High-Tech Santé Médecine Droit-Finances

Sécuriser

un réseau wifi

Rechercher : dans
Par :

Trojan wimad gen 1

Dernière réponse le 18 nov 2008 à 11:40:21 katemouse, le 16 nov 2008 à 14:01:46 
 Signaler ce message aux modérateurs

Bonjour,

Apres une analyse avec bitdefender, il a reperé le trojan wimad gen 1 . J'aimerai l'eradiquer. . Pour cela j'ai effectuer un rapport hijackthis en mode sans echec. Le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:59, on 16/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\katemouse\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
End of file - 9441 bytes
Merci de bien voulir m'indique la marche à suivre

Configuration: Windows Vista
Internet Explorer 7.0

Posez votre question Répondre

1

jlpjlp, le 16 nov 2008 à 14:21:17

Slt tu es effectivement infécté

ici:

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe


_______________


Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

   
Répondre à jlpjlp

2

quikyland, le 16 nov 2008 à 14:22:31
  • +1

CLICK ICI et suis à la lettre les instructions sans sauter d'étape  Expert Windows (3.11 à XP SP3), Virontologue 
Formation en cours sur Linux Ubuntu 8.04 et Windows Vista Pr­emium Edition

   
Répondre à quikyland

3

michelsgt, le 16 nov 2008 à 14:31:01

Salut

je te conseille de télécharger Malwarebytes et de scanner ton pc avec ton antivirus et avec malwarebytes en mode sans échec.
Mettre en quarantaine tout ce qu'ils trouvent.
Utilise hijackthis en mode normal.

Avira Antivir est un antivirus gratuit et très bon.

Bye

   
Répondre à michelsgt

4

jlpjlp, le 16 nov 2008 à 14:32:52

Slt il a déjà malwarebyte :

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

   
Répondre à jlpjlp

5

katemouse, le 16 nov 2008 à 14:42:32

Re jplpj

J'ai voulu faire un scan avec ad remover et malheureusement les acces sont refusés je ne peux donc pas t'envoyer le rapport. En ce qui concerne malwarebytes, j'avais effectué un scan avant d'utiliser bitdifender ( scan en ligne) et celui ci ne m'avait rien trouvé. Auparavent j'avais utiliser spyboot et avast (mon anti virus habitule) et idem rien. F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe peut il etre fixé?

   
Répondre à katemouse

6

katemouse, le 16 nov 2008 à 15:32:51

Je viens de faire un scan avec malwarebytes en mode sans echec et rien. J'ai lance ad remover en mode sans echec et voici le rapport:

F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------

START at: 14:49:09 | 16/11/2008
ON: Microsoft Windows [version 6.0.6001] ( Windows Vista )
Internet Explorer: 7.0.6001.18000
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: katemouse | PC: PC-DE-KATEMOUSE
BOOT MODE: MSE
/!\ UAC is enable
DRIVE(S): C:\ D:\ E:\
~> Systemdrive: C:\

--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [300]
C:\Windows\system32\csrss.exe [424]
C:\Windows\system32\csrss.exe [460]
C:\Windows\system32\wininit.exe [468]
C:\Windows\system32\services.exe [516]
C:\Windows\system32\winlogon.exe [528]
C:\Windows\system32\lsass.exe [552]
C:\Windows\system32\lsm.exe [560]
C:\Windows\system32\svchost.exe [704]
C:\Windows\system32\svchost.exe [760]
C:\Windows\System32\svchost.exe [796]
C:\Windows\System32\svchost.exe [876]
C:\Windows\system32\svchost.exe [904]
C:\Windows\system32\svchost.exe [956]
C:\Windows\Explorer.EXE [1168]
C:\Windows\helppane.exe [1328]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1444]

---------------------------- [~> 17]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND
+---------------------------------------------------------------------------+

Found ! - "Boonty Games"

+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+

"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1"
"HKEY_LOCAL_MACHINE\Software\Classes\boontybox"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_CLASSES_ROOT\boontybox"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND
+---------------------------------------------------------------------------+

[11/08/2008 18:39|d--------] C:\Boonty
[11/03/2005 16:06|--a------] C:\Windows\system32\PandoraCtrl.dll
[11/08/2008 15:53|d--------] C:\Program Files\Boonty
[12/08/2008 12:31|d--------] C:\Program Files\BoontyGames
[11/08/2008 18:43|d--------] C:\Program Files\Common Files\BOONTY Shared
[11/08/2008 18:43|d--------] C:\ProgramData\BOONTY
[12/08/2008 12:31|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\BoontyGames
[11/08/2008 15:54|--a------] C:\Users\katemouse\Desktop\BoontyBox Boonty.com.lnk


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\86g351bh.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.1 ~~~~


+----------+


+---------------------------------------------------------------------------+


+---------- Added scan ...

