Virus???Résolu/Fermé

Question

Bonjour,
J'ai télécharger une appliction et je n'oré pa du c'était un virus mais je n'arrive pas a lenlevé jé éteint mon ordi et quand je lé ralumé il yavait une fenétre d'antivirus sur ecran noir et elle me permet seulement datteindre une page web je peu rien faire dotre. aider moi!!

merci

tony624 · Answer

Urgent Svp

Destrio5 · Answer

Salut,

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

tony624 · Answer

je n'est pas acces a mon bureau

tony624 · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Anthony at 2009-04-11 00:35:03
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 10 GB (29%) free of 35 GB
Total RAM: 2039 MB (64% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows	asks\User_Feed_Synchronization-{419DACB8-2C5F-465C-BF2B-2B267FD824C1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}]
C:\PROGRA~1\PRIVAC~1	ools\sp\spbho.dll [2009-04-07 448512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-04-10 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-04-04 138008]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-04-04 154392]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-04-04 133912]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2007-04-19 561152]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-04-10 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-04-10 69632]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-02-20 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"Skytel"=C:\Windows\Skytel.exe [2007-04-04 1822720]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OBealsched.exe [2009-03-04 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"agent.exe"=C:\Program Files\Privacy center\agent.exe [2009-04-07 556032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-04-11 00:35:03 ----D---- C:sit
2009-04-11 00:35:03 ----D---- C:\Program Files	rend micro
2009-04-10 23:41:35 ----D---- C:\Users\Anthony\AppData\Roaming\Privacy center
2009-04-10 23:41:33 ----D---- C:\Program Files\Privacy center
2009-04-10 22:14:03 ----D---- C:\Windows\system32\Adobe
2009-04-10 22:04:46 ----SHD---- C:\Config.Msi
2009-03-27 17:59:41 ----A---- C:\Windows\system32\javaws.exe
2009-03-27 17:59:41 ----A---- C:\Windows\system32\javaw.exe
2009-03-27 17:59:41 ----A---- C:\Windows\system32\java.exe
2009-03-14 00:13:11 ----AT---- C:\Windows\system32\SIntfNT.dll
2009-03-14 00:13:11 ----AT---- C:\Windows\system32\SIntf32.dll
2009-03-14 00:13:11 ----AT---- C:\Windows\system32\SIntf16.dll
2009-03-13 23:56:35 ----A---- C:\Windows\ZeusIsUninst.Exe
2009-03-13 23:55:13 ----D---- C:\Sierra
2009-03-13 23:55:13 ----D---- C:\Program Files\Sierra On-Line
2009-03-13 23:54:55 ----A---- C:\Windows\SIERRA.INI
2009-03-13 23:54:45 ----A---- C:\Windows\IsUn040c.exe
2009-03-13 23:43:06 ----D---- C:\Program Files\Common Files\SWF Studio
2009-03-13 23:36:04 ----D---- C:\Users\Anthony\AppData\Roaming\dvdcss
2009-03-13 19:30:02 ----A---- C:\Windows\system32\wmp.dll
2009-03-13 19:30:01 ----A---- C:\Windows\system32\spwmp.dll
2009-03-13 19:30:00 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-13 19:30:00 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-13 19:29:35 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 1 months======

2009-04-11 00:35:03 ----RD---- C:\Program Files
2009-04-11 00:35:00 ----D---- C:\Windows\Temp
2009-04-11 00:25:44 ----D---- C:\Windows\System32
2009-04-11 00:25:44 ----D---- C:\Windows\inf
2009-04-11 00:25:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-11 00:20:10 ----D---- C:\Windows\system32\LogFiles
2009-04-11 00:13:46 ----D---- C:\Windows\Prefetch
2009-04-10 22:14:04 ----SD---- C:\Windows\Downloaded Program Files
2009-04-10 22:12:17 ----SHD---- C:\System Volume Information
2009-04-10 22:08:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-10 22:08:30 ----D---- C:\Program Files\CyberLink
2009-04-10 22:07:21 ----D---- C:\Windows
2009-04-10 22:05:53 ----SHD---- C:\Windows\Installer
2009-04-10 22:05:47 ----D---- C:\ProgramData\Adobe
2009-04-10 22:05:43 ----D---- C:\Program Files\Common Files
2009-04-10 19:33:17 ----D---- C:\Windows\system32\Macromed
2009-04-10 18:06:54 ----D---- C:\Windows\system32\drivers
2009-03-27 17:59:40 ----D---- C:\Program Files\Java
2009-03-22 21:19:17 ----D---- C:\Windows\system32\WDI
2009-03-21 18:06:15 ----D---- C:\Windows\Tasks
2009-03-21 18:06:15 ----D---- C:\Windows\system32\Tasks
2009-03-21 18:02:04 ----SD---- C:\Users\Anthony\AppData\Roaming\Microsoft
2009-03-14 09:52:54 ----D---- C:\Windows\system32\catroot2
2009-03-13 23:26:48 ----D---- C:\Windows\winsxs
2009-03-13 23:13:10 ----D---- C:\Windows\system32\catroot
2009-03-13 23:11:32 ----D---- C:\Program Files\Windows Media Player
2009-03-13 23:11:32 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-03-27 137224]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 694784]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-04-10 104328]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-04-10 8832]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 1671680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 MGHwCtrl;MGHwCtrl; \??\C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2008-09-02 13056]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERSfcomm.sys [2006-11-02 49664]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner	rufos.sys [2009-03-27 39936]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-30 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-10 415024]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro\o2flash.exe [2007-02-12 65536]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-10 1626112]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

