Posez votre question Signaler

Suis-je infecter???

informaticologue 332Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention - Dernière réponse le 3 mars 2009 à 16:19
Bonjour,
Aidez moi les expers suis je-infecté?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:21, on 07/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Jules\Program Files\DNA\btdna.exe
C:\Users\Jules\AppData\Local\aykic.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Users\Jules\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install.exe" -startup -product IncrediMail -report -ffmsc 12345
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{ED3DF1A7-E9AD-41C7-A62A-1CDA6E33F517}
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Jules\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ukkuu] "c:\users\jules\appdata\local\ukkuu.exe" ukkuu
O4 - HKCU\..\Run: [aykic] "c:\users\jules\appdata\local\aykic.exe" aykic
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9D3B0E16-FCD8-4CC2-AC1A-10CE6B837F93} (Chrysis Core) - http://www.chrysis-online.com/produits/plugins/ChrysisCore.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
Lire la suite 
Réponse
+0
moins plus
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
Ajouter un commentaire
Réponse
+0
moins plus
voila le rapport


Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-01 19:26:06
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 195 GB (41%) free of 469 GB
Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:17, on 01/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Jules\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [AGCoreCleanup] CMD /C RD /S /Q "C:/Program Files/AGI"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{940BE514-C863-41EE-94FE-5B6E28A8ED8A}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
Ajouter un commentaire
Réponse
+1
moins plus
---> Installe le SP1 :
http://www.microsoft.com/...
Ajouter un commentaire
Réponse
+0
moins plus
Destrio je n'arrive pas a le télécharger j'ai une page Erreur de chargement de la page
Nouveau symptôme je dois cliquer deux fois pour me rendre sur un site a partir de google la premiere j'ai une page qui me dit de télécharger E-mule
Ajouter un commentaire
Réponse
+0
moins plus
--> Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Ajouter un commentaire
Réponse
+0
moins plus
Voil&a le rapport