+-----[HKLM\...\Run]

Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl REG_SZ RtHDVCpl.exe
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HP Health Check Scheduler REG_SZ C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
hpqSRMon REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
Malwarebytes' Anti-Malware REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

+-----[HKCU\...\Run]

msnmsgr REG_SZ "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
BitTorrent DNA REG_SZ "C:\Users\katemouse\Program Files\DNA\btdna.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://fr.blackle.com/

+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 99 lines ]
+---------------------------------------------------------------------------+

   
Répondre à katemouse

7

katemouse, le 16 nov 2008 à 16:11:41

Re,
en voulant faire un scan hijackthis en mode normal; le scan se lance et s'arrete à la ligne F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe et j'ain un message de zon alrm: hijackthis tente de mdifier les parametres reseau en modifiant le fifichier WINDRVDIR\etc\hosts. Dois refuser la modif ou l'accepter?

   
Répondre à katemouse

8

jlpjlp, le 16 nov 2008 à 19:22:41

Parfait fais tout ceci:




¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).

Lancez de nouveau Ad-fix
Choisissez l'option 2
Le bureau ou les icônes vont disparaître, c'est normal.
Quand c'est terminé, pressez la touche "entrée" pour redémarrer l'ordinateur.

Copiez collez ici, le contenu du nouveau rapport.

____________________



Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

   
Répondre à jlpjlp

9

katemouse, le 16 nov 2008 à 20:15:35

Merci jlpjlp!
pour tes reponses, mais pourrais tu me dire avant que je lance ad fix, si le rapport que je t'ai posté concernant le scan effectué avec ad remover montre la presence d'un trojan ou d'un virus. Merci

   
Répondre à katemouse

10

katemouse, le 16 nov 2008 à 20:22:25

Re j'avais oublié, tu me dis de relancer à nouveau ad fix mais pourrais tu me donner le liencorrespondant, pour l'instant j'avais juste installé ad remover comme tu me l'avais prescrit.

   
Répondre à katemouse

11

jlpjlp, le 16 nov 2008 à 20:55:07

Désolé une erreur j'ai mis la procedure adfix et non ad remover ...





Nettoyage AD-Remover :

! Déconnectes toi et fermes toutes applications en cours !

● Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

● Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)



___________________________


puis fais combofix

   
Répondre à jlpjlp

12

katemouse, le 16 nov 2008 à 22:17:08

Voici le rapport ad remove et hijackthis

F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------

START at: 22:06:41 | 16/11/2008
ON: Microsoft Windows [version 6.0.6001] ( Windows Vista )
Internet Explorer: 7.0.6001.18000
OPTION: Clean
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: katemouse | PC: PC-DE-KATEMOUSE
BOOT MODE: Normal
UAC is disable
DRIVE(S): C:\ D:\ E:\
~> Systemdrive: C:\

