... Spyware Latent Show + Info
1. HKEY_CURRENT_USER\Software\Microsoft\Windows\...ADDC14-BD46-408A-9842-CDBE1C6D37EB}


Low danger level (17) Cookie/Apmebf Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@apmebf[1].txt

Cookie/Xiti Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@xiti[2].txt
2. C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@xiti[1].txt

Application/Ps... Tracking Application Latent Show + Info
1. C:\System Volume Information\_restore{F75EEC6...B4-6A3A275301C4}\RP124\A0027927.EXE

Cookie/Serving... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Coo..._propriétaire@bs.serving-sys[1].txt

Cookie/Mediapl... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Coo...es\hp_propriétaire@mediaplex[1].txt

Application/Ni... Tracking Application Latent Show + Info
1. C:\Program Files\UsbFix\Tools\nircmd.exe

Adware/eAntivi... Adware Latent Show + Info
1. C:\SDFix\backups\backups.zip[backups/29F.tmp]
2. C:\SDFix\backups\backups.zip[backups/29E.tmp]
3. C:\SDFix\backups\backups.zip[backups/26B.tmp]
4. C:\SDFix\backups\backups.zip[backups/18D.tmp]

Cookie/Serving... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Coo...\hp_propriétaire@serving-sys[2].txt

Application/Hi... Tracking Application Latent Show + Info
1. C:\Program Files\Ad-remover\TOOLS\cmdow.exe

Cookie/Adverti... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Coo...\hp_propriétaire@advertising[2].txt

Application/Ul... Tracking Application Latent Show + Info
1. C:\SDFix\backups\backups.zip[backups/tdsspopup.dll]

Application/Sm... Tracking Application Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix.exe

Cookie/Atlas D... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@atdmt[3].txt
2. C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@atdmt[2].txt

Application/Bo... Tracking Application Latent Show + Info
1. C:\_OTMoveIt\MovedFiles\12132008_230348\Progr...ns\BOONTY Shared\Service\Boonty.exe

Cookie/Bluestr... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Coo...s\hp_propriétaire@bluestreak[1].txt

Cookie/Doublec... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Coo...\hp_propriétaire@doubleclick[2].txt
2. C:\Documents and Settings\HP_Propriétaire\Coo...\hp_propriétaire@doubleclick[1].txt

Cookie/MetriWe... Tracking Cookie Latent Show + Info
1. C:\Documents and Settings\HP_Propriétaire\Coo...ies\hp_propriétaire@metriweb[2].txt
2. C:\Documents and Settings\HP_Propriétaire\Coo...ies\hp_propriétaire@metriweb[1].txt


Only available in paid version.
Buy - I am a client
Suspicious files (21)
C:\WINDOWS\system32\404Fix.exe
C:\Program Files\Zylom Games\Tumblebugs Deluxe\tumblebugs.dll
C:\Program Files\Zylom Games\Mirror Magic Deluxe\mirrormagic.dll
C:\Program Files\Zylom Games\Birds on a Wire Deluxe\birdsonawire.dll
C:\Documents and Settings\HP_Propriétaire\Bur...ix.exe[32788R22FWJFW\catchme.cfexe]
C:\Documents and Settings\HP_Propriétaire\Bur...ix.exe[32788R22FWJFW\catchme.cfexe]
C:\Program Files\7 Wonders Treasures of Seven\7 Wonders - Treasures of Seven.exe
C:\Lop SD\catchme.exe
C:\jeux\Jeux Zylom\Installe games et crack.rar[CRACK\deliciouswinteredition.dll]
C:\Documents and Settings\HP_Propriétaire\Sha...lection.exe][file.exe][payload.exe]
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\VACFix.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\IEDFix.C.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\Agent.OMZ.Fix.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\404Fix.exe
C:\_OTMoveIt\MovedFiles\12132008_230348\Program Files\Navilog1\catchme.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\LopSD.exe
C:\WINDOWS\system32\VACFix.exe
C:\Documents and Settings\HP_Propriétaire\Bur...ix.exe[32788R22FWJFW\catchme.cfexe]
C:\WINDOWS\system32\IEDFix.C.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
C:\WINDOWS\system32\Agent.OMZ.Fix.exe


Vulnerabilities (0)

Terms and conditions of use - © Panda Security 2008 Now, just by registering, you can run custom scans and disinfect viruses, worms and Trojans.
It's free!

ActiveScan 2.0 offers you much more.

Free
ActiveScan 2.0
(requires registration) From
US$ 12.95
ActiveScan 2.0 From
US$ 29.97
Full protection
Quick scan
Full scan
Disinfection of viruses, worms and Trojans.
Disinfect spyware and other threats
Permanent protection
(Protects your computer continuously)

Enter your account

User name:

lblErrorEmail

Password:

lblPasswordError

Remember me on this computer

Have you forgotten your password? Enter your account

Thanks for registering!


You will shortly receive a message to confirm your registration and you can then access ActiveScan 2.0.


Note: check your spam (junk email) folder, just in case the message we have sent you has been moved there.
User name:
Password:

Remember me on this computer
Have you forgotten your password?
Have you forgotten your password?

Enter your e-mail, we will send your password to the e-mail address you gave us when you registered:
Email address:

«« Back

Registration details

Use your email address and password to access ActiveScan 2.0. Enter a valid email address, as you will receive an email message at that address to confirm registration.
Email address:
Password:
Repeat password:
I want to receive the latest news about ActiveScan 2.0. I would also like to receive information on relevant promotions from Panda Security and/or its international representatives.

* Panda Security will send this information via email or other equivalent form of communication (e.g. SMS).
I do not want to receive any type of information.

«« Back

The information about the protection installed and its status is collected from the Windows Security Center and could be subject to errors.


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-14 22:08:53
PROTECTIONS: 1
MALWARE: 26
SUSPECTS: 21
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 000000-0] 4.8.1229 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00110532 spyware/clientman Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@atdmt[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@mediaplex[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@xiti[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@bs.serving-sys[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@advertising[2].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@metriweb[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@metriweb[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@bluestreak[1].txt
00288208 Application/HideWindow.S HackTools No 0 Yes No C:\Program Files\Ad-remover\TOOLS\cmdow.exe
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\UsbFix\Tools\nircmd.exe
00433772 Trj/Keylogger.EI Virus/Trojan No 1 Yes No C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP124\A0027927.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP124\A0027910.sys
02990320 Application/BoontyGames HackTools No 0 Yes No C:\_OTMoveIt\MovedFiles\12132008_230348\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
03432039 Trj/Hino.F Virus/Trojan No 1 No No C:\Documents and Settings\HP_Propriétaire\Shared\17.Pokemon.Games\17.Pokemon.Games.rar[PokemonCollection.exe][PokemonCollection.exe][file.exe][mpxpass.exe][mpxa.exe]
03469674 Trj/Zlob.IS Virus/Trojan No 1 No No C:\Documents and Settings\HP_Propriétaire\Shared\17.Pokemon.Games\17.Pokemon.Games.rar[PokemonCollection.exe][PokemonCollection.exe][file.exe][mpxpass.exe][mpt.exe]
03477235 Application/SmithFraudFix.A HackTools No 0 Yes No C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix.exe
03488713 W32/OscarBot.UG Virus/Worm No 1 No No C:\Documents and Settings\HP_Propriétaire\Shared\17.Pokemon.Games\17.Pokemon.Games.rar[PokemonCollection.exe][PokemonCollection.exe][file.exe][MediaTubeCodec_ver1.1504.0.exe]
03548831 Adware/eAntivirusPro Adware No 0 Yes No C:\SDFix\backups\backups.zip[backups/29F.tmp]
03548831 Adware/eAntivirusPro Adware No 0 Yes No C:\SDFix\backups\backups.zip[backups/29E.tmp]
03548831 Adware/eAntivirusPro Adware No 0 Yes No C:\SDFix\backups\backups.zip[backups/18D.tmp]
03548831 Adware/eAntivirusPro Adware No 0 Yes No C:\SDFix\backups\backups.zip[backups/26B.tmp]
03682902 Application/UltimateDefender HackTools No 0 Yes No C:\SDFix\backups\backups.zip[backups/tdsspopup.dll]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\HP_Propriétaire\Bureau\SDFix.exe[C:\Documents and Settings\HP_Propri├⌐taire\Bureau\SDFix.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP122\A0027369.exe[C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP122\A0027369.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\HP_Propriétaire\Bureau\SDFix.exe[C:\Documents and Settings\HP_Propri├⌐taire\Bureau\SDFix.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP122\A0027380.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP122\A0027381.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP122\A0027369.exe[C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP122\A0027369.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027554.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027679.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027680.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027747.exe[C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027747.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027747.exe[C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027747.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027769.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027770.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP124\A0028015.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP123\A0027553.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP124\A0028008.exe
03919029 Generic Trojan Virus/Trojan No 0 No No C:\jeux\Jeux Zylom\Installe games et crack.rar[CRACK\tumblebugs.exe]
04313325 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP121\A0025924.exe
04313325 Generic Trojan Virus/Trojan No 0 No No C:\film\PhotoFiltre Studio 9 + Keygen[Team@QCP].rar[PhotoFiltre Studio 9 + Keygen[Team@QCP]\Keygen.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location &R
;===================================================================================================================================================================================
No C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe &R
No C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe] &R
No C:\Documents and Settings\HP_Propriétaire\Bureau\LopSD.exe &R
No C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\404Fix.exe &R
No C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\Agent.OMZ.Fix.exe &R
No C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\IEDFix.C.exe &R
No C:\Documents and Settings\HP_Propriétaire\Bureau\SmitfraudFix\VACFix.exe &R
No C:\Documents and Settings\HP_Propriétaire\Shared\17.Pokemon.Games\17.Pokemon.Games.rar[PokemonCollection.exe][PokemonCollection.exe][file.exe][payload.exe]
No C:\jeux\Jeux Zylom\Installe games et crack.rar[CRACK\deliciouswinteredition.dll] &R
No C:\Lop SD\catchme.exe &R
No C:\Program Files\7 Wonders Treasures of Seven\7 Wonders - Treasures of Seven.exe &R
No C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe] &R
No C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe] &R
No C:\Program Files\Zylom Games\Birds on a Wire Deluxe\birdsonawire.dll &R
No C:\Program Files\Zylom Games\Mirror Magic Deluxe\mirrormagic.dll &R
No C:\Program Files\Zylom Games\Tumblebugs Deluxe\tumblebugs.dll &R
No C:\WINDOWS\system32\404Fix.exe &R
No C:\WINDOWS\system32\Agent.OMZ.Fix.exe &R
No C:\WINDOWS\system32\IEDFix.C.exe &R
No C:\WINDOWS\system32\VACFix.exe &R
No C:\_OTMoveIt\MovedFiles\12132008_230348\Program Files\Navilog1\catchme.exe &R
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description &R
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0