Aupd.exe et adzgalore-remove fenetre intempesFermé

Question

Bonjour,
Je vous ecrit car j'ai vraiment besoin de votre aide je suis sur que aupd.exe et adzgalore remove sont des spyware mais kaspersky 7 ne detecte rien. J'ai mi adzgalore remove et aupd.exe en quarantaine sauf que adzgalore declanche des fenetre et le pire il y a souvent des trojan (kaspersky detecte un trojan).
Voila Merci

jlpjlp · Answer

slt,


scan avec 
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

________________

colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."

ermano · Answer

ok je reviendrai ver 17h pour poster tou ce que tu veu

ermano · Answer

Hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:15, on 22/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijacthis\eden.exe
C:\Hijacthis\de.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adzgalore - {97536cff-7093-e9a6-77fe-f3219dfb315f} - C:\Windows\system32
su9D48.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - http://secure.shared.live.com/...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.03hook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

ermano · Answer

j'ai mis les spyware dans mes document dossier spyware

ermano · Answer

malwarebytes a detecté un autre spyware que j'avais mit en quarantaine avec kaspersky voila le rapport 
ps : j'avai telecharger prevx csi qui m'avai reperé adzgalore-remove mais comme j'avai pas la license j'ai pas pu le supprimer


Malwarebytes' Anti-Malware 1.12
Version de la base de données: 775

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 196106
Temps écoulé: 34 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Arslan Ertan\Documents\spyware\myss_sb_uninstall.exe (Adware.BHO) -> No action taken.

jlpjlp · Answer

ok je vois l'infections dans hijakchtis

____________



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


O2 - BHO: adzgalore - {97536cff-7093-e9a6-77fe-f3219dfb315f} - C:\Windows\system32
su9D48.dll 

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

________________


télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\Windows\system32
su9D48.dll 



clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

_______________

vire ce qui est dans moved files en allant dans poste de travail puis c puis otmovit

________________


télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

ermano · Answer

otmoveit2

voila le rapport


C:\Windows\system32
su9D48.dll unregistered successfully.
File move failed. C:\Windows\system32
su9D48.dll scheduled to be moved on reboot.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05222008_173325

Files moved on Reboot...
C:\Windows\system32
su9D48.dll unregistered successfully.
File move failed. C:\Windows\system32
su9D48.dll scheduled to be moved on reboot.

ermano · Answer

combofix 
voila

ComboFix 08-05-21.2 - Arslan Ertan 2008-05-22 17:54:39.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1787 [GMT 2:00]
Endroit: C:\Users\Arslan Ertan\Desktop\ComboFix.exe
 * Création d'un nouveau point de restauration
.

ermano · Answer

je crois que j'ai toujours pas effacer adzgalore

jlpjlp · Answer

le rapport combofix est incomplet!

colle en un complet svp

ermano · Answer

il y avait que sa

ermano · Answer

j'arrive pas a l'ouvrir

ermano · Answer

ok je vai le poster ce soir dsl sa ma mis que sa je sais pas pourquoi j'ai desactiver l'antivirus internet ect dsl

jlpjlp · Answer

tu as désactivé tes protection (antivirus ....)?

ermano · Answer

dsl la premliere foir y a eu un probleme ila detecte 2 malware mais c'est pas sa 

voila combofix 


ComboFix 08-05-21.2 - Arslan Ertan 2008-05-23 14:57:29.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1768 [GMT 2:00]
Endroit: C:\Users\Arslan Ertan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\ebadd9_z.dll
C:\Windows\system32
su9D48.dll
.
---- Previous Run -------
.
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\cpmsky-uninst.exe