ComboFix 09-03-02.01 - Jules 2009-03-02 20:36:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1134 [GMT 1:00]
Lancé depuis: c:\users\Jules\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\recycler\S-0-9-40-100000880-100004925-100011867-8555.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxrqptwncr.sys
c:\windows\system32\gaopdxtgryfsii.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 19:54 . 2009-03-02 20:03 262,144 --a------ c:\windows\SPInstall.etl
2009-03-01 19:26 . 2009-03-01 19:26 <REP> d-------- C:\rsit
2009-03-01 18:58 . 2009-03-01 19:22 <REP> d-------- c:\program files\Ad-remover
2009-03-01 15:08 . 2009-03-01 15:08 <REP> d-------- c:\program files\MoviesPlay
2009-03-01 14:30 . 2009-03-01 14:30 <REP> d-------- c:\users\Colin\AppData\Roaming\agi
2009-02-28 21:39 . 2009-03-01 11:50 <REP> d-------- c:\program files\Navilog1
2009-02-28 11:22 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-28 11:22 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-28 11:22 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-28 11:22 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-27 22:39 . 2009-02-27 23:24 <REP> d-------- C:\perflogs
2009-02-24 19:52 . 2009-02-24 19:52 <REP> d-------- c:\program files\Kiwee Toolbar
2009-02-24 19:51 . 2009-02-24 19:51 2,117,632 --a------ c:\windows\System32\python25.dll
2009-02-24 19:51 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\System32\pythondll.zip
2009-02-24 19:51 . 2009-02-24 19:51 339,968 --a------ c:\windows\System32\pythoncom25.dll
2009-02-24 19:51 . 2009-02-24 19:51 114,688 --a------ c:\windows\System32\pywintypes25.dll
2009-02-21 12:23 . 2009-02-21 12:23 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-19 21:08 . 2009-02-19 21:08 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-15 15:15 . 2009-02-15 15:16 <REP> d-------- c:\program files\GameSpy Arcade
2009-02-15 15:11 . 2009-02-15 15:11 <REP> d-------- c:\program files\LucasArts
2009-02-15 12:24 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 12:24 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 12:24 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 12:24 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 12:24 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 12:16 . 2009-03-01 14:29 <REP> d-------- c:\users\Colin\Tracing
2009-02-13 12:14 . 2009-02-13 12:14 <REP> d-------- c:\users\Colin\Program Files
2009-02-13 12:14 . 2009-03-01 15:49 <REP> d-------- c:\users\Colin\AppData\Roaming\DNA
2009-02-11 19:43 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:43 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 13:02 . 2009-03-01 19:23 <REP> d-------- c:\program files\Dofus
2009-02-08 20:42 . 2009-03-02 20:26 <REP> d-------- c:\users\Jules\Tracing
2009-02-08 20:39 . 2009-02-08 20:39 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-08 20:35 . 2009-02-08 20:39 <REP> d-------- c:\program files\Microsoft
2009-02-08 20:33 . 2009-02-08 20:33 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-08 20:29 . 2009-02-08 20:29 <REP> d-------- c:\program files\Common Files\Windows Live
2009-02-08 09:48 . 2009-02-08 09:48 <REP> dr-h----- c:\users\Jules\AppData\Roaming\SecuROM
2009-02-08 09:41 . 2009-02-08 09:41 <REP> d-------- c:\program files\Zone Labs
2009-02-07 19:20 . 2009-02-07 19:20 <REP> d-------- c:\program files\Trend Micro
2009-02-07 17:49 . 2009-02-13 12:55 <REP> d-------- c:\programdata\Electronic Arts
2009-02-07 17:49 . 2009-02-07 17:49 7,760 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-02-07 17:21 . 2009-02-07 17:21 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-07 12:05 . 2009-02-07 12:05 43,520 --a------ c:\windows\System32\CmdLineExt03.dll
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- c:\program files\THQ
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Extras
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Autorun
2009-02-07 10:25 . 2009-02-08 15:51 139,264 --a------ c:\windows\War3Unin.exe
2009-02-07 10:25 . 2009-02-08 16:00 87,963 --a------ c:\windows\War3Unin.dat
2009-02-07 10:25 . 2009-02-08 15:51 2,829 --a------ c:\windows\War3Unin.pif
2009-02-07 10:22 . 2009-02-17 12:09 <REP> d-------- c:\program files\Warcraft III
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 19:22 --------- d-----w c:\programdata\avg8
2009-03-01 18:23 --------- d-----w c:\program files\Packard Bell
2009-03-01 14:50 --------- d-----w c:\users\Colin\AppData\Roaming\Azureus
2009-03-01 13:52 --------- d-----w c:\users\Colin\AppData\Roaming\LimeWire
2009-03-01 13:30 --------- d-----w c:\program files\Steam
2009-03-01 10:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 20:46 --------- d-----w c:\users\Jules\AppData\Roaming\Azureus
2009-02-28 18:09 --------- d-----w c:\users\Jules\AppData\Roaming\BraCa_Soft
2009-02-28 16:19 --------- d---a-w c:\programdata\Sports Interactive
2009-02-28 10:12 174 --sha-w c:\program files\desktop.ini
2009-02-27 22:27 --------- d-----w c:\program files\Windows Sidebar
2009-02-27 22:27 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-27 22:27 --------- d-----w c:\program files\Windows Mail
2009-02-27 22:27 --------- d-----w c:\program files\Windows Journal
2009-02-27 22:27 --------- d-----w c:\program files\Windows Defender
2009-02-27 22:27 --------- d-----w c:\program files\Windows Collaboration
2009-02-27 22:27 --------- d-----w c:\program files\Windows Calendar
2009-02-27 21:59 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-27 21:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-27 17:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 15:53 1,128 ----a-w c:\users\Jules\AppData\Roaming\wklnhst.dat
2009-02-21 11:24 --------- d-----w c:\program files\Windows Live
2009-02-21 08:58 --------- d-----w c:\programdata\Microsoft Help
2009-02-19 20:14 --------- d-----w c:\program files\MSBuild
2009-02-19 17:32 --------- d-----w c:\users\Jules\AppData\Roaming\LimeWire
2009-02-08 08:26 --------- d-----w c:\programdata\Symantec
2009-02-08 08:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-08 08:25 --------- d-----w c:\program files\Norton 360
2009-02-08 08:24 --------- d-----w c:\program files\Symantec
2009-02-08 08:14 --------- d-----w c:\program files\AVS4YOU
2009-02-07 18:26 --------- d-----w c:\users\Jules\AppData\Roaming\DNA
2009-02-07 16:49 --------- d-----w c:\program files\Electronic Arts
2009-02-06 21:01 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-28 16:07 --------- d-----w c:\users\Jules\AppData\Roaming\uTorrent