--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [472]
C:\Windows\system32\csrss.exe [552]
C:\Windows\system32\wininit.exe [604]
C:\Windows\system32\csrss.exe [612]
C:\Windows\system32\services.exe [652]
C:\Windows\system32\lsass.exe [668]
C:\Windows\system32\lsm.exe [676]
C:\Windows\system32\svchost.exe [808]
C:\Windows\system32\svchost.exe [876]
C:\Windows\System32\svchost.exe [908]
C:\Windows\system32\winlogon.exe [960]
C:\Windows\System32\svchost.exe [1008]
C:\Windows\System32\svchost.exe [1036]
C:\Windows\system32\svchost.exe [1056]
C:\Windows\system32\SLsvc.exe [1168]
C:\Windows\system32\svchost.exe [1192]
C:\Windows\system32\svchost.exe [1372]
C:\Windows\System32\ZoneLabs\vsmon.exe [1508]
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1816]
C:\Program Files\Alwil Software\Avast4\ashServ.exe [1828]
C:\Windows\System32\spoolsv.exe [292]
C:\Windows\system32\svchost.exe [344]
C:\Windows\system32\Dwm.exe [516]
C:\Windows\system32\taskeng.exe [820]
C:\Windows\Explorer.EXE [1320]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2180]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2220]
C:\Program Files\Bonjour\mDNSResponder.exe [2248]
C:\Windows\system32\svchost.exe [2280]
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2368]
C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2412]
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2448]
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2472]
C:\Windows\System32\svchost.exe [2524]
C:\Windows\System32\svchost.exe [2564]
C:\Windows\system32\svchost.exe [2580]
C:\Windows\system32\PSIService.exe [2600]
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2652]
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2672]
C:\Windows\system32\svchost.exe [2712]
C:\Windows\System32\svchost.exe [2764]
C:\Windows\system32\SearchIndexer.exe [2808]
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2916]
C:\Program Files\Windows Defender\MSASCui.exe [3256]
C:\Windows\RtHDVCpl.exe [3328]
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [3336]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [3440]
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [3476]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [3492]
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [3508]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [3516]
C:\Windows\System32\rundll32.exe [3560]
C:\Windows\System32\rundll32.exe [3576]
C:\Windows\system32\wbem\wmiprvse.exe [3592]
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [3656]
C:\Program Files\Alwil Software\Avast4\ashDisp.exe [3692]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [3908]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [3948]
C:\Program Files\MSN Messenger\msnmsgr.exe [3960]
C:\Windows\ehome\ehtray.exe [3968]
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [3992]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [4024]
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4044]
C:\Windows\ehome\ehmsas.exe [4080]
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [3112]
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [1516]
C:\Windows\system32\msiexec.exe [1004]
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [3096]
C:\Windows\system32\taskeng.exe [348]
C:\Windows\system32\SearchProtocolHost.exe [3296]
C:\Windows\system32\SearchFilterHost.exe [1316]
C:\Windows\system32\wbem\wmiprvse.exe [156]
C:\Program Files\MSN Messenger\usnsvc.exe [4788]
C:\Program Files\DNA\btdna.exe [4892]
C:\Windows\system32\conime.exe [4952]
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [5448]

---------------------------- [~> 76]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES DELETED
+---------------------------------------------------------------------------+

Deleted successfully ! - "Boonty Games"

+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS DELETED
+---------------------------------------------------------------------------+

"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\Software\Classes\boontybox"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS DELETED
+---------------------------------------------------------------------------+

[11/08/2008 18:39|d--------] C:\Boonty
[12/08/2008 12:31|d--------] C:\Program Files\BoontyGames
[11/08/2008 18:43|d--------] C:\Program Files\Common Files\BOONTY Shared
[16/11/2008 21:39|d--------] C:\ProgramData\BOONTY
[16/11/2008 21:39|d--------] C:\ProgramData\Microsoft\Windows\STARTM~1\Programs\BoontyGames

(!) ---- Temp files deleted.

(!) ---- Recycle bin emptied in all drives.



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\86g351bh.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.1 ~~~~


+----------+



+---------- Added scan ...

+-----[HKLM\...\Run]

Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl REG_SZ RtHDVCpl.exe
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HP Health Check Scheduler REG_SZ C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
hpqSRMon REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
Malwarebytes' Anti-Malware REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

+-----[HKCU\...\Run]

msnmsgr REG_SZ "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 150 lines ]
+---------------------------------------------------------------------------+

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:35, on 16/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
End of file - 10357 bytes

   
Répondre à katemouse

13

jlpjlp, le 16 nov 2008 à 22:42:34

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

_________________

puis remets un hijakchits et dis tes soucis

a plus

   
Répondre à jlpjlp

14

katemouse, le 16 nov 2008 à 23:15:55

Voici le rapport combofix:


ComboFix 08-11-16.01 - katemouse 2008-11-16 22:56:15.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1206 [GMT 1:00]
Lancé depuis: c:\users\katemouse\AppData\Local\Microsoft\Windows\Temporary­ Internet Files\Content.IE5\CYLBGFVA\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[i] ADS - Windows: deleted 24 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.