tony624 · Answer

info.txt logfile of random's system information tool 1.06 2009-04-11 00:35:27

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe
Agere Systems HDA Modem-->agrsmdel
American Conquest-->C:\Program Files\American Conquest\uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
BitDefender Internet Security 2009-->MsiExec.exe /X{A7E80619-A6CC-438C-92B3-708FFC004AFE}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Le Maître de l'Olympe - Zeus.-->C:\Windows\IsUn040c.exe -f"C:\Sierra\Le Maître de l' Olympe  Zeus\Uninst.isu"
Le Maître de l'Olympe et le Maître de l'Atlandide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8043219B-D2C0-4561-90AB-3F1113ED5A87}\Setup.exe" 
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O2Micro Flash Memory Card Reader Driver Installer(x86)-->MsiExec.exe /X{48C10E3C-A04F-4ED0-82AF-609CC5DE0F5D}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pinnacle VideoSpin-->MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe"  -uninstall
Privacy center-->C:\Program Files\Privacy center\uninstall.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
System Control Manager-->C:\Program Files\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
WinRAR archiver-->C:\Program Files\WinRAR 3.61 Multi\Uninstall.exe

======Security center information======

tony624 · Answer

merci de toccupé de moi.

Destrio5 · Answer

--> Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

tony624 · Answer

Je n'est pa accé a cette partie de lordi

Destrio5 · Answer

Tant pis, continue.

tony624 · Answer

Je ne pe pa desactivé UAC

Destrio5 · Answer

Ok.