2009-01-24 17:16 --------- d-----w c:\program files\Common Files\Steam
2009-01-21 18:11 --------- d-----w c:\users\Jules\AppData\Roaming\Pro Cycling Manager 2008
2009-01-18 13:40 --------- d-----w c:\users\Jules\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-18 10:59 --------- d-----w c:\users\Colin\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-16 18:33 --------- d-----w c:\users\Jules\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-15 17:46 --------- d-----w c:\program files\eMule
2009-01-11 15:07 --------- d-----w c:\users\Jules\AppData\Roaming\Xilisoft Corporation
2009-01-11 15:06 --------- d-----w c:\program files\Xilisoft
2009-01-11 11:14 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-08 17:46 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu
2009-01-02 17:16 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-02 17:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-09 12:53 1,222 ----a-w c:\users\Colin\AppData\Roaming\wklnhst.dat
2007-12-25 08:34 22,328 ----a-w c:\users\Colin\AppData\Roaming\PnkBstrK.sys
2002-08-26 17:54 327,680 ----a-r c:\users\Colin\AppData\Roaming\MafiaSetup.exe
2007-09-13 06:33 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SmpcSys"=c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E127600-40B6-404B-BC6F-10505B667627}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6716BF2E-4290-428B-8AAA-B2576E0CB495}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4AF04E4F-50E4-4488-AF37-01BF2BDC6B73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1CC8D575-55F2-4036-8F62-5AEBD69E6C3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B5921348-B33A-4036-A387-457D5DB5C309}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{94063043-830F-45ED-9EAA-CE45E379F78F}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{34E21BBA-C6F8-4561-BF2A-03593CCA0B90}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{8C838E28-6A3B-4BE1-B27A-50EDAE841FF8}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{D27EAE27-2056-45A0-901A-EC8C6A8BB36D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8BC378B9-DDB9-4644-8AB2-56CFF3966D43}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1880BC6B-AD2A-4F3A-96BB-9FCBDB2A310F}"= UDP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{7320722E-D587-4A42-BDDF-B214C6E67777}"= TCP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{A34346D3-32C6-4715-8998-D9F42015074D}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5C2B0933-D818-4922-8E4D-31FFF7F80023}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{A74B1AA0-0238-4B55-811A-F91A7A4BBA48}"= Disabled:UDP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{499627AA-0B81-445B-8800-6C418FD9A1AC}"= Disabled:TCP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AEA400C1-E10B-45C6-8B77-ABB4B937DE76}"= Disabled:UDP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{035722A8-4F5D-4523-9A63-93808CD7872D}"= Disabled:TCP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AC3311A6-A3D8-4345-9715-8A22299A04FA}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{A55680A5-C8E4-4507-9C9D-B19A463B603B}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{04A11CF4-F9E0-4794-B0F8-0774FA81F7DD}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{50226B5A-ED69-4D18-BD54-973A674300F4}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{773C09EA-6A63-47D4-9318-0F5A85972948}"= UDP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{E6B7ABC6-2EDF-49B5-A4F4-728AEE108CD3}"= TCP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{51681AAB-FA43-4EA2-B91D-84FF805BA778}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9C3A9E7D-00C8-473C-AD7A-15811C7D022F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{43AF5FAC-725E-47F6-BFA8-5F35EE4ED0B5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{056117F4-FFC3-4DA9-9824-1B63BAFECAB3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3B23184-B673-45F1-A2F0-4EDE428290BD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0729F1AD-9560-4812-94FF-EA0308E76280}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2008-09-06 2915944]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-01-16 28224]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb503c0-f03e-11dc-8971-001c252f6b0c}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9ec-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - i:\setup\rsrc\Autorun.exe
\shell\dinstall\command - i:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9f3-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e32111ca-bc7d-11dc-bca7-001c252f6b0c}]
\shell\AutoRun\command - I:\OblivionLauncher.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-02 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2009-02-20 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-16 13:28]

2009-03-02 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{76461DD1-B6E6-4076-BBA9-EF584055E07F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{E9994E27-B913-4BBB-A62C-60E7B671623C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\DAEMON Tools Toolbar\DTToolbar.dll


.
------- Examen supplémentaire -------
.
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: orange.fr\www
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MICJE8&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jules\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:43:37
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
Heure de fin: 2009-03-02 20:45:33
ComboFix-quarantined-files.txt 2009-03-02 19:45:32

Avant-CF: 199,862,468,608 octets libres
Après-CF: 199,871,180,800 octets libres

270 --- E O F --- 2009-03-01 02:20:56
Ajouter un commentaire
Réponse
+0
moins plus
Maintenant, tu peux installer le SP1.
Ajouter un commentaire
Réponse
+0
moins plus
dESTRIO LE sp1 EST Déja installer SUR MON pc
Ajouter un commentaire
Réponse
+0
moins plus
---> Relance RSIT et poste le rapport log.
Ajouter un commentaire
Réponse
+0
moins plus
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-03 16:18:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 189 GB (40%) free of 469 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:48, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jules\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
Ajouter un commentaire
Ce document intitulé «  Suis-je infecter???  » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.