.
(((((((((((((((((((((((((((((   Fichiers créés 2008-04-23 to 2008-05-23  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 12:56	84,731,168	--sha-w	C:\Windows\system32\drivers\fidbox.dat
2008-05-23 12:49	---------	d-----w	C:\ProgramData\PrevxCSI
2008-05-23 12:48	---------	d-----w	C:\ProgramData\Kaspersky Lab
2008-05-22 19:34	1,136,504	--sha-w	C:\Windows\system32\drivers\fidbox.idx
2008-05-22 16:36	17,408	----a-w	C:\Windows\system32\drivers\pxark.sys
2008-05-22 16:36	---------	d-----w	C:\Program Files\PrevxCSI
2008-05-22 10:14	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 09:39	---------	d-----w	C:\Program Files\Trend Micro
2008-05-21 16:00	---------	d-----w	C:\Program Files\Norton Security Scan
2008-05-16 14:30	---------	d-----w	C:\ProgramData\Microsoft Help
2008-05-14 13:59	---------	d---a-w	C:\Program Files\Skins
2008-05-14 13:59	---------	d---a-w	C:\Program Files\Full Database
2008-05-12 19:50	---------	d-----w	C:\ProgramData\Nero
2008-05-12 19:50	---------	d-----w	C:\Program Files\Common Files\Nero
2008-05-12 19:37	---------	d-----w	C:\Program Files\Common Files\Autodesk Shared
2008-05-12 08:28	---------	d-----w	C:\ProgramData\Malwarebytes
2008-05-11 11:21	691,545	----a-w	C:\Windows\unins000.exe
2008-05-11 09:44	---------	d---a-w	C:\ProgramData\TEMP
2008-05-07 20:52	---------	d-----w	C:\Program Files\Ciel
2008-05-06 18:16	---------	d-----w	C:\ProgramData\LightScribe
2008-05-05 18:46	27,048	----a-w	C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46	15,864	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-05-05 18:15	---------	d-----w	C:\ProgramData\Autodesk
2008-05-03 14:58	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-05-03 14:29	---------	d-----w	C:\ProgramData\TomTom
2008-05-03 14:28	---------	d-----w	C:\Program Files\TomTom HOME 2
2008-05-03 14:23	---------	d-----w	C:\Program Files\TomTom DesktopSuite
2008-05-02 21:42	155,995	----a-w	C:\Windows\Java\Packages\A3VXRTBP.ZIP
2008-05-02 21:42	---------	d-----w	C:\ProgramData\Ciel
2008-05-02 21:42	---------	d-----w	C:\Program Files\Common Files\Sage
2008-05-02 21:42	---------	d-----w	C:\Program Files\Common Files\Ciel
2008-05-02 21:41	---------	d-----w	C:\Program Files\Données Ciel
2008-05-02 09:55	---------	d-----w	C:\Program Files\AutoCAD 2009
2008-04-29 09:21	354,560	----a-w	C:\Windows\System32\TuneUpDefragService.exe
2008-04-29 09:21	---------	d-----w	C:\Program Files\TuneUp Utilities 2008
2008-04-29 09:20	---------	d-----w	C:\ProgramData\TuneUp Software
2008-04-29 09:18	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 21:22	---------	d-----w	C:\Program Files\CCleaner
2008-04-27 10:48	---------	d-----w	C:\Program Files\Autodesk
2008-04-25 17:48	---------	d-----w	C:\Program Files\Orbitdownloader
2008-04-24 13:31	---------	d-----w	C:\Program Files\Photoshop
2008-04-23 08:25	---------	d-----w	C:\ProgramData\FLEXnet
2008-04-21 18:04	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-21 17:53	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-04-20 11:03	---------	d-----w	C:\Program Files\MSBuild
2008-04-20 11:03	---------	d-----w	C:\Program Files\Microsoft Works
2008-04-19 14:51	319,456	----a-w	C:\Windows\DIFxAPI.dll
2008-04-19 14:51	---------	d-----w	C:\Program Files\Realtek
2008-04-17 15:49	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-04-17 15:27	96,645	----a-w	C:\Windows\system32\drivers\klin.dat
2008-04-17 15:27	87,941	----a-w	C:\Windows\system32\drivers\klick.dat
2008-04-13 17:53	---------	d-----w	C:\Program Files\HP
2008-04-10 17:04	---------	d-----w	C:\ProgramData\CopyTransControlCenter
2008-04-10 17:04	---------	d-----w	C:\Program Files\WindSolutions
2008-04-05 11:01	---------	d-----w	C:\Program Files\iTunes
2008-04-05 11:01	---------	d-----w	C:\Program Files\iPod
2008-04-05 11:00	---------	d-----w	C:\Program Files\QuickTime
2008-04-04 12:51	28,416	----a-w	C:\Windows\System32\uxtuneup.dll
2008-04-04 12:51	16,640	----a-w	C:\Windows\System32\authuitu.dll
2008-03-31 17:35	---------	d-----w	C:\ProgramData\Logishrd
2008-03-31 17:31	---------	d-----w	C:\Program Files\Common Files\LogiShrd
2008-03-31 17:29	---------	d-----w	C:\Program Files\Logitech
2008-03-21 15:36	65,912,880	----a-w	C:\Users\Arslan Ertan\20080128135518500_Samsung_PC_Studio_321_HA4.exe
2008-03-21 15:32	8,420,211	----a-w	C:\Users\Arslan Ertan\20070813082717640_Samsung_USB_Driver_Installer.exe
2008-03-21 15:21	43,049,783	----a-w	C:\Users\Arslan Ertan\20060707113151625_PIMs_file_manager.exe
2008-03-14 17:14	84,729	----a-w	C:\Windows\System32\mysidesearch_sidebar_uninstall.exe