2008-11-16 20:47 . 2008-11-16 21:14 300 --a------ c:\windows\System32\User Agent -- Post Platform
2008-11-16 20:31 . 2008-11-16 20:31 <REP> d-------- c:\users\All Users\Grisoft
2008-11-16 20:31 . 2008-11-16 20:31 <REP> d-------- c:\programdata\Grisoft
2008-11-16 14:34 . 2008-11-16 22:29 <REP> d-------- c:\program files\Ad-remover
2008-11-13 20:40 . 2008-11-16 09:38 <REP> d-------- c:\users\katemouse\.homeplayer
2008-11-13 20:39 . 2008-11-13 20:40 <REP> d-------- c:\program files\HomePlayer
2008-11-13 18:57 . 2008-11-13 18:57 <REP> d-------- c:\program files\FpTest
2008-11-13 10:04 . 2008-11-13 10:04 <REP> d-------- c:\program files\Freeplayer
2008-11-12 11:39 . 2008-02-23 05:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2008-11-12 11:39 . 2008-02-23 03:41 22,528 --a------ c:\windows\System32\netiougc.exe
2008-11-12 11:38 . 2008-10-22 12:31 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2008-11-12 10:56 . 2008-10-13 10:56 4 ----s---- c:\windows\system\WINDEAIV.ISD
2008-11-12 10:21 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 10:21 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:21 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 21:57 . 2008-11-10 21:57 <REP> d-------- c:\users\All Users\WindowsSearch
2008-11-10 21:57 . 2008-11-10 21:57 <REP> d-------- c:\programdata\WindowsSearch
2008-11-10 21:39 . 2008-11-11 01:34 2,828 --ahs---- c:\windows\System32\KGyGaAvL.sys
2008-11-10 21:39 . 2008-11-11 01:34 88 -r-hs---- c:\windows\System32\AD2D806586.sys
2008-11-10 21:38 . 2008-11-10 21:39 <REP> d-------- c:\users\katemouse\AppData\Roaming\Corel
2008-11-10 21:37 . 2008-11-10 21:37 <REP> d-------- c:\users\All Users\Corel
2008-11-10 21:37 . 2008-11-10 21:37 <REP> d-------- c:\programdata\Corel
2008-11-10 21:32 . 2008-11-10 21:32 <REP> d-------- c:\program files\Corel
2008-11-10 21:32 . 2008-11-10 21:35 <REP> d-------- c:\program files\Common Files\Corel
2008-10-29 21:07 . 2008-10-29 21:07 <REP> d-------- c:\program files\Trend Micro
2008-10-29 09:31 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 09:31 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 09:31 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-22 19:47 . 2008-10-22 19:51 <REP> d-------- c:\users\katemouse\AppData\Roaming\DivX
2008-10-22 19:43 . 2008-10-22 21:08 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2008-10-22 18:00 . 2008-10-22 18:00 <REP> d-------- c:\users\katemouse\AppData\Roaming\NeroDigital(TM)
2008-10-22 17:27 . 2008-10-22 17:27 <REP> d-------- c:\users\All Users\LightScribe
2008-10-22 17:27 . 2008-10-22 17:27 <REP> d-------- c:\programdata\LightScribe
2008-10-22 17:06 . 2008-10-22 17:06 4,767 --a------ c:\windows\Irremote.ini
2008-10-22 16:42 . 2008-10-22 17:04 <REP> d-------- c:\program files\Nero
2008-10-22 16:39 . 2008-10-22 16:39 <REP> d-------- c:\program files\Common Files\LightScribe
2008-10-22 15:23 . 2007-06-25 22:03 111,332 --------- c:\windows\hpqins13.dat.temp
2008-10-22 09:40 . 2008-10-23 09:27 <REP> d-------- c:\users\katemouse\AppData\Roaming\Nero
2008-10-22 09:34 . 2008-10-22 17:36 <REP> d-------- c:\users\All Users\Nero
2008-10-22 09:34 . 2008-10-22 17:36 <REP> d-------- c:\programdata\Nero
2008-10-22 09:34 . 2008-10-22 17:24 <REP> d-------- c:\program files\Common Files\Nero
2008-10-20 10:07 . 2008-10-20 10:07 <REP> d-------- c:\users\katemouse\AppData\Roaming\Media Player Classic
2008-10-17 00:42 . 2008-11-12 17:53 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-10-16 22:48 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 22:48 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 22:47 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 22:47 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 22:47 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-16 22:47 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-16 22:44 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-16 22:44 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-16 22:44 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-16 22:44 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-16 22:44 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-16 20:13 . 2008-10-16 20:13 <REP> d-------- c:\users\All Users\Log
2008-10-16 20:13 . 2008-10-16 20:15 <REP> d-------- c:\users\All Users\G DATA
2008-10-16 20:13 . 2008-10-16 20:13 <REP> d-------- c:\programdata\Log
2008-10-16 20:13 . 2008-10-16 20:15 <REP> d-------- c:\programdata\G DATA
2008-10-16 20:13 . 2008-10-16 20:13 <REP> d--hs---- C:\#GDATA.Trash.Store#
2008-10-16 20:11 . 2008-10-16 20:13 <REP> d-------- c:\program files\Common Files\G DATA
2008-10-16 20:10 . 2008-10-16 20:10 <REP> d-------- c:\users\katemouse\AppData\Roaming\InstallShield
2008-10-16 17:24 . 2008-10-16 17:24 <REP> d-------- c:\users\katemouse\AppData\Roaming\Micro Application
2008-10-16 17:23 . 2008-11-16 21:59 <REP> d-a------ c:\users\All Users\TEMP
