Sujet Précédent Sujet Suivant

Petit triangle jaune

Fermé
Matleboss1991 Messages postés 7 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 7 avril 2008 - 7 avril 2008 à 16:29
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 7 avril 2008 à 20:37
Bonjour,
j'ai tout essayer (spybot;avast;smitfraudfix;ccleaner;clean)mais ce foutu triangle an anglais revient tout le temps j'en peut plus, de plus quand je tape des mots cléf dans la barre d'adresse internet il ne lé recherche plus dans google il affiche une page d'erreur.

voici le rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:46, on 07/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wmsdkns.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System\w98eject.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe

11 réponses

Réponse 1 / 11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 16:44
salut,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

+

un nouveau rapport hijack this stp

@+
0
Réponse 2 / 11
Matleboss1991 Messages postés 7 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 7 avril 2008
7 avril 2008 à 17:05
Merci de ta réponse voici le rapport:


ComboFix 08-04-06.1 - Moi 2008-04-07 16:59:34.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2678 [GMT 2:00]
Endroit: C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJHNSBEY\ComboFix[1].exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\180ax.exe
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\cdsm32.dll
C:\Windows\default.htm
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\saiemod.dll
C:\Windows\salm.exe
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\system32\msixu.dll
C:\Windows\system32\wer8274.dll
C:\Windows\TEMP\salm.exe
C:\Windows\updatetc.exe
C:\Windows\voiceip.dll

----- BITS: Possible sites infectés -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-07 15:58 . 2008-04-07 15:58 <REP> d-------- C:\Program Files\zango
2008-04-07 15:58 . 2008-04-07 15:58 <REP> d-------- C:\Program Files\stc
2008-04-07 15:58 . 2008-04-07 15:58 <REP> d-------- C:\Program Files\180solutions
2008-04-07 15:58 . 2008-04-07 15:58 <REP> d-------- C:\Program Files\180searchassistant
2008-04-07 15:58 . 2008-04-07 15:58 <REP> d-------- C:\Program Files\180search assistant
2008-04-07 15:20 . 2008-04-07 16:11 <REP> d-------- C:\Program Files\Navilog1
2008-04-07 14:57 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-07 14:57 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-07 14:57 . 2008-03-28 23:19 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-07 14:57 . 2008-03-26 08:50 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-07 14:57 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-07 14:57 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-07 14:45 . 2008-04-07 14:45 <REP> d-------- C:\Program Files\Trend Micro
2008-04-07 14:44 . 2008-04-07 14:44 <REP> d-------- C:\Program Files\Sysmnt
2008-04-07 14:35 . 2008-04-07 14:35 40,960 --a------ C:\tmp.hiv
2008-04-07 14:34 . 2008-04-07 14:34 277,965 --a------ C:\Pass2.cmd
2008-04-07 13:58 . 2008-04-07 13:58 <REP> d-------- C:\Program Files\Yahoo!
2008-04-07 13:58 . 2008-04-07 13:59 <REP> d-------- C:\Program Files\CCleaner
2008-04-07 13:57 . 2008-04-07 13:58 <REP> d-------- C:\Program Files\RegCleaner
2008-04-07 13:37 . 2008-04-07 15:55 2,050 --a------ C:\Windows\System32\tmp.reg
2008-04-07 13:37 . 2008-04-07 15:55 691 --a------ C:\Users\Moi\AppData\Roaming\GetValue.vbs
2008-04-07 13:37 . 2008-04-07 15:55 35 --a------ C:\Users\Moi\AppData\Roaming\SetValue.bat
2008-04-07 13:19 . 2008-04-07 13:19 <REP> d-------- C:\Users\Moi\AppData\Roaming\Malwarebytes
2008-04-07 13:17 . 2008-04-07 13:17 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-04-07 13:17 . 2008-04-07 13:17 <REP> d-------- C:\ProgramData\Malwarebytes
2008-04-07 13:17 . 2008-04-07 13:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 08:07 . 2008-04-07 13:32 <REP> d-------- C:\Program Files\a-squared Free
2008-04-07 08:06 . 2008-04-07 12:58 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-07 08:06 . 2008-04-07 12:58 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-07 08:06 . 2008-04-07 08:06 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 07:50 . 2008-04-07 15:23 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-07 07:50 . 2008-04-07 07:50 1,409 --a------ C:\Windows\QTFont.for
2008-04-05 16:31 . 2008-04-05 16:31 <REP> d-------- C:\Users\All Users\InstallShield
2008-04-05 16:31 . 2008-04-05 16:31 <REP> d-------- C:\ProgramData\InstallShield
2008-04-05 00:24 . 2008-04-05 00:24 91,561 --a------ C:\Windows\System32\wmsdkns.exe
2008-04-05 00:06 . 2008-04-05 00:06 <REP> d--hs---- C:\Windows\ftpcache
2008-03-31 19:14 . 2008-03-31 19:14 <REP> d-------- C:\Windows\Sun
2008-03-31 16:19 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-03-31 14:50 . 2008-04-06 23:29 49 --a------ C:\Windows\NeroDigital.ini
2008-03-30 20:36 . 2008-03-30 20:36 171,136 -rahs---- C:\grldr
2008-03-29 17:14 . 2008-03-29 17:14 <REP> d-------- C:\Users\Moi\AppData\Roaming\ma-config.com
2008-03-29 17:14 . 2008-03-29 17:14 <REP> d-------- C:\Program Files\ma-config.com
2008-03-27 09:16 . 2008-04-03 16:48 <REP> d-------- C:\Program Files\Speedball2 Demo
2008-03-27 09:12 . 2008-03-27 09:12 <REP> d-------- C:\Program Files\10TACLE STUDIOS
2008-03-26 15:04 . 2008-03-26 15:04 <REP> d-------- C:\Program Files\Eidos
2008-03-25 14:01 . 2008-03-25 18:15 <REP> d-------- C:\Program Files\Micro Application
2008-03-25 12:58 . 2008-03-25 12:58 <REP> d-------- C:\Program Files\Lighthouse Interactive
2008-03-20 20:50 . 2008-03-20 20:51 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-20 00:40 . 2008-03-20 00:40 50 --a------ C:\Windows\MegaManager.INI
2008-03-19 18:38 . 2008-03-19 18:38 <REP> d-------- C:\PerfLogs
2008-03-19 16:40 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-19 16:39 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-03-19 16:38 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-03-19 16:37 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-19 16:36 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-19 16:35 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-03-19 16:35 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-03-19 16:35 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-03-19 16:35 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-03-19 16:35 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-03-19 16:35 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-03-19 16:35 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-03-19 16:35 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-03-19 16:35 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-03-17 00:53 . 2008-03-17 00:53 <REP> d-------- C:\Windows\system\IOSUBSYS
2008-03-17 00:53 . 2008-03-17 00:53 <REP> d-------- C:\Program Files\Sigmatel
2008-03-17 00:53 . 2006-08-03 04:18 61,440 --a------ C:\Windows\system\w98eject.exe
2008-03-17 00:53 . 2006-08-03 04:17 14,560 --a------ C:\Windows\System32\drivers\Stums.sys
2008-03-17 00:53 . 2006-08-03 04:17 354 --a------ C:\Windows\System32\drivers\Stums.cat
2008-03-10 00:34 . 2008-03-10 00:34 <REP> d-------- C:\Program Files\Yamicsoft
2008-03-08 12:54 . 2008-03-12 01:23 <REP> d-------- C:\Program Files\PROMT5

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 14:52 --------- d-----w C:\Users\Moi\AppData\Roaming\DNA
2008-04-07 11:53 --------- d-----w C:\ProgramData\NVIDIA
2008-04-06 11:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 14:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-05 12:23 --------- d-----w C:\Program Files\Activision
2008-04-04 22:29 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-04-04 22:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-04 22:29 22,328 ----a-w C:\Users\Moi\AppData\Roaming\PnkBstrK.sys
2008-04-04 22:29 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-02 11:02 --------- d-----w C:\Program Files\Java
2008-03-26 13:04 418,480 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-26 13:04 115,432 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-25 16:13 --------- d-----w C:\Program Files\Ubisoft
2008-03-19 16:50 174 --sha-w C:\Program Files\desktop.ini
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Mail
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Journal
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Defender
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Calendar
2008-03-19 14:54 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-19 14:54 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-15 12:31 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-15 12:26 --------- d-----w C:\ProgramData\Nero
2008-03-12 09:38 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-05 11:36 --------- d-----w C:\Users\Moi\AppData\Roaming\TI-Nspire
2008-03-05 11:34 --------- d-----w C:\Users\Moi\AppData\Roaming\Texas Instruments
2008-03-05 11:25 --------- d-----w C:\Program Files\TI Education
2008-03-05 11:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-05 11:20 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-03-05 11:19 --------- d-----w C:\ProgramData\RNDIS
2008-03-03 22:17 --------- d-----w C:\ProgramData\GRAW2DemoSP
2008-03-03 22:11 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-03 22:09 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-03 22:05 --------- d-----w C:\Users\Moi\AppData\Roaming\InstallShield
2008-03-03 17:29 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-03-03 14:21 --------- d-----w C:\Program Files\Kylotonn Entertainment
2008-03-02 00:15 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-24 17:09 --------- d-----w C:\Program Files\Google
2008-02-23 13:45 --------- d-----w C:\Users\Moi\AppData\Roaming\TVU networks
2008-02-23 13:45 --------- d-----w C:\ProgramData\TVU networks
2008-02-16 12:57 --------- d-----w C:\Users\Moi\AppData\Roaming\BitTorrent
2008-02-16 12:40 --------- d-----w C:\Program Files\DNA
2008-02-16 12:03 --------- d-----w C:\Program Files\ElcomSoft
2008-02-16 11:56 --------- d-----w C:\Program Files\RAR Password Cracker
2008-02-14 15:02 --------- d-----w C:\Program Files\Ensemble clavier et souris sans fil Labtec
2008-02-13 13:38 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 13:28 --------- d-----w C:\Program Files\The Witcher
2008-02-11 14:53 --------- d-----w C:\Program Files\eChanblard
2008-01-31 10:40 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-01-31 10:40 290,816 ------w C:\Windows\Setup1.exe
2008-01-28 21:32 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-19 06:14 925,184 ----a-w C:\Windows\System32\FXSRESM.dll
2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-08-03 13:51 1422632]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-30 20:35 288576]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 18:01 4431872 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-04 19:22 1822720 C:\Windows\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Activer l'ensemble clavier et souris sans fil Labtec.lnk - C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe [2008-02-14 17:02:28 258048]
w98Eject.lnk - C:\Windows\System\w98eject.exe [2008-03-17 00:53:49 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"Logoff"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoRun"= 0 (0x0)
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Logoff"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoRun"= 0 (0x0)
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{149D6482-6EDC-4230-93EA-3F796E4CED4C}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{15A4AE1E-A19A-44F4-B762-4DAE228C2DB9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{AB339B62-EC6E-4563-B2DA-B3982825EF4F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{266C9913-B4C6-41CC-8D56-C9062ED6492C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B49FB02A-2CE8-4963-8DAE-F15BC54562F4}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{E62C9170-5B7A-44B1-93AA-CCF6F683D4BC}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"{714FCC69-BCAB-4462-9275-5BE8019CE499}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8ED04EC9-EDC5-4945-B2BB-9EE0BDD84449}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{E7C80232-8A9C-4193-BB47-19A296305085}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{48A88120-FC02-46C7-9C16-69ECF7E76D5B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{78B3201F-CAB6-4A14-B3B3-E93EACA22CD2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{87331382-7390-488B-82DB-08BEF364AFE3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E739351C-9978-4DE0-A0A1-C8A765DC0C4E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2423DBC6-68FE-43EC-868C-E39D789F4ACD}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{87949928-C2C7-45F9-8E04-DB29E76FDCA1}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{8D8F481D-FE1D-4D3D-979E-4DEFDE7DA6D5}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E9CA980B-AAD3-471C-A967-A5F06454B75C}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{E605CE9A-9EBC-434F-AB29-95D08602A327}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{74115B70-D641-429B-BC1A-D785E8C9CB42}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{740886BA-8CD0-4C95-A0C3-8D0E0E940CCE}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{3ACE5508-64EF-472D-821D-A75E14C74FB4}"= UDP:C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2 Demo SP\graw2.exe:Ghost Recon Advanced Warfighter® 2 Demo SP
"{DC634112-E171-4C31-B9CA-442C03CD2D60}"= TCP:C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2 Demo SP\graw2.exe:Ghost Recon Advanced Warfighter® 2 Demo SP
"{ADA4985B-3318-4DB8-806D-165A9A04D197}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C9DEC5FD-F32B-49FD-AF1D-A92CB3C470AE}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{94987069-3CF0-44ED-AB9C-65C649549A1A}"= UDP:C:\Program Files\Eidos\Conflict Denied Ops Demo\ConflictDeniedOps.exe:Conflict: Denied Ops Demo
"{7C413A94-C48A-45FD-B5CB-1E975886585E}"= TCP:C:\Program Files\Eidos\Conflict Denied Ops Demo\ConflictDeniedOps.exe:Conflict: Denied Ops Demo
"TCP Query User{7B093708-BAD6-419B-B619-018E9C6D2D45}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E6D7475D-E677-4002-8D8D-F51ECA1CB70E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 moufiltr;Mouse Filter Drive;C:\Windows\system32\drivers\moufiltr.sys [2003-01-23 15:29]
R2 66228;66228;C:\Windows\System32\66228.sys [2008-01-11 20:52]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-06-27 07:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
S3 USBTINSP;TI-Nspire(TM) Handheld Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys [2007-09-28 10:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ddcdf7d-d2e8-11dc-85bf-001bfcfe7592}]
\shell\AutoRun\command - G:\PreyLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79066406-a549-11db-93be-001bfcfe7592}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-06 22:00:19 C:\Windows\Tasks\User_Feed_Synchronization-{027C974E-2FE4-4092-B576-F1BADCD232F3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 17:01:32
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-07 17:01:51
ComboFix-quarantined-files.txt 2008-04-07 15:01:49
Pre-Run: 128,897,884,160 octets libres
Post-Run: 128,855,564,288 octets libres
.
2008-04-06 11:39:33 --- E O F ---
0
Réponse 3 / 11
thev Messages postés 1851 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 15 avril 2024 681
7 avril 2008 à 17:08
j'ai été victime du même spyware . Le responsable est : D:\WINDOWS\system32\wmsdkns.exe.

Il est particulièrement malicieux :
1- une fois installé en mémoire, il désactive systématiquement le gestionnaire de tâches de Windows,
2- il a l'outrecuidance de se charger également en "mode sans échec" grâce au winlogon :
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\wmsdkns.exe
3- cette valeur du registre Windows même si elle est supprimée, est systématiquement rechargée

La solution est simple :
1- arrêter le processus : wmsdkns.exe, (impossible par le gestionnaire de tâches windows car désactivé) en utilisant le programme "Starter" (https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/starter.html
2- supprimer alors ce programme
3- effectuer dans Hijackthis, Fix checked sur :
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\wmsdkns.exe
BHO : noname1 message(s) posté(s) depuis le lundi 7 avril 2008
0
Réponse 4 / 11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 17:12
ok la suite :

Copie le texte ci-dessous :

File::
C:\grldr
C:\Windows\System32\gpprefcl.dll
C:\Windows\System32\66228.sys

Folder::
C:\Program Files\zango
C:\Program Files\stc
C:\Program Files\180solutions
C:\Program Files\180searchassistant
C:\Program Files\180search assistant

Driver::
66228

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
Matleboss1991 Messages postés 7 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 7 avril 2008
7 avril 2008 à 17:29
voila je n'ai plus de probleme mais voila les rapport:

combofix:
ComboFix 08-04-06.1 - Moi 2008-04-07 17:19:18.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2574 [GMT 2:00]
Endroit: C:\Users\Moi\Desktop\ComboFix.exe
Command switches used :: C:\Users\Moi\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\grldr
C:\Windows\System32\66228.sys
C:\Windows\System32\gpprefcl.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\grldr
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\Windows\180ax.exe
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\cdsm32.dll
C:\Windows\default.htm
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\saiemod.dll
C:\Windows\salm.exe
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\System32\66228.sys
C:\Windows\system32\msixu.dll
C:\Windows\system32\wer8274.dll
C:\Windows\TEMP\salm.exe
C:\Windows\updatetc.exe
C:\Windows\voiceip.dll
C:\Windows\System32\gpprefcl.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-07 15:20 . 2008-04-07 16:11 <REP> d-------- C:\Program Files\Navilog1
2008-04-07 14:57 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-07 14:57 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-07 14:57 . 2008-03-28 23:19 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-07 14:57 . 2008-03-26 08:50 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-07 14:57 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-07 14:57 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-07 14:45 . 2008-04-07 14:45 <REP> d-------- C:\Program Files\Trend Micro
2008-04-07 14:44 . 2008-04-07 14:44 <REP> d-------- C:\Program Files\Sysmnt
2008-04-07 14:35 . 2008-04-07 14:35 40,960 --a------ C:\tmp.hiv
2008-04-07 14:34 . 2008-04-07 14:34 277,965 --a------ C:\Pass2.cmd
2008-04-07 13:58 . 2008-04-07 13:58 <REP> d-------- C:\Program Files\Yahoo!
2008-04-07 13:58 . 2008-04-07 13:59 <REP> d-------- C:\Program Files\CCleaner
2008-04-07 13:57 . 2008-04-07 13:58 <REP> d-------- C:\Program Files\RegCleaner
2008-04-07 13:37 . 2008-04-07 15:55 2,050 --a------ C:\Windows\System32\tmp.reg
2008-04-07 13:37 . 2008-04-07 15:55 691 --a------ C:\Users\Moi\AppData\Roaming\GetValue.vbs
2008-04-07 13:37 . 2008-04-07 15:55 35 --a------ C:\Users\Moi\AppData\Roaming\SetValue.bat
2008-04-07 13:19 . 2008-04-07 13:19 <REP> d-------- C:\Users\Moi\AppData\Roaming\Malwarebytes
2008-04-07 13:17 . 2008-04-07 13:17 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-04-07 13:17 . 2008-04-07 13:17 <REP> d-------- C:\ProgramData\Malwarebytes
2008-04-07 13:17 . 2008-04-07 13:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 08:07 . 2008-04-07 13:32 <REP> d-------- C:\Program Files\a-squared Free
2008-04-07 08:06 . 2008-04-07 12:58 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-07 08:06 . 2008-04-07 12:58 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-07 08:06 . 2008-04-07 08:06 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 07:50 . 2008-04-07 15:23 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-07 07:50 . 2008-04-07 07:50 1,409 --a------ C:\Windows\QTFont.for
2008-04-05 16:31 . 2008-04-05 16:31 <REP> d-------- C:\Users\All Users\InstallShield
2008-04-05 16:31 . 2008-04-05 16:31 <REP> d-------- C:\ProgramData\InstallShield
2008-04-05 00:06 . 2008-04-05 00:06 <REP> d--hs---- C:\Windows\ftpcache
2008-03-31 19:14 . 2008-03-31 19:14 <REP> d-------- C:\Windows\Sun
2008-03-31 16:19 . 2008-04-07 17:20 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-03-31 14:50 . 2008-04-07 17:14 49 --a------ C:\Windows\NeroDigital.ini
2008-03-29 17:14 . 2008-03-29 17:14 <REP> d-------- C:\Users\Moi\AppData\Roaming\ma-config.com
2008-03-29 17:14 . 2008-03-29 17:14 <REP> d-------- C:\Program Files\ma-config.com
2008-03-27 09:16 . 2008-04-03 16:48 <REP> d-------- C:\Program Files\Speedball2 Demo
2008-03-27 09:12 . 2008-03-27 09:12 <REP> d-------- C:\Program Files\10TACLE STUDIOS
2008-03-26 15:04 . 2008-03-26 15:04 <REP> d-------- C:\Program Files\Eidos
2008-03-25 14:01 . 2008-03-25 18:15 <REP> d-------- C:\Program Files\Micro Application
2008-03-25 12:58 . 2008-03-25 12:58 <REP> d-------- C:\Program Files\Lighthouse Interactive
2008-03-20 20:50 . 2008-03-20 20:51 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-20 00:40 . 2008-03-20 00:40 50 --a------ C:\Windows\MegaManager.INI
2008-03-19 18:38 . 2008-03-19 18:38 <REP> d-------- C:\PerfLogs
2008-03-19 16:40 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-19 16:39 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-03-19 16:38 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-03-19 16:37 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-19 16:36 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-19 16:35 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-03-19 16:35 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-03-19 16:35 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-03-19 16:35 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-03-19 16:35 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-03-19 16:35 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-03-19 16:35 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-03-19 16:35 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-03-19 16:35 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-03-17 00:53 . 2008-03-17 00:53 <REP> d-------- C:\Windows\system\IOSUBSYS
2008-03-17 00:53 . 2008-03-17 00:53 <REP> d-------- C:\Program Files\Sigmatel
2008-03-17 00:53 . 2006-08-03 04:18 61,440 --a------ C:\Windows\system\w98eject.exe
2008-03-17 00:53 . 2006-08-03 04:17 14,560 --a------ C:\Windows\System32\drivers\Stums.sys
2008-03-17 00:53 . 2006-08-03 04:17 354 --a------ C:\Windows\System32\drivers\Stums.cat
2008-03-10 00:34 . 2008-03-10 00:34 <REP> d-------- C:\Program Files\Yamicsoft
2008-03-08 12:54 . 2008-03-12 01:23 <REP> d-------- C:\Program Files\PROMT5

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 15:20 --------- d-----w C:\Users\Moi\AppData\Roaming\DNA
2008-04-07 11:53 --------- d-----w C:\ProgramData\NVIDIA
2008-04-06 11:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 14:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-05 12:23 --------- d-----w C:\Program Files\Activision
2008-04-04 22:29 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-04 22:29 22,328 ----a-w C:\Users\Moi\AppData\Roaming\PnkBstrK.sys
2008-04-02 11:02 --------- d-----w C:\Program Files\Java
2008-03-25 16:13 --------- d-----w C:\Program Files\Ubisoft
2008-03-19 16:50 174 --sha-w C:\Program Files\desktop.ini
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Mail
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Journal
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Defender
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-19 16:42 --------- d-----w C:\Program Files\Windows Calendar
2008-03-15 12:31 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-15 12:26 --------- d-----w C:\ProgramData\Nero
2008-03-12 09:38 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-05 11:36 --------- d-----w C:\Users\Moi\AppData\Roaming\TI-Nspire
2008-03-05 11:34 --------- d-----w C:\Users\Moi\AppData\Roaming\Texas Instruments
2008-03-05 11:25 --------- d-----w C:\Program Files\TI Education
2008-03-05 11:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-05 11:20 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-03-05 11:19 --------- d-----w C:\ProgramData\RNDIS
2008-03-03 22:17 --------- d-----w C:\ProgramData\GRAW2DemoSP
2008-03-03 22:11 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-03 22:09 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-03 22:05 --------- d-----w C:\Users\Moi\AppData\Roaming\InstallShield
2008-03-03 17:29 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-03-03 14:21 --------- d-----w C:\Program Files\Kylotonn Entertainment
2008-03-02 00:15 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-24 17:09 --------- d-----w C:\Program Files\Google
2008-02-23 13:45 --------- d-----w C:\Users\Moi\AppData\Roaming\TVU networks
2008-02-23 13:45 --------- d-----w C:\ProgramData\TVU networks
2008-02-16 12:57 --------- d-----w C:\Users\Moi\AppData\Roaming\BitTorrent
2008-02-16 12:40 --------- d-----w C:\Program Files\DNA
2008-02-16 12:03 --------- d-----w C:\Program Files\ElcomSoft
2008-02-16 11:56 --------- d-----w C:\Program Files\RAR Password Cracker
2008-02-14 15:02 --------- d-----w C:\Program Files\Ensemble clavier et souris sans fil Labtec
2008-02-13 13:28 --------- d-----w C:\Program Files\The Witcher
2008-