2008-02-29 06:51	19,000	----a-w	C:\Windows\System32\kd1394.dll
2008-02-29 06:39	40,960	----a-w	C:\Windows\System32\srclient.dll
2008-02-29 06:39	371,712	----a-w	C:\Windows\System32\srcore.dll
2008-02-29 06:38	313,856	----a-w	C:\Windows\System32strui.exe
2008-02-29 06:38	16,384	----a-w	C:\Windows\System32\srdelayed.exe
2008-02-29 06:35	6,656	----a-w	C:\Windows\System32\kbd106n.dll
2008-02-29 06:34	7,168	----a-w	C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:14	2,028,544	----a-w	C:\Windows\System32\win32k.sys
2008-02-28 11:26	1,414,440	----a-w	C:\Windows\System32\ShellManager310E2D762.dll
2007-01-11 14:07	58,032,562	----a-w	C:\Users\Arslan Ertan\Samsung_PC_Studio_311_FKB.exe
2006-11-02 12:50	174	--sha-w	C:\Program Files\desktop.ini
2008-02-16 12:45	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-16 12:45	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-16 12:45	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-02-13 21:23	22	--sha-w	C:\Windows\SMINST\HPCD.sys
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 01:53 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-04-23 21:43 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 13:51 218376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 14:43:54 11000]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-10 18:36:48 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.03hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{BAF8DCF7-A0F4-434C-A80F-00316E2FAE17}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{27548852-1E1F-4A5D-8B2E-86CFF1DC6A95}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{068561AF-6E4B-4861-AFAF-0CC1D8741123}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EFBFDD30-5D58-4D5A-AA2E-4E2619F3CEBA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6EB3E980-B651-44E4-9DA1-FD60D41005FB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{818599DA-6E3E-493C-B09A-D3448C4BDBA8}"= UDP:C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:InternetCalls
"{AE005EB1-9B75-4086-8AAD-F0FC70673B0E}"= TCP:C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:InternetCalls
"{68046834-925D-4D09-ABDF-CB230085BAB3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{750DC0ED-E1A1-4AF5-A925-5C8376D455A7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F1321AB4-5D80-465B-AFE4-36B3E1F1280C}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= UDP:C:\program files\common files
okia\service layer\a
sl_host_process.exe:Nokia Service Layer Host Process 
"UDP Query User{C04C1D60-2D6C-430D-9D29-F4BCA695C299}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= TCP:C:\program files\common files
okia\service layer\a
sl_host_process.exe:Nokia Service Layer Host Process 
"TCP Query User{7FA34DD8-3ACD-47C3-BA74-C8DEA2FFDBB1}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{89F67674-675C-4B40-9225-D61B3CC63F26}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8E1DEA1E-8098-4FF9-BCB5-D03FFD231E19}C:\program files\orbitdownloader\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{237843E5-0F20-432B-B1A8-B4E29C25D789}C:\program files\orbitdownloader\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"{0405DF19-6190-49E0-8F4A-6332A8F4E63F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D0C200C2-68B1-47D6-9726-AAF8D09B07A3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{2F372DF0-7A52-42A5-8706-3CAAF3EA480E}C:\program files\videolan\vlc\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{168D1F7A-9DE8-43F1-812A-E23F84CA8033}C:\program files\videolan\vlc\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{5E6D30E3-72BE-4A0D-BB71-FDBBA5CC5B41}C:\program files\edonkey2000\edonkey2000.exe"= UDP:C:\program files\edonkey2000\edonkey2000.exe:edonkey2000
"UDP Query User{928B9FB0-3E11-4E2B-AEED-0EC5FC607AD5}C:\program files\edonkey2000\edonkey2000.exe"= TCP:C:\program files\edonkey2000\edonkey2000.exe:edonkey2000
"{D81CC785-06ED-48AE-9DEA-11409446F49C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{97ED5848-43E5-4D4C-B141-0C37D29B62CE}C:\program files\counter-strike source\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{8B1117EA-90CA-4914-9B6E-658FC0B9F1AF}C:\program files\counter-strike source\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{A5E18ABB-512D-4FAD-8E0D-247251434FD5}C:\program files\counter-strike source\srcds.exe"= UDP:C:\program files\counter-strike source\srcds.exe:srcds
"UDP Query User{58ECD6AF-FF47-42A1-A7C9-5FF80228A806}C:\program files\counter-strike source\srcds.exe"= TCP:C:\program files\counter-strike source\srcds.exe:srcds

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"C:\Program Files\Orbitdownloader\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-05-22 18:36]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 15:59]
R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\prevxcsi.exe" /service []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 00:07]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-04-29 11:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3613d40-18f0-11dd-ab1b-001bb9defd50}]
\shell\AutoRun\command - L:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-23 13:00:01 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-05-21 16:00:07 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-23 12:53:46 C:\Windows\Tasks\User_Feed_Synchronization-{3BE0DDC6-B7BD-4C06-BEB4-9406B0773647}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 15:00:57
Windows 6.0.6000  NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


C:\Users\ARSLAN~1\AppData\Local\Temp\~DF1C9E.tmp
C:\Users\ARSLAN~1\AppData\Local\Temp\~DF231D.tmp
C:\Users\ARSLAN~1\AppData\Local\Temp\~DF27BF.tmp
C:\Users\ARSLAN~1\AppData\Local\Temp\~DF2EC4.tmp

Scan terminé avec succès
Les fichiers cachés: 4

**************************************************************************
.
Temps d'accomplissement: 2008-05-23 15:02:14
ComboFix-quarantined-files.txt  2008-05-23 13:01:48

      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

226	--- E O F ---	2008-05-21 07:52:00

ermano · Answer

j'ai supprimer adzglore? pck tu ma di l'infection et sur cette ligne   O2 - BHO: adzgalore - {97536cff-7093-e9a6-77fe-f3219dfb315f} - C:\Windows\system32
su9D48.dll 

et je croi que combofix la supprimer mais je vai te dire si il y a des fenetre qui apparait merci de ton aide

ermano · Answer

nouveau rapport d'hijac

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:33, on 23/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Hijacthis\de.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - http://secure.shared.live.com/...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.03hook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

jlpjlp · Answer

colle un rapport avec kaspersky que tu as et dis tes soucis actuels

ermano · Answer

Comment on fait avec kaspersky et je pense qu'il va rien trouvé mais bon dit comme meme stp

jlpjlp · Answer

tu lance ton logiciel kaspersky et tu fais analyser tes disques

ermano · Answer

ok mais ya pas de rapport a la fin

jlpjlp · Answer

utilise  pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

____________

kaspersky a trouvé des infections ? encore des soucis???

ermano · Answer

le probleme semble resolu mais  y a un probleme je te le di car depouis le rapport de combofix pas de probleme merci pour ton aide

jlpjlp · Answer

ok tu peux virer otmovit et combofix

si souci tu me dira

ermano · Answer

je vais garder les logiciel jusqua la fin du mois si y a pas de probleme je le supprime merci de ton aide mais c'est scandaleux que kaspersky ne dectecte pas ces spyware ils sont assez connu

jlpjlp · Answer

malheuresement aucun antivirus n'est efficace a 100% 
et kaspersky est un des meilleurs

ermano · Answer

malheuresement le virus et la sniff je vais pa pouvoir m'en debarrasser aide moi stp

ermano · Answer

j'ai eusur firefox une fenetre de pub by adzgalor yavai ecri en hau stp aide moi

jlpjlp · Answer

recolle un rapport hijakchtis


______________


Télécharge BTFix de Bibi26 
http://cluster1.easy-hebergement.net/ 
http://ftp1.toocharger.com/loIjyIT/btfix_1_27178.zip 
Dézippe l'archive sur ton Bureau. 
Ouvre le dossier BTFix. 
Double clique sur BTFix.exe. 
Clique sur Rechercher. 
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

ermano · Answer

la je suis sur a 99% sur qu'il est supprimer et je vais vous montrer comment supprimer adzgalore-remove et aupd.exe

Merci a jlpjlp

Télécharger superantispyware(taper sur google) la version gratuite




puis trouver les spyware aupd.exe et adgalore pour aller plu vite sinon vous pouvez sauter cette étape
Si vous n'avez pas sauter l'etape du dessus mettez les spyware dans un dossier faites clik droit sur le dossier et faites lanalise "Scan with superantispyware" Et il va trouvé les fichier ou il y a un spyware et puis les supprimer (on va demander de redemarrer)


Sinon vous pouvez faire une analyse complete vous allez voir cest assez simple

Voila merci a nouveau a jlpjlp

Aupd.exe et adzgalore-remove fenetre intempes

30 réponses

Discussions similaires

Newsletters