tony624 · Answer

ComboFix 09-04-04.01 - Anthony 2009-04-11 0:49:45.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2039.1236 [GMT 2:00] Lancé depuis: c:\users\Anthony\Desktop\ComboFix.exe AV: Antivirus BitDefender *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning disabled* (Updated) FW: Norton Internet Security *disabled* FW: Pare-feu BitDefender *enabled* * Un nouveau point de restauration a été créé * Resident AV is active . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-10 au 2009-04-10 )))))))))))))))))))))))))))))))))))) . 2009-04-11 00:35 . 2009-04-11 00:35 d-------- C: sit 2009-04-11 00:35 . 2009-04-11 00:35 d-------- c:\program files rend micro 2009-04-10 23:41 . 2009-04-10 23:41 d-------- c:\users\Anthony\AppData\Roaming\Privacy center 2009-04-10 23:41 . 2009-04-10 23:41 d-------- c:\program files\Privacy center 2009-04-10 22:14 . 2009-04-10 22:15 d-------- c:\windows\System32\Adobe 2009-03-14 00:13 . 2009-03-14 22:47 21,840 --a----t- c:\windows\System32\SIntfNT.dll 2009-03-14 00:13 . 2009-03-14 22:47 17,212 --a----t- c:\windows\System32\SIntf32.dll 2009-03-14 00:13 . 2009-03-14 22:47 12,067 --a----t- c:\windows\System32\SIntf16.dll 2009-03-13 23:58 . 2000-10-03 20:54 2,998 --a------ c:\windows\setup.ico 2009-03-13 23:56 . 1998-01-23 13:20 305,664 --a------ c:\windows\ZeusIsUninst.Exe 2009-03-13 23:55 . 2009-03-13 23:55 d-------- C:\Sierra 2009-03-13 23:55 . 2009-03-13 23:55 d-------- c:\program files\Sierra On-Line 2009-03-13 23:54 . 1998-01-23 13:20 305,664 --a------ c:\windows\IsUn040c.exe 2009-03-13 23:54 . 2009-03-14 00:05 334 --a------ c:\windows\SIERRA.INI 2009-03-13 23:43 . 2009-03-13 23:43 d-------- c:\program files\Common Files\SWF Studio 2009-03-13 23:36 . 2009-04-04 17:13 d-------- c:\users\Anthony\AppData\Roaming\dvdcss 2009-03-13 19:30 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-13 19:30 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-13 19:30 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-13 19:30 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-13 19:29 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-13 19:29 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 22:16 81,984 ----a-w c:\windows\System32\bdod.bin 2009-04-10 20:08 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-10 20:08 --------- d-----w c:\program files\CyberLink 2009-04-10 16:05 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys 2009-03-27 15:59 --------- d-----w c:\program files\Java 2009-03-13 21:11 --------- d-----w c:\program files\Windows Mail 2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll 2009-03-04 16:48 --------- d-----w c:\program files\American Conquest 2009-03-04 16:37 --------- d-----w c:\program files\Real 2009-03-04 16:37 --------- d-----w c:\program files\Common Files\xing shared 2009-03-04 16:37 --------- d-----w c:\program files\Common Files\Real 2009-03-03 10:51 --------- d-----w c:\programdata\Pinnacle VideoSpin 2009-03-03 10:43 --------- d-----w c:\program files\Pinnacle 2009-03-03 10:43 --------- d-----w c:\program files\Common Files\Yahoo! 2009-03-03 10:41 --------- d-----w c:\programdata\Pinnacle 2009-02-28 10:22 --------- d-----w c:\programdata\Microsoft Help 2009-02-28 03:23 --------- d-----w c:\users\Anthony\AppData\Roaming\OpenOffice.org 2009-02-27 21:01 --------- d-----w c:\program files\Microsoft Works 2009-02-21 13:12 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-02-21 12:13 174 --sha-w c:\program files\desktop.ini 2009-02-21 12:04 --------- d-----w c:\program files\Windows Sidebar 2009-02-21 12:04 --------- d-----w c:\program files\Windows Photo Gallery 2009-02-21 12:04 --------- d-----w c:\program files\Windows Journal 2009-02-21 12:04 --------- d-----w c:\program files\Windows Defender 2009-02-21 12:04 --------- d-----w c:\program files\Windows Collaboration 2009-02-21 12:04 --------- d-----w c:\program files\Windows Calendar 2009-02-21 11:52 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-02-21 11:52 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-02-21 00:20 --------- d-----w c:\program files\Adobe Media Player 2009-02-20 23:58 --------- d-----w c:\program files\Google 2009-02-20 20:37 --------- d-----w c:\users\Anthony\AppData\Roaming\Apple Computer 2009-02-20 20:37 --------- d-----w c:\programdata\Apple Computer 2009-02-20 20:37 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-20 20:37 --------- d-----w c:\program files\iTunes 2009-02-20 20:37 --------- d-----w c:\program files\iPod 2009-02-20 20:37 --------- d-----w c:\program files\Common Files\Apple 2009-02-20 20:36 --------- d-----w c:\program files\QuickTime 2009-02-20 20:36 --------- d-----w c:\program files\Bonjour 2009-02-20 20:34 --------- d-----w c:\program files\Apple Software Update 2009-02-20 20:33 --------- d-----w c:\programdata\Apple 2009-02-20 18:13 --------- d-----w c:\programdata\Symantec 2009-02-20 18:13 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-20 17:29 --------- d-----w c:\programdata\BitDefender 2009-02-20 17:20 --------- d-----w c:\users\Anthony\AppData\Roaming\BitDefender 2009-02-20 17:20 --------- d-----w c:\program files\Common Files\BitDefender 2009-02-20 17:20 --------- d-----w c:\program files\BitDefender 2009-02-20 16:40 269,312 ----a-w c:\windows\System32\es.dll 2009-02-20 16:33 622,080 ----a-w c:\windows\System32\icardagt.exe 2009-02-20 16:33 11,264 ----a-w c:\windows\System32\icardres.dll 2009-02-20 16:32 97,800 ----a-w c:\windows\System32\infocardapi.dll 2009-02-20 16:32 781,344 ----a-w c:\windows\System32\PresentationNative_v0300.dll 2009-02-20 16:32 43,544 ----a-w c:\windows\System32\PresentationHostProxy.dll 2009-02-20 16:32 326,160 ----a-w c:\windows\System32\PresentationHost.exe 2009-02-20 16:32 105,016 ----a-w c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-02-15 11:38 988,216 ----a-w c:\windows\System32\winload.exe 2009-02-15 11:38 927,288 ----a-w c:\windows\System32\winresume.exe 2009-02-15 11:38 615,992 ----a-w c:\windows\System32\ci.dll 2009-02-15 11:38 6,656 ----a-w c:\windows\System32\kbd106n.dll 2009-02-15 11:38 46,592 ----a-w c:\windows\System32\setbcdlocale.dll 2009-02-15 11:38 40,960 ----a-w c:\windows\System32\srclient.dll 2009-02-15 11:38 378,368 ----a-w c:\windows\System32\srcore.dll 2009-02-15 11:38 318,464 ----a-w c:\windows\System32 strui.exe 2009-02-15 11:38 19,000 ----a-w c:\windows\System32\kd1394.dll 2009-02-15 11:38 14,848 ----a-w c:\windows\System32\srdelayed.exe 2009-02-15 11:36 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll 2009-02-15 11:36 443,392 ----a-w c:\windows\System32\win32spl.dll 2009-02-15 11:36 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll 2009-02-15 11:36 37,888 ----a-w c:\windows\System32\printcom.dll 2009-02-15 11:36 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll 2009-02-15 11:35 14,848 ----a-w c:\windows\System32\wshrm.dll 2009-02-15 11:35 113,664 ----a-w c:\windows\system32\drivers mcast.sys 2009-02-15 11:34 288,768 ----a-w c:\windows\system32\drivers\srv.sys 2009-02-15 11:18 --------- d-----w c:\users\Anthony\AppData\Roaming\vlc 2009-02-14 17:39 --------- d-----w c:\program files\OpenOffice.org 3 2009-02-14 17:39 --------- d-----w c:\program files\JRE 2009-02-14 17:37 --------- d-----w c:\program files\Common Files\Java 2009-02-14 14:56 --------- d-----w c:\program files\VideoLAN 2009-02-14 14:02 61,440 ----a-w c:\windows\System32\winipsec.dll 2009-02-14 14:02 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL 2009-02-14 14:02 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll 2009-02-14 14:02 272,896 ----a-w c:\windows\System32\polstore.dll 2009-02-14 14:01 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll 2009-02-14 14:01 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2009-02-14 14:01 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll 2009-02-14 13:56 827,392 ----a-w c:\windows\System32\wininet.dll 2009-02-14 13:54 296,960 ----a-w c:\windows\System32\gdi32.dll 2009-02-14 13:52 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-02-14 13:51 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2009-02-14 13:51 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-02-14 13:51 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2009-02-14 13:51 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2009-02-14 13:51 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2009-02-14 13:51 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2009-02-14 13:51 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2009-02-14 13:51 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2009-02-14 13:51 1,695,744 ----a-w c:\windows\System32\gameux.dll 2009-02-14 13:50 303,616 ----a-w c:\windows\System32\wmpeffects.dll 2009-02-14 13:49 2,048 ----a-w c:\windows\System32\msxml3r.dll 2009-02-14 13:49 1,191,936 ----a-w c:\windows\System32\msxml3.dll 2009-02-14 13:47 2,048 ----a-w c:\windows\System32 zres.dll 2009-04-10 16:05 49,664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "agent.exe"="c:\program files\Privacy center\agent.exe" [2009-04-07 556032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-04-19 561152] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-10 778240] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-10 69632] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-02-20 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "TkBellExe"="c:\program files\Common Files\Real\Update_OB ealsched.exe" [2009-03-04 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-04-04 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Shell"="c:\program files\Privacy center\pc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "vidc.mjpg"= pvmjpg30.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F5D8C0D4-5E66-4BEC-9C47-DF388440CE06}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager "{6C2DF21F-A84D-4DB0-8D86-4E7AA51B3516}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager "{F20056BA-9FF1-4A36-88DC-24E7A9693652}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi "{D2B6D02D-228D-44DE-8C29-9B81C067E841}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi "{34B95010-E7AB-4018-A5DA-393FACD149B8}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin "{227B2EE4-0070-4053-87AE-C4C64412122F}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin "TCP Query User{AE5E86F5-0256-48CB-8397-D8E05B21FFDC}c:\program files\windows live\messenger\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{EE66D8A3-971B-43E6-A34C-5D088D3D2D85}c:\program files\windows live\messenger\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DisableNotifications"= 1 (0x1) R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [2007-11-30 210432] R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2006-11-20 38400] R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2007-03-09 35968] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-11-30 40960] R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-10-17 104328] R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [2007-11-30 19456] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{419DACB8-2C5F-465C-BF2B-2B267FD824C1}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 09:33] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.msi.com.tw uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\hky47ncq.default\ FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 00:52:52 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\users\Anthony\AppData\Local\Temp\catchme.dll 53248 bytes executable Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . Heure de fin: 2009-04-11 0:55:59 ComboFix-quarantined-files.txt 2009-04-10 22:55:56 Avant-CF: 10 368 585 728 octets libres Après-CF: 9,877,897,216 octets libres 229 --- E O F --- 2009-03-20 16:35:14

Destrio5 · Answer

/!\ Seul tony624 peut suivre cette procédure. /!\


1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :







KillAll::

Folder::
c:\program files\Privacy center 
c:\users\Anthony\AppData\Roaming\Privacy center 

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"agent.exe"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]     
"Shell"=-






--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.


2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt

tony624 · Answer

j'ai denouveau acces a mon bureau 
jte remerci

tony624 · Answer

ComboFix 09-04-04.01 - Anthony 2009-04-11 1:06:07.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2039.1076 [GMT 2:00] Lancé depuis: c:\users\Anthony\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Anthony\Desktop\CFScript.txt AV: Antivirus BitDefender *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning disabled* (Updated) FW: Norton Internet Security *disabled* FW: Pare-feu BitDefender *enabled* * Un nouveau point de restauration a été créé * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Privacy center c:\program files\Privacy center\agent.exe c:\program files\Privacy center\faq\guide.html c:\program files\Privacy center\faq\images\gimg1.jpg c:\program files\Privacy center\faq\images\gimg10.jpg c:\program files\Privacy center\faq\images\gimg2.jpg c:\program files\Privacy center\faq\images\gimg3.jpg c:\program files\Privacy center\faq\images\gimg4.jpg c:\program files\Privacy center\faq\images\gimg5.jpg c:\program files\Privacy center\faq\images\gimg6.jpg c:\program files\Privacy center\faq\images\gimg7.jpg c:\program files\Privacy center\faq\images\gimg8.jpg c:\program files\Privacy center\faq\images\gimg9.jpg c:\program files\Privacy center\pc.exe c:\program files\Privacy center\sounds\1.mp3 c:\program files\Privacy center\sounds\3.mp3 c:\program files\Privacy center ools\sc\ca.crt c:\program files\Privacy center ools\sc\libeay32.dll c:\program files\Privacy center ools\sc\libssl32.dll c:\program files\Privacy center ools\sc\OemWin2k.inf c:\program files\Privacy center ools\sc\openvpn.exe c:\program files\Privacy center ools\sc ap0801.sys c:\program files\Privacy center ools\sc apinstall.exe c:\program files\Privacy center ools\sp\spbho.dll c:\program files\Privacy center\uninstall.exe c:\users\Anthony\AppData\Roaming\Privacy center c:\users\Anthony\AppData\Roaming\Privacy center\dbases\cg.dat c:\users\Anthony\AppData\Roaming\Privacy center\dbases\mw.dat c:\users\Anthony\AppData\Roaming\Privacy center\dbases d.dat c:\users\Anthony\AppData\Roaming\Privacy center\dbases\sc.dat c:\users\Anthony\AppData\Roaming\Privacy center\dbases\sm.dat c:\users\Anthony\AppData\Roaming\Privacy center\dbases\sp.dat c:\users\Anthony\AppData\Roaming\Privacy center\keys\cg.key c:\users\Anthony\AppData\Roaming\Privacy center\keys d.key c:\users\Anthony\AppData\Roaming\Privacy center\keys\sc.key c:\users\Anthony\AppData\Roaming\Privacy center\keys\sp.key c:\users\Anthony\AppData\Roaming\Privacy center emp\settings.ini c:\users\Anthony\AppData\Roaming\Privacy center emp\spfilter . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-10 au 2009-04-10 )))))))))))))))))))))))))))))))))))) . 2009-04-11 01:06 . 2009-04-11 01:08 121 --a------ c:\windows\bdagent.INI 2009-04-11 00:35 . 2009-04-11 00:35 d-------- C: sit 2009-04-11 00:35 . 2009-04-11 00:35 d-------- c:\program files rend micro 2009-04-10 22:14 . 2009-04-10 22:15 d-------- c:\windows\System32\Adobe 2009-03-14 00:13 . 2009-03-14 22:47 21,840 --a----t- c:\windows\System32\SIntfNT.dll 2009-03-14 00:13 . 2009-03-14 22:47 17,212 --a----t- c:\windows\System32\SIntf32.dll 2009-03-14 00:13 . 2009-03-14 22:47 12,067 --a----t- c:\windows\System32\SIntf16.dll 2009-03-13 23:58 . 2000-10-03 20:54 2,998 --a------ c:\windows\setup.ico 2009-03-13 23:56 . 1998-01-23 13:20 305,664 --a------ c:\windows\ZeusIsUninst.Exe 2009-03-13 23:55 . 2009-03-13 23:55 d-------- C:\Sierra 2009-03-13 23:55 . 2009-03-13 23:55 d-------- c:\program files\Sierra On-Line 2009-03-13 23:54 . 1998-01-23 13:20 305,664 --a------ c:\windows\IsUn040c.exe 2009-03-13 23:54 . 2009-03-14 00:05 334 --a------ c:\windows\SIERRA.INI 2009-03-13 23:43 . 2009-03-13 23:43 d-------- c:\program files\Common Files\SWF Studio 2009-03-13 23:36 . 2009-04-04 17:13 d-------- c:\users\Anthony\AppData\Roaming\dvdcss 2009-03-13 19:30 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-13 19:30 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-13 19:30 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-13 19:30 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-13 19:29 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-13 19:29 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 23:08 81,984 ----a-w c:\windows\System32\bdod.bin 2009-04-10 20:08 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-10 20:08 --------- d-----w c:\program files\CyberLink 2009-04-10 16:05 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys 2009-03-27 15:59 --------- d-----w c:\program files\Java 2009-03-13 21:11 --------- d-----w c:\program files\Windows Mail 2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll 2009-03-04 16:48 --------- d-----w c:\program files\American Conquest 2009-03-04 16:37 --------- d-----w c:\program files\Real 2009-03-04 16:37 --------- d-----w c:\program files\Common Files\xing shared 2009-03-04 16:37 --------- d-----w c:\program files\Common Files\Real 2009-03-03 10:51 --------- d-----w c:\programdata\Pinnacle VideoSpin 2009-03-03 10:43 --------- d-----w c:\program files\Pinnacle 2009-03-03 10:43 --------- d-----w c:\program files\Common Files\Yahoo! 2009-03-03 10:41 --------- d-----w c:\programdata\Pinnacle 2009-02-28 10:22 --------- d-----w c:\programdata\Microsoft Help 2009-02-28 03:23 --------- d-----w c:\users\Anthony\AppData\Roaming\OpenOffice.org 2009-02-27 21:01 --------- d-----w c:\program files\Microsoft Works 2009-02-21 13:12 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-02-21 12:13 174 --sha-w c:\program files\desktop.ini 2009-02-21 12:04 --------- d-----w c:\program files\Windows Sidebar 2009-02-21 12:04 --------- d-----w c:\program files\Windows Photo Gallery 2009-02-21 12:04 --------- d-----w c:\program files\Windows Journal 2009-02-21 12:04 --------- d-----w c:\program files\Windows Defender 2009-02-21 12:04 --------- d-----w c:\program files\Windows Collaboration 2009-02-21 12:04 --------- d-----w c:\program files\Windows Calendar 2009-02-21 11:52 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-02-21 11:52 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-02-21 00:20 --------- d-----w c:\program files\Adobe Media Player 2009-02-20 23:58 --------- d-----w c:\program files\Google 2009-02-20 20:37 --------- d-----w c:\users\Anthony\AppData\Roaming\Apple Computer 2009-02-20 20:37 --------- d-----w c:\programdata\Apple Computer 2009-02-20 20:37 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-20 20:37 --------- d-----w c:\program files\iTunes 2009-02-20 20:37 --------- d-----w c:\program files\iPod 2009-02-20 20:37 --------- d-----w c:\program files\Common Files\Apple 2009-02-20 20:36 --------- d-----w c:\program files\QuickTime 2009-02-20 20:36 --------- d-----w c:\program files\Bonjour 2009-02-20 20:34 --------- d-----w c:\program files\Apple Software Update 2009-02-20 20:33 --------- d-----w c:\programdata\Apple 2009-02-20 18:13 --------- d-----w c:\programdata\Symantec 2009-02-20 18:13 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-20 17:29 --------- d-----w c:\programdata\BitDefender 2009-02-20 17:20 --------- d-----w c:\users\Anthony\AppData\Roaming\BitDefender 2009-02-20 17:20 --------- d-----w c:\program files\Common Files\BitDefender 2009-02-20 17:20 --------- d-----w c:\program files\BitDefender 2009-02-20 16:40 269,312 ----a-w c:\windows\System32\es.dll 2009-02-20 16:33 622,080 ----a-w c:\windows\System32\icardagt.exe 2009-02-20 16:33 11,264 ----a-w c:\windows\System32\icardres.dll 2009-02-20 16:32 97,800 ----a-w c:\windows\System32\infocardapi.dll 2009-02-20 16:32 781,344 ----a-w c:\windows\System32\PresentationNative_v0300.dll 2009-02-20 16:32 43,544 ----a-w c:\windows\System32\PresentationHostProxy.dll 2009-02-20 16:32 326,160 ----a-w c:\windows\System32\PresentationHost.exe 2009-02-20 16:32 105,016 ----a-w c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-02-15 11:38 988,216 ----a-w c:\windows\System32\winload.exe 2009-02-15 11:38 927,288 ----a-w c:\windows\System32\winresume.exe 2009-02-15 11:38 615,992 ----a-w c:\windows\System32\ci.dll 2009-02-15 11:38 6,656 ----a-w c:\windows\System32\kbd106n.dll 2009-02-15 11:38 46,592 ----a-w c:\windows\System32\setbcdlocale.dll 2009-02-15 11:38 40,960 ----a-w c:\windows\System32\srclient.dll 2009-02-15 11:38 378,368 ----a-w c:\windows\System32\srcore.dll 2009-02-15 11:38 318,464 ----a-w c:\windows\System32 strui.exe 2009-02-15 11:38 19,000 ----a-w c:\windows\System32\kd1394.dll 2009-02-15 11:38 14,848 ----a-w c:\windows\System32\srdelayed.exe 2009-02-15 11:36 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll 2009-02-15 11:36 443,392 ----a-w c:\windows\System32\win32spl.dll 2009-02-15 11:36 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll 2009-02-15 11:36 37,888 ----a-w c:\windows\System32\printcom.dll 2009-02-15 11:36 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll 2009-02-15 11:35 14,848 ----a-w c:\windows\System32\wshrm.dll 2009-02-15 11:35 113,664 ----a-w c:\windows\system32\drivers mcast.sys 2009-02-15 11:34 288,768 ----a-w c:\windows\system32\drivers\srv.sys 2009-02-15 11:18 --------- d-----w c:\users\Anthony\AppData\Roaming\vlc 2009-02-14 17:39 --------- d-----w c:\program files\OpenOffice.org 3 2009-02-14 17:39 --------- d-----w c:\program files\JRE 2009-02-14 17:37 --------- d-----w c:\program files\Common Files\Java 2009-02-14 14:56 --------- d-----w c:\program files\VideoLAN 2009-02-14 14:02 61,440 ----a-w c:\windows\System32\winipsec.dll 2009-02-14 14:02 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL 2009-02-14 14:02 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll 2009-02-14 14:02 272,896 ----a-w c:\windows\System32\polstore.dll 2009-02-14 14:01 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll 2009-02-14 14:01 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2009-02-14 14:01 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll 2009-02-14 13:56 827,392 ----a-w c:\windows\System32\wininet.dll 2009-02-14 13:54 296,960 ----a-w c:\windows\System32\gdi32.dll 2009-02-14 13:52 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-02-14 13:51 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2009-02-14 13:51 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-02-14 13:51 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2009-02-14 13:51 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2009-02-14 13:51 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2009-02-14 13:51 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2009-02-14 13:51 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2009-02-14 13:51 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2009-02-14 13:51 1,695,744 ----a-w c:\windows\System32\gameux.dll 2009-02-14 13:50 303,616 ----a-w c:\windows\System32\wmpeffects.dll 2009-02-14 13:49 2,048 ----a-w c:\windows\System32\msxml3r.dll 2009-02-14 13:49 1,191,936 ----a-w c:\windows\System32\msxml3.dll 2009-02-14 13:47 2,048 ----a-w c:\windows\System32 zres.dll 2009-04-10 16:05 49,664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-11_ 0.53.44,49 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-10 22:20:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-04-10 23:09:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-04-10 22:20:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-04-10 23:09:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-04-10 22:20:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService tuser.dat + 2009-04-10 23:09:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService tuser.dat - 2009-04-10 22:20:52 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService tuser.dat + 2009-04-10 23:09:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService tuser.dat + 2009-04-10 23:09:58 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService tuser.dat.LOG1 - 2009-04-10 22:21:45 5,966 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-630861988-3756585826-668903797-1000_UserData.bin + 2009-04-10 23:11:19 5,974 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-630861988-3756585826-668903797-1000_UserData.bin - 2009-04-10 22:21:45 60,936 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-04-10 23:11:19 60,944 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-04-10 22:21:44 31,880 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-04-10 23:11:18 32,294 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-04-05 10:33:26 196,576 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-04-10 23:00:15 198,190 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-04-19 561152] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-10 778240] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-10 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-20 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "TkBellExe"="c:\program files\Common Files\Real\Update_OB ealsched.exe" [2009-03-04 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "vidc.mjpg"= pvmjpg30.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F5D8C0D4-5E66-4BEC-9C47-DF388440CE06}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager "{6C2DF21F-A84D-4DB0-8D86-4E7AA51B3516}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager "{F20056BA-9FF1-4A36-88DC-24E7A9693652}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi "{D2B6D02D-228D-44DE-8C29-9B81C067E841}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi "{34B95010-E7AB-4018-A5DA-393FACD149B8}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin "{227B2EE4-0070-4053-87AE-C4C64412122F}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin "TCP Query User{AE5E86F5-0256-48CB-8397-D8E05B21FFDC}c:\program files\windows live\messenger\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{EE66D8A3-971B-43E6-A34C-5D088D3D2D85}c:\program files\windows live\messenger\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DisableNotifications"= 1 (0x1) R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [2007-11-30 210432] R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2006-11-20 38400] R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2007-03-09 35968] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-11-30 40960] R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-10-17 104328] R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [2007-11-30 19456] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{419DACB8-2C5F-465C-BF2B-2B267FD824C1}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 09:33] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.msi.com.tw uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\hky47ncq.default\ FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 01:10:50 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\windows\System32\audiodg.exe c:\windows\System32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\O2Micro\o2flash.exe c:\windows\System32\conime.exe c:\windows\System32\igfxsrvc.exe c:\program files\iPod\bin\iPodService.exe c:\combofix\hidec.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\windows\System32\dllhost.exe c:\combofix\Catchme.tmp . ************************************************************************** . Heure de fin: 2009-04-11 1:17:36 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-10 23:16:10 ComboFix2.txt 2009-04-10 22:56:01 Avant-CF: 9 886 081 024 octets libres Après-CF: 9,634,516,992 octets libres 305 --- E O F --- 2009-03-20 16:35:14

Destrio5 · Answer

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

tony624 · Answer

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1963
Windows 6.0.6001 Service Pack 1

11/04/2009 01:26:46
mbam-log-2009-04-11 (01-26-46).txt

Type de recherche: Examen rapide
Eléments examinés: 58935
Temps écoulé: 2 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\spbho.tiebho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Désinstalle Java 6 Update 7.

---> Menu Démarrer, tape Exécuter dans la barre Rechercher et valide.

---> Dans la fenêtre Exécuter, tape combofix /u et valide.

---> Refais un scan RSIT et poste le rapport log.

tony624 · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Anthony at 2009-04-11 01:36:33
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 9 GB (26%) free of 35 GB
Total RAM: 2039 MB (52% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows	asks\User_Feed_Synchronization-{419DACB8-2C5F-465C-BF2B-2B267FD824C1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-04-10 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-04-04 138008]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-04-04 154392]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-04-04 133912]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2007-04-19 561152]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-04-10 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-04-10 69632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-02-20 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OBealsched.exe [2009-03-04 198160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-04-11 01:35:54 ----D---- C:\ComboFix
2009-04-11 01:22:20 ----D---- C:\Users\Anthony\AppData\Roaming\Malwarebytes
2009-04-11 01:22:14 ----D---- C:\ProgramData\Malwarebytes
2009-04-11 01:22:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-11 01:17:38 ----A---- C:\ComboFix.txt
2009-04-11 01:06:28 ----A---- C:\Windows\bdagent.INI
2009-04-11 00:47:52 ----D---- C:\Windows\ERDNT
2009-04-11 00:35:03 ----D---- C:sit
2009-04-11 00:35:03 ----D---- C:\Program Files	rend micro
2009-04-10 22:14:03 ----D---- C:\Windows\system32\Adobe
2009-03-27 17:59:41 ----A---- C:\Windows\system32\javaws.exe
2009-03-27 17:59:41 ----A---- C:\Windows\system32\javaw.exe
2009-03-27 17:59:41 ----A---- C:\Windows\system32\java.exe
2009-03-14 00:13:11 ----AT---- C:\Windows\system32\SIntfNT.dll
2009-03-14 00:13:11 ----AT---- C:\Windows\system32\SIntf32.dll
2009-03-14 00:13:11 ----AT---- C:\Windows\system32\SIntf16.dll
2009-03-13 23:56:35 ----A---- C:\Windows\ZeusIsUninst.Exe
2009-03-13 23:55:13 ----D---- C:\Sierra
2009-03-13 23:55:13 ----D---- C:\Program Files\Sierra On-Line
2009-03-13 23:54:55 ----A---- C:\Windows\SIERRA.INI
2009-03-13 23:54:45 ----A---- C:\Windows\IsUn040c.exe
2009-03-13 23:43:06 ----D---- C:\Program Files\Common Files\SWF Studio
2009-03-13 23:36:04 ----D---- C:\Users\Anthony\AppData\Roaming\dvdcss
2009-03-13 19:30:02 ----A---- C:\Windows\system32\wmp.dll
2009-03-13 19:30:01 ----A---- C:\Windows\system32\spwmp.dll
2009-03-13 19:30:00 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-13 19:30:00 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-13 19:29:35 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 1 months======

2009-04-11 01:36:35 ----D---- C:\Windows\system32\catroot2
2009-04-11 01:36:28 ----D---- C:\Windows\Temp
2009-04-11 01:36:07 ----D---- C:\Windows
2009-04-11 01:36:02 ----D---- C:\Windows\system32\fr-FR
2009-04-11 01:36:02 ----D---- C:\Windows\System32
2009-04-11 01:35:16 ----SHD---- C:\Windows\Installer
2009-04-11 01:35:13 ----D---- C:\Program Files\Java
2009-04-11 01:35:12 ----D---- C:\Program Files\Common Files
2009-04-11 01:34:56 ----SHD---- C:\System Volume Information
2009-04-11 01:22:18 ----D---- C:\Windows\system32\drivers
2009-04-11 01:22:14 ----HD---- C:\ProgramData
2009-04-11 01:22:13 ----RD---- C:\Program Files
2009-04-11 01:16:29 ----D---- C:\Windows\inf
2009-04-11 01:16:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-11 01:10:27 ----A---- C:\Windows\system.ini
2009-04-11 01:07:37 ----D---- C:\Windows\AppPatch
2009-04-11 00:20:10 ----D---- C:\Windows\system32\LogFiles
2009-04-11 00:13:46 ----D---- C:\Windows\Prefetch
2009-04-10 22:14:04 ----SD---- C:\Windows\Downloaded Program Files
2009-04-10 22:08:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-10 22:08:30 ----D---- C:\Program Files\CyberLink
2009-04-10 22:05:47 ----D---- C:\ProgramData\Adobe
2009-04-10 19:33:17 ----D---- C:\Windows\system32\Macromed
2009-03-22 21:19:17 ----D---- C:\Windows\system32\WDI
2009-03-21 18:06:15 ----D---- C:\Windows\Tasks
2009-03-21 18:06:15 ----D---- C:\Windows\system32\Tasks
2009-03-21 18:02:04 ----SD---- C:\Users\Anthony\AppData\Roaming\Microsoft
2009-03-13 23:26:48 ----D---- C:\Windows\winsxs
2009-03-13 23:13:10 ----D---- C:\Windows\system32\catroot
2009-03-13 23:11:32 ----D---- C:\Program Files\Windows Media Player
2009-03-13 23:11:32 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-03-27 137224]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 694784]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-04-10 104328]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-04-10 8832]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 1671680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 MGHwCtrl;MGHwCtrl; \??\C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
R4 catchme;catchme; \??\C:\Users\Anthony\AppData\Local\Temp\catchme.sys []
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2008-09-02 13056]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERSfcomm.sys [2006-11-02 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner	rufos.sys [2009-03-27 39936]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-30 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-10 415024]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro\o2flash.exe [2007-02-12 65536]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-10 1626112]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

Destrio5 · Answer

Ton PC va bien ?

tony624 · Answer

merci beaucoup 
jété sur lepoint de le restauré

tony624 · Answer

je fait koi de rsit et mbam

Destrio5 · Answer

1/

---> Désinstalle HijackThis.

---> Télécharge OTCleanIt sur ton Bureau :
* Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
* Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
* Redémarre ton PC comme demandé.


2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


Sois plus vigilant sur Internet ;)

tony624 · Answer

Merci

Virus???

24 réponses

Discussions similaires

Newsletters