2008-10-16 17:23 . 2008-11-16 21:59 <REP> d-a------ c:\programdata\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 21:56 --------- d-----w c:\users\katemouse\AppData\Roaming\DNA
2008-11-16 21:34 --------- d-----w c:\programdata\Microsoft Help
2008-11-16 21:24 352,608 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2008-11-16 21:05 --------- d-----w c:\program files\MSN Messenger
2008-11-16 21:05 --------- d-----w c:\program files\DNA
2008-11-16 17:01 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-16 12:29 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-16 08:38 --------- d-----w c:\users\katemouse\AppData\Roaming\BitTorrent
2008-11-16 08:38 --------- d-----w c:\programdata\HP Product Assistant
2008-11-14 10:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-14 10:05 --------- d-----w c:\program files\Micro Application
2008-11-14 09:30 352,608 ---ha-w c:\windows\system32\drivers\vsconfig(251).xml
2008-11-13 23:42 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-13 09:14 --------- d-----w c:\users\katemouse\AppData\Roaming\vlc
2008-11-12 21:16 88,551 ----a-w c:\users\katemouse\AppData\Roaming\nvModes.dat
2008-11-12 09:49 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-08 16:35 33,433,763 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_11_08_14_22_14_full.dmp.zip
2008-11-08 13:22 3,297,280 ----a-w c:\windows\Internet Logs\xDB7177.tmp
2008-10-31 08:34 --------- d-----w c:\users\katemouse\AppData\Roaming\Hewlett-Packard
2008-10-22 20:11 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-22 20:10 --------- d-----w c:\programdata\Roxio
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 11:32 293,776 ----a-w c:\windows\system32\drivers\vsdatant.sys
2008-10-22 11:31 46,480 ----a-w c:\windows\System32\vsutil_loc040c.dll
2008-10-21 08:50 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 08:40 --------- d-----w c:\users\katemouse\AppData\Roaming\Roxio
2008-10-20 13:59 93,257 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_10_20_15_50_00_small.dmp.zip
2008-10-20 13:54 5,512,330 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-19 00:53 242,176 ----a-w c:\windows\Internet Logs\xDB74B2.tmp
2008-10-17 15:20 837,120 ----a-w c:\windows\Internet Logs\xDB8249.tmp
2008-10-17 15:20 1,799,168 ----a-w c:\windows\Internet Logs\xDB8382.tmp
2008-10-17 13:00 3,016,704 ----a-w c:\windows\Internet Logs\xDB9C5D.tmp
2008-10-17 13:00 1,798,656 ----a-w c:\windows\Internet Logs\xDBA0A2.tmp
2008-10-16 23:42 --------- d-----w c:\program files\Alwil Software
2008-10-16 22:38 2,732,032 ----a-w c:\windows\Internet Logs\xDB730C.tmp
2008-10-16 22:38 1,789,952 ----a-w c:\windows\Internet Logs\xDB7417.tmp
2008-10-16 22:00 --------- d-----w c:\program files\Windows Mail
2008-10-16 18:40 --------- d-----w c:\program files\Hewlett-Packard
2008-10-16 07:57 352,616 ---ha-w c:\windows\system32\drivers\vsconfig(445).xml
2008-10-14 16:01 --------- d-----w c:\program files\Combined Community Codec Pack
2008-10-13 10:10 --------- d-----w c:\programdata\Yahoo! Companion
2008-10-09 08:52 --------- d-----w c:\program files\BitTorrent
2008-10-06 12:26 --------- d-----w c:\users\katemouse\AppData\Roaming\Thunderbird
2008-10-04 16:52 --------- d-----w c:\users\katemouse\AppData\Roaming\Yahoo!
2008-10-04 09:39 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 09:39 --------- d-----w c:\program files\iTunes
2008-10-04 09:38 --------- d-----w c:\programdata\Apple Computer
2008-10-04 09:38 --------- d-----w c:\program files\iPod
2008-10-02 12:09 --------- d-----w c:\program files\MSECache
2008-10-02 12:01 --------- d-----w c:\program files\MSBuild
2008-10-02 11:57 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 20:35 108,683 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_09_22_21_30_16_small.dmp.zip
2008-09-22 18:55 101,511 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_09_22_18_50_24_small.dmp.zip
2008-09-22 11:09 --------- d-----w c:\program files\Common Files\Adobe
2008-09-22 10:45 --------- d-----w c:\programdata\FLEXnet
2008-09-21 18:22 98,057 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_09_21_18_50_02_small.dmp.zip
2008-09-21 18:22 111,754 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_09_21_19_56_31_small.dmp.zip
2008-09-19 16:05 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-16 00:11 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-13 16:43 103,466 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_09_13_15_16_27_small.dmp.zip
2008-09-09 10:31 1,610,752 ----a-w c:\windows\Internet Logs\xDB7464.tmp
2008-09-07 16:14 104,245 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_09_07_17_10_30_small.dmp.zip
2008-09-02 12:06 1,576,448 ----a-w c:\windows\Internet Logs\xDB7869.tmp
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-27 13:31 92,160 ----a-w c:\windows\System32\ezUninst.exe
2008-08-27 13:31 85,504 ----a-w c:\windows\System32\ezShellStart.exe
2008-08-27 13:31 49,152 ----a-w c:\windows\System32\ezUPBHook.dll
2008-08-27 13:31 33,792 ----a-w c:\windows\System32\ezntsvc.exe
2008-08-27 13:31 241,664 ----a-w c:\windows\System32\ezSetup.exe
2008-08-27 13:31 15,360 ----a-w c:\windows\System32\ezMAPIHelper.exe
2008-07-04 14:21 174 --sha-w c:\program files\desktop.ini
2008-06-29 13:23 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 11:46 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent DNA"="c:\users\katemouse\Program Files\DNA\btdna.exe" [2008-11-12 342336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-01 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-01 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-22 981904]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-08-28 12:00 531272 c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-06-09 09:16 2363392 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2008-05-14 21:56 468264 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-10-09 21:43 729088 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2008-03-28 01:05 1045800 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 15:12 317128 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{63E473AA-F42E-438A-967D-10594C088465}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1A90FF4E-81FD-49EC-9AF3-13D3900B672C}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1008E960-FD61-418F-82BE-D43B5CD952FC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{AAB044DC-0ECB-4561-A13C-FBF00C273110}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{D7FF1023-08CE-4B7A-926C-10DADA14BCC0}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{B9B182D1-35E6-4224-B513-78D0FC634770}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{4CE3CB47-DC35-4495-9E80-25FA91560A48}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{1576F02E-3A66-45C5-9E3A-5121FB1F11DD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1BC4F933-64B1-492C-A255-702AFE873092}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{B30684C1-E3C3-440B-B5B3-7285D30F219B}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{36771738-54B7-4A49-9C1D-67E5B4CD668C}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule
"{0E783F94-B720-4DA7-AEBE-C6258185FB27}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{DA296A10-9DB0-4B86-9CFA-668FE3F2F3D4}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{1E2C1796-2594-4781-A553-7E2E56999963}c:\\users\\katemouse\\program files\\dna\\btdna.exe"= UDP:c:\users\katemouse\program files\dna\btdna.exe:btdna.exe
"UDP Query User{9A24FB35-129E-49BC-9CE8-DE79196E7C67}c:\\users\\katemouse\\program files\\dna\\btdna.exe"= TCP:c:\users\katemouse\program files\dna\btdna.exe:btdna.exe
"TCP Query User{1BED0227-6925-48F9-9F60-517084351F60}c:\\users\\katemouse\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\users\katemouse\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{73D44474-059A-498A-91B1-3C7FFEDC67B5}c:\\users\\katemouse\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\users\katemouse\program files\bittorrent\bittorrent.exe:bittorrent.exe
"{FF083115-4EFB-44A9-92D1-CE30827F719C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C747823-8531-40A7-8FA4-D6E79010814D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CF536A77-EE81-41F8-9A05-8DB670C0D252}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CC9F2E96-E3D4-4BEE-B10B-CCC35CB3EB8B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{43FDC484-8DC8-40B0-A958-57B5BF064669}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{72D1E481-FD4E-4B09-A233-E8D5A59466A6}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{1685E1E7-F3DC-4141-A24D-6AFBC9A1E971}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{D0A4C594-B2D8-410E-9F27-C71ECD7B821F}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{CB7DF873-78A0-44A9-A51F-705005D8A41A}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{B523222F-038E-4C31-AFC9-851BFFABC4BA}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{6619C05F-D7AB-4601-BFC0-0EF86D58A10D}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{CC6ADC79-4D63-409C-A01C-B9786D4E36EA}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{576C7F5F-1972-453D-923B-4C328AC9C204}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A54E425C-4476-4099-A44D-E95A135ABE89}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-17 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-17 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-10-17 51792]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-09-09 170640]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2008-06-29 292248]
R2 QPSched;QuickPlay Task Scheduler (QTS);"c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2008-06-29 116112]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-09-09 15504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for katemouse.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 16:10]

2008-11-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for katemouse.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 16:10]

2008-11-13 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-katemouse_katemouse.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 12:51]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\katemouse\AppData\Roaming\Mozilla\Firefox\Profiles\86g351bh.default\
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\users\katemouse\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 22:59:25
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-16 23:01:20
ComboFix-quarantined-files.txt 2008-11-16 22:01:16

Avant-CF: 75 165 106 176 octets libres
Après-CF: 75,142,524,928 octets libres

319 --- E O F --- 2008-11-16 21:34:10

   
Répondre à katemouse

15

jlpjlp, le 17 nov 2008 à 13:02:37

Remet un rapport hijackthis et dis tes soucis actuels

   
Répondre à jlpjlp

16

katemouse, le 17 nov 2008 à 14:15:11

Bonjour jlpjlp,


Voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:17, on 17/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\katemouse\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\katemouse\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
End of file - 10625 bytes
Est ce qu'il y a encore des traces de wimad????
Qu'est ce que le service stllssr? Quelles sont les lignes qui sont inutiles et que je peux fixer?
Avast n'a pas pu scanner C:windows\system32\conime.exe s'agit il d'un virus?

Merci d'avance jljlp

   
Répondre à katemouse

17

katemouse, le 17 nov 2008 à 14:20:03

RE encore une question....Est ce que O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe est un virus?????

   
Répondre à katemouse

18

jlpjlp, le 18 nov 2008 à 10:50:24

Est ce qu'il y a encore des traces de wimad????

cela devrait etre bon:

pour verifier:

Télécharge RavAntivirus d'Evosla :
http://www.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!


et



colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/
____________________

Qu'est ce que le service stllssr? Quelles sont les lignes qui sont inutiles et que je peux fixer?

tu veux parler de stllssvr?

http://www.processlibrary.com/fr/directory/files/stllssvr


_________________
Avast n'a pas pu scanner C:windows\system32\conime.exe s'agit il d'un virus?

NON regarde ici

http://www.liutilities.com/products/wintaskspro/processlibrary/conime/

_____________________

RE encore une question....Est ce que O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe est un virus?????

non

   
Répondre à jlpjlp

19

katemouse, le 18 nov 2008 à 11:37:23

Bonjour,

Tout d'abord merci pour tes réponses. j'ai opté pour la solution radicale du formatage!

   
Répondre à katemouse
20 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide