Rootkit rapport navilog - Page 2

Précédent
  • 1
  • 2
  1. roro84150
     
    j'ai tout mis se quil ma trouver dans la liste des exclusions de malwarebytes .aprés je fais quoi?
    0
  2. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  3. roro84150
     
    re bonjours alors j'ai tout fait en mode sens échec et tout j'ai fait l'analyse j'ai virer se que malwarebyte a trouvers et j'ai toujours es virus quesque je dois faire?
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  5. roro84150
     
    je voudrais savoir pk faut-il faire une consol de récupération sur le disque c'est vrément obliger? sinon escque se logiciel
    peut déteriorer mon ordinateur?
    0
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tu suis le manuel cela ira : ferme tes antivirus ...
    0
  7. roro84150
     
    alors voila j'ai tout fait correctement j'ai toujorus le virus voila le rapport ComboFix 08-12-14.05 - Utilisateur 2008-12-15 17:18:40.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1590 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Utilisateur\Mes documents\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Utilisateur\ravmonlog

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-15 13:47 . 2008-10-25 16:17 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-15 13:47 . 2008-12-15 13:47 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-12-15 13:46 . 2008-12-15 13:47 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-15 10:34 . 2008-12-15 13:22 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-15 10:34 . 2008-12-15 10:34 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
    2008-12-15 10:34 . 2008-12-15 10:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-15 10:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-15 10:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-14 19:55 . 2008-12-14 20:00 <REP> d-------- c:\documents and settings\Utilisateur\Pavark
    2008-12-14 18:59 . 2008-12-14 20:05 <REP> d-------- c:\program files\UsbFix
    2008-12-14 18:41 . 2008-12-14 18:42 <REP> d-------- C:\rsit
    2008-12-14 18:41 . 2008-12-14 18:42 <REP> d-------- c:\program files\trend micro
    2008-12-14 18:18 . 2008-12-14 18:18 84 --a------ c:\windows\system32\ikhcore.cfg
    2008-12-12 10:14 . 2008-12-12 10:14 <REP> d-------- c:\program files\3DO
    2008-12-12 10:14 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe
    2008-12-11 14:45 . 2008-12-11 14:45 <REP> d-------- c:\program files\Bethesda Softworks
    2008-12-07 20:23 . 2008-12-07 20:23 244 --ah----- C:\sqmnoopt04.sqm
    2008-12-07 20:23 . 2008-12-07 20:23 232 --ah----- C:\sqmdata04.sqm
    2008-12-02 17:18 . 2008-12-14 18:32 <REP> d-------- c:\program files\Navilog1
    2008-12-02 15:25 . 2008-12-02 15:25 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\OpenOffice.org
    2008-12-02 14:28 . 2008-12-14 18:19 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2008-11-29 18:23 . 2008-11-29 18:41 <REP> d-------- C:\DVDVideoSoft
    2008-11-29 18:03 . 2008-11-29 18:36 <REP> d-------- c:\program files\Fichiers communs\DVDVideoSoft
    2008-11-29 18:03 . 2008-11-29 18:03 <REP> d-------- c:\program files\DVDVideoSoft
    2008-11-29 17:45 . 2008-11-29 17:52 <REP> d-------- c:\program files\LimeWire
    2008-11-27 09:52 . 2008-11-27 09:52 <REP> d-------- c:\program files\Alwil Software
    2008-11-23 16:14 . 2008-11-23 16:14 268 --ah----- C:\sqmdata03.sqm
    2008-11-23 16:14 . 2008-11-23 16:14 244 --ah----- C:\sqmnoopt03.sqm
    2008-11-23 11:48 . 2008-11-23 11:48 244 --ah----- C:\sqmnoopt02.sqm
    2008-11-23 11:48 . 2008-11-23 11:48 232 --ah----- C:\sqmdata02.sqm
    2008-11-23 11:10 . 2008-11-23 11:10 244 --ah----- C:\sqmnoopt01.sqm
    2008-11-23 11:10 . 2008-11-23 11:10 232 --ah----- C:\sqmdata01.sqm
    2008-11-21 18:03 . 2008-11-23 17:19 319 --a------ c:\windows\game.ini
    2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll
    2008-11-18 18:22 . 2008-11-18 18:22 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Disney Interactive Studios
    2008-11-18 17:32 . 2008-11-18 18:21 <REP> d-------- c:\program files\Disney Interactive Studios
    2008-11-18 17:31 . 2008-11-18 17:31 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\InstallShield
    2008-11-18 17:22 . 2008-04-14 13:00 94,720 --a------ c:\windows\system32\bitsprx.dll
    2008-11-18 16:27 . 2008-11-29 17:51 <REP> d-------- c:\windows\system32\References
    2008-11-18 16:15 . 2008-11-18 16:15 107,888 --a------ c:\windows\system32\CmdLineExt.dll
    2008-11-18 16:06 . 2008-11-18 16:06 <REP> d-------- c:\windows\Logs
    2008-11-18 16:06 . 2008-11-19 21:15 1,004 --a------ c:\windows\disney.ini
    2008-11-18 03:05 . 2008-11-18 03:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\DAEMON Tools
    2008-11-18 03:05 . 2008-11-18 03:05 717,296 --a------ c:\windows\system32\drivers\sptd.sys
    2008-11-16 17:12 . 2008-11-16 17:12 <REP> d-------- c:\program files\uTorrent
    2008-11-16 17:12 . 2008-11-20 13:20 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\uTorrent
    2008-11-16 14:42 . 2008-12-07 11:00 <REP> d-------- c:\program files\eMule

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-15 16:19 81,984 ----a-w c:\windows\system32\bdod.bin
    2008-12-15 15:28 --------- d-----w c:\program files\Wanadoo
    2008-12-15 15:28 --------- d-----w c:\program files\Steam
    2008-12-15 13:41 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Xfire
    2008-12-15 11:12 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
    2008-12-15 11:12 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-12-12 07:38 --------- d-----w c:\program files\Xfire
    2008-11-29 16:52 --------- d-----w c:\documents and settings\Utilisateur\Application Data\LimeWire
    2008-11-23 16:22 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
    2008-11-23 16:21 --------- d-----w c:\program files\mIRC
    2008-11-23 16:21 --------- d-----w c:\documents and settings\Utilisateur\Application Data\mIRC
    2008-11-23 16:20 22,328 ----a-w c:\documents and settings\Utilisateur\Application Data\PnkBstrK.sys
    2008-11-23 16:10 --------- d-----w c:\program files\Activision
    2008-11-23 16:03 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-18 14:32 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Ahead
    2008-11-17 18:54 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
    2008-11-14 11:58 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Sierra
    2008-11-14 11:57 --------- d-----w c:\program files\GameSpy Arcade
    2008-11-14 11:50 --------- d-----w c:\program files\Sierra
    2008-11-02 13:43 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Mumble
    2008-11-01 17:20 682,280 ----a-w c:\windows\system32\pbsvc.exe
    2008-11-01 13:16 --------- d-----w c:\program files\Mumble
    2008-10-29 11:07 --------- d-----w c:\documents and settings\Utilisateur\Application Data\teamspeak2
    2008-10-29 10:56 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
    2008-10-28 19:53 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Samsung
    2008-10-28 19:06 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
    2008-10-28 18:55 --------- d-----w c:\program files\DIFX
    2008-10-28 18:54 --------- d-----w c:\program files\Samsung
    2008-10-28 18:53 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-28 17:43 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys
    2008-10-28 17:14 --------- d-----w c:\documents and settings\Utilisateur\Application Data\vlc
    2008-10-28 12:59 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
    2008-10-27 12:46 --------- d-----w c:\program files\Teamspeak2_RC2
    2008-10-26 20:55 --------- d-----w c:\program files\MSXML 4.0
    2008-10-26 12:24 --------- d-----w c:\program files\Microsoft Games
    2008-10-25 19:15 --------- d-----w c:\program files\Windows Live
    2008-10-25 19:14 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-10-25 19:14 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
    2008-10-25 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-10-25 18:52 86,792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
    2008-10-25 18:50 77,824 ----a-w c:\windows\system32\xcomm.dll
    2008-10-25 18:44 --------- d-----w c:\program files\Wanadoo Messager
    2008-10-25 18:40 --------- d-----w c:\program files\SAGEM Wi-Fi USB 802.11g
    2008-10-25 18:39 --------- d-----w c:\program files\SAGEM
    2008-10-25 18:10 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2008-10-25 18:05 --------- d-----w c:\program files\Razer
    2008-10-25 17:53 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
    2008-10-25 17:52 --------- d-----w c:\program files\Fichiers communs\BitDefender
    2008-10-25 17:52 --------- d-----w c:\program files\BitDefender
    2008-10-25 17:52 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Bitdefender
    2008-10-25 15:40 --------- d-----w c:\program files\Nero
    2008-10-25 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
    2008-10-25 15:38 --------- d-----w c:\program files\Opera
    2008-10-25 15:38 --------- d-----w c:\program files\OpenOffice.org 3
    2008-10-25 15:38 --------- d-----w c:\program files\JRE
    2008-10-25 15:38 --------- d-----w c:\program files\Java
    2008-10-25 15:38 --------- d-----w c:\program files\Fichiers communs\Java
    2008-10-25 15:37 --------- d-----w c:\program files\VideoLAN
    2008-10-25 15:37 --------- d-----w c:\program files\Foxit Software
    2008-10-25 15:33 --------- d-----w c:\program files\Intel
    2008-10-25 15:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2008-10-25 15:30 --------- d-----w c:\program files\AGEIA Technologies
    2008-10-25 15:27 315,392 ----a-w c:\windows\HideWin.exe
    2008-10-25 15:27 --------- d-----w c:\program files\Realtek
    2008-10-25 15:25 --------- d-----w c:\program files\ASUS
    2008-10-25 15:20 --------- d-----w c:\program files\microsoft frontpage
    2008-10-25 15:19 --------- d-----w c:\program files\Services en ligne
    2008-10-25 14:40 --------- d-----w c:\program files\Fichiers communs\Ahead
    2008-10-25 14:39 --------- d-----w c:\program files\Windows Media Connect 2
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 11:22 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
    2008-10-13 07:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48DE0442-3C01-4AEA-B3E0-AA2C6AF1D51F}]
    2008-04-14 13:00 94720 --a------ c:\windows\system32\bitsprx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
    "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Steam"="c:\program files\Steam\Steam.exe" [2008-10-25 1410296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-17 13672448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-17 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-10-25 368640]
    "razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2008-10-17 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2008-10-25 835584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\robin84\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Disney Interactive Studios\\Pure\\Game\\Pure.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\robin84\\half-life 2 deathmatch\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16765:TCP"= 16765:TCP:NortonAV
    "14961:TCP"= 14961:TCP:NortonAV

    R0 kmvijjpy;kmvijjpy;c:\windows\system32\drivers\kmvijjpy.sys [2008-04-14 23424]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2007-10-19 86792]
    R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-10-25 36864]
    R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\Drivers\Razerlow.sys [2008-10-25 19020]
    S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2008-10-25 260608]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    *Newly Created Service* - PROCEXP90
    *Newly Created Service* - ZDPNDIS5
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 17:19:45
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
    .
    Heure de fin: 2008-12-15 17:20:14
    ComboFix-quarantined-files.txt 2008-12-15 16:20:02

    Avant-CF: 705 740 292 096 octets libres
    Après-CF: 705,765,609,472 octets libres

    241 --- E O F --- 2008-12-12 08:35:35
    mon pc a pas redémarer c'est normale?
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    kmvijjpy

    File::
    c:\windows\system32\bitsprx.dll
    c:\windows\system32\drivers\kmvijjpy.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48DE0442-3C01-4AEA-B3E0-AA2C6AF1D51F}]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  9. roro84150
     
    alors alors voila le rapport de combofix:
    ComboFix 08-12-14.05 - Utilisateur 2008-12-15 17:49:23.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1555 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Utilisateur\Mes documents\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Utilisateur\Bureau\CFscript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\bitsprx.dll
    c:\windows\system32\drivers\kmvijjpy.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\bitsprx.dll
    c:\windows\system32\drivers\kmvijjpy.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_kmvijjpy
    -------\Service_kmvijjpy

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-15 13:47 . 2008-10-25 16:17 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d-------- c:\documents and settings\Administrateur\Favoris
    2008-12-15 13:47 . 2008-10-25 18:01 <REP> d-------- c:\documents and settings\Administrateur\Bureau
    2008-12-15 13:47 . 2008-12-15 13:47 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-12-15 13:46 . 2008-12-15 13:47 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-15 10:34 . 2008-12-15 13:22 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-15 10:34 . 2008-12-15 10:34 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
    2008-12-15 10:34 . 2008-12-15 10:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-15 10:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-15 10:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-14 19:55 . 2008-12-14 20:00 <REP> d-------- c:\documents and settings\Utilisateur\Pavark
    2008-12-14 18:59 . 2008-12-14 20:05 <REP> d-------- c:\program files\UsbFix
    2008-12-14 18:41 . 2008-12-14 18:42 <REP> d-------- C:\rsit
    2008-12-14 18:41 . 2008-12-14 18:42 <REP> d-------- c:\program files\trend micro
    2008-12-14 18:18 . 2008-12-14 18:18 84 --a------ c:\windows\system32\ikhcore.cfg
    2008-12-12 10:14 . 2008-12-12 10:14 <REP> d-------- c:\program files\3DO
    2008-12-12 10:14 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe
    2008-12-11 14:45 . 2008-12-11 14:45 <REP> d-------- c:\program files\Bethesda Softworks
    2008-12-07 20:23 . 2008-12-07 20:23 244 --ah----- C:\sqmnoopt04.sqm
    2008-12-07 20:23 . 2008-12-07 20:23 232 --ah----- C:\sqmdata04.sqm
    2008-12-02 17:18 . 2008-12-14 18:32 <REP> d-------- c:\program files\Navilog1
    2008-12-02 15:25 . 2008-12-02 15:25 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\OpenOffice.org
    2008-12-02 14:28 . 2008-12-14 18:19 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2008-11-29 18:23 . 2008-11-29 18:41 <REP> d-------- C:\DVDVideoSoft
    2008-11-29 18:03 . 2008-11-29 18:36 <REP> d-------- c:\program files\Fichiers communs\DVDVideoSoft
    2008-11-29 18:03 . 2008-11-29 18:03 <REP> d-------- c:\program files\DVDVideoSoft
    2008-11-29 17:45 . 2008-11-29 17:52 <REP> d-------- c:\program files\LimeWire
    2008-11-27 09:52 . 2008-11-27 09:52 <REP> d-------- c:\program files\Alwil Software
    2008-11-23 16:14 . 2008-11-23 16:14 268 --ah----- C:\sqmdata03.sqm
    2008-11-23 16:14 . 2008-11-23 16:14 244 --ah----- C:\sqmnoopt03.sqm
    2008-11-23 11:48 . 2008-11-23 11:48 244 --ah----- C:\sqmnoopt02.sqm
    2008-11-23 11:48 . 2008-11-23 11:48 232 --ah----- C:\sqmdata02.sqm
    2008-11-23 11:10 . 2008-11-23 11:10 244 --ah----- C:\sqmnoopt01.sqm
    2008-11-23 11:10 . 2008-11-23 11:10 232 --ah----- C:\sqmdata01.sqm
    2008-11-21 18:03 . 2008-11-23 17:19 319 --a------ c:\windows\game.ini
    2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll
    2008-11-18 18:22 . 2008-11-18 18:22 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Disney Interactive Studios
    2008-11-18 17:32 . 2008-11-18 18:21 <REP> d-------- c:\program files\Disney Interactive Studios
    2008-11-18 17:31 . 2008-11-18 17:31 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\InstallShield
    2008-11-18 16:27 . 2008-11-29 17:51 <REP> d-------- c:\windows\system32\References
    2008-11-18 16:15 . 2008-11-18 16:15 107,888 --a------ c:\windows\system32\CmdLineExt.dll
    2008-11-18 16:06 . 2008-11-18 16:06 <REP> d-------- c:\windows\Logs
    2008-11-18 16:06 . 2008-11-19 21:15 1,004 --a------ c:\windows\disney.ini
    2008-11-18 03:05 . 2008-11-18 03:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\DAEMON Tools
    2008-11-18 03:05 . 2008-11-18 03:05 717,296 --a------ c:\windows\system32\drivers\sptd.sys
    2008-11-16 17:12 . 2008-11-16 17:12 <REP> d-------- c:\program files\uTorrent
    2008-11-16 17:12 . 2008-11-20 13:20 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\uTorrent
    2008-11-16 14:42 . 2008-12-07 11:00 <REP> d-------- c:\program files\eMule

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-15 16:52 --------- d-----w c:\program files\Wanadoo
    2008-12-15 16:52 --------- d-----w c:\program files\Steam
    2008-12-15 16:50 81,984 ----a-w c:\windows\system32\bdod.bin
    2008-12-15 13:41 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Xfire
    2008-12-15 11:12 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
    2008-12-15 11:12 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-12-12 07:38 --------- d-----w c:\program files\Xfire
    2008-11-29 16:52 --------- d-----w c:\documents and settings\Utilisateur\Application Data\LimeWire
    2008-11-23 16:22 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
    2008-11-23 16:21 --------- d-----w c:\program files\mIRC
    2008-11-23 16:21 --------- d-----w c:\documents and settings\Utilisateur\Application Data\mIRC
    2008-11-23 16:20 22,328 ----a-w c:\documents and settings\Utilisateur\Application Data\PnkBstrK.sys
    2008-11-23 16:10 --------- d-----w c:\program files\Activision
    2008-11-23 16:03 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-18 14:32 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Ahead
    2008-11-17 18:54 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
    2008-11-14 11:58 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Sierra
    2008-11-14 11:57 --------- d-----w c:\program files\GameSpy Arcade
    2008-11-14 11:50 --------- d-----w c:\program files\Sierra
    2008-11-02 13:43 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Mumble
    2008-11-01 17:20 682,280 ----a-w c:\windows\system32\pbsvc.exe
    2008-11-01 13:16 --------- d-----w c:\program files\Mumble
    2008-10-29 11:07 --------- d-----w c:\documents and settings\Utilisateur\Application Data\teamspeak2
    2008-10-29 10:56 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
    2008-10-28 19:53 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Samsung
    2008-10-28 19:06 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
    2008-10-28 18:55 --------- d-----w c:\program files\DIFX
    2008-10-28 18:54 --------- d-----w c:\program files\Samsung
    2008-10-28 18:53 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-28 17:43 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys
    2008-10-28 17:14 --------- d-----w c:\documents and settings\Utilisateur\Application Data\vlc
    2008-10-28 12:59 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
    2008-10-27 12:46 --------- d-----w c:\program files\Teamspeak2_RC2
    2008-10-26 20:55 --------- d-----w c:\program files\MSXML 4.0
    2008-10-26 12:24 --------- d-----w c:\program files\Microsoft Games
    2008-10-25 19:15 --------- d-----w c:\program files\Windows Live
    2008-10-25 19:14 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-10-25 19:14 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
    2008-10-25 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-10-25 18:52 86,792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
    2008-10-25 18:50 77,824 ----a-w c:\windows\system32\xcomm.dll
    2008-10-25 18:44 --------- d-----w c:\program files\Wanadoo Messager
    2008-10-25 18:40 --------- d-----w c:\program files\SAGEM Wi-Fi USB 802.11g
    2008-10-25 18:39 --------- d-----w c:\program files\SAGEM
    2008-10-25 18:10 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2008-10-25 18:05 --------- d-----w c:\program files\Razer
    2008-10-25 17:53 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
    2008-10-25 17:52 --------- d-----w c:\program files\Fichiers communs\BitDefender
    2008-10-25 17:52 --------- d-----w c:\program files\BitDefender
    2008-10-25 17:52 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Bitdefender
    2008-10-25 15:40 --------- d-----w c:\program files\Nero
    2008-10-25 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
    2008-10-25 15:38 --------- d-----w c:\program files\Opera
    2008-10-25 15:38 --------- d-----w c:\program files\OpenOffice.org 3
    2008-10-25 15:38 --------- d-----w c:\program files\JRE
    2008-10-25 15:38 --------- d-----w c:\program files\Java
    2008-10-25 15:38 --------- d-----w c:\program files\Fichiers communs\Java
    2008-10-25 15:37 --------- d-----w c:\program files\VideoLAN
    2008-10-25 15:37 --------- d-----w c:\program files\Foxit Software
    2008-10-25 15:33 --------- d-----w c:\program files\Intel
    2008-10-25 15:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2008-10-25 15:30 --------- d-----w c:\program files\AGEIA Technologies
    2008-10-25 15:27 315,392 ----a-w c:\windows\HideWin.exe
    2008-10-25 15:27 --------- d-----w c:\program files\Realtek
    2008-10-25 15:25 --------- d-----w c:\program files\ASUS
    2008-10-25 15:20 --------- d-----w c:\program files\microsoft frontpage
    2008-10-25 15:19 --------- d-----w c:\program files\Services en ligne
    2008-10-25 14:40 --------- d-----w c:\program files\Fichiers communs\Ahead
    2008-10-25 14:39 --------- d-----w c:\program files\Windows Media Connect 2
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 11:22 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
    2008-10-13 07:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-15_17.19.52,93 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
    "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Steam"="c:\program files\Steam\Steam.exe" [2008-10-25 1410296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-17 13672448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-17 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-10-25 368640]
    "razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2008-10-17 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2008-10-25 835584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\robin84\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Disney Interactive Studios\\Pure\\Game\\Pure.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\robin84\\half-life 2 deathmatch\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16765:TCP"= 16765:TCP:NortonAV
    "14961:TCP"= 14961:TCP:NortonAV

    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2007-10-19 86792]
    R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-10-25 36864]
    R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\Drivers\Razerlow.sys [2008-10-25 19020]
    R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2008-10-25 260608]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    *Newly Created Service* - KMVIJJPY
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 17:52:02
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\FTRTSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    c:\program files\BitDefender\BitDefender 2008\vsserv.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    c:\progra~1\Wanadoo\TaskBarIcon.exe
    c:\program files\Razer\Copperhead\razertra.exe
    c:\program files\Razer\Copperhead\razerofa.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-15 17:53:18 - La machine a redémarré [Utilisateur]
    ComboFix-quarantined-files.txt 2008-12-15 16:53:16
    ComboFix2.txt 2008-12-15 16:20:14

    Avant-CF: 705 745 780 736 octets libres
    Après-CF: 705,696,706,560 octets libres

    271 --- E O F --- 2008-12-12 08:35:35

    puis voila le rapport hijackthis:
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Utilisateur at 2008-12-15 17:55:51
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 673 GB (94%) free of 715 GB
    Total RAM: 2047 MB (72% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:55:53, on 15/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Razer\Copperhead\razertra.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Utilisateur\Mes documents\RSIT.exe
    C:\Program Files\trend micro\Utilisateur.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport bitdefender et un nouveau rapport hijakhcits et dis tes soucis actuels
    0
  11. roro84150
     
    alors voila le rapport hijack:

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Utilisateur at 2008-12-15 18:01:51
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 673 GB (94%) free of 715 GB
    Total RAM: 2047 MB (76% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:01:51, on 15/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Razer\Copperhead\razertra.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Utilisateur\Mes documents\RSIT.exe
    C:\Program Files\trend micro\Utilisateur.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  12. roro84150
     
    alors voila le rapport hijack:

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Utilisateur at 2008-12-15 18:01:51
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 673 GB (94%) free of 715 GB
    Total RAM: 2047 MB (76% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:01:51, on 15/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Razer\Copperhead\razertra.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Utilisateur\Mes documents\RSIT.exe
    C:\Program Files\trend micro\Utilisateur.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -r
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    mets a jour java:

    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    si cela ne fonctionne pas

    https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    tu peux désinstaller les vieilles versions.

    ______________________

    si tout est ok désactive ta restauration , puis redemarre ton ordi puis réactive là
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924

    ______________________

    pour virer ce qui a été utilisé:

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    si plus de souci c'est bon!
    0
  14. roro84150
     
    alors alors voila le rapport TCleaner:

    [ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\cleannavi.txt: trouvé !
    C:\UsbFix.txt: trouvé !
    C:\Combofix: trouvé !
    C:\Qoobox: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\Utilisateur\Bureau\UsbFix.lnk: trouvé !
    C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\UsbFix: trouvé !
    C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
    C:\Documents and Settings\Utilisateur\Mes documents\ComboFix.exe: trouvé !
    C:\Documents and Settings\Utilisateur\Mes documents\UsbFix.exe: trouvé !
    C:\Documents and Settings\Utilisateur\Mes documents\Rsit.exe: trouvé !
    C:\Documents and Settings\Utilisateur\Recent\Navilog1.lnk: trouvé !
    C:\Documents and Settings\Utilisateur\Recent\UsbFix.lnk: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\UsbFix: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !
    C:\Program Files\UsbFix\UsbFix.exe: trouvé !
    C:\Program Files\UsbFix\Tools\NIRCMD.exe: trouvé !
    C:\WINDOWS\NIRCMD.exe: trouvé !

    cula de javara:
    JavaRa 1.12 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Mon Dec 15 18:45:40 2008

    Found and removed: C:\Program Files\Java\jre1.6.0_07

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

    ------------------------------------

    Finished reporting.

    la tout marche nikel je vous remerci aprés à vous de me dire ci tout est nikel
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon

    tools cleaner remets un rapport
    0
  16. roro84150
     
    voila [ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Documents and Settings\Utilisateur\Mes documents\ComboFix.exe: trouvé !
    C:\Documents and Settings\Utilisateur\Mes documents\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\Utilisateur\Mes documents\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Documents and Settings\Utilisateur\Mes documents\Combofix: supprimé !
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon!

    pour finir

    désactive ta restauration système puis redémarre ton ordi puis réactive la

    https://www.informatruc.com

    bonne continuation
    0
Précédent
  • 1
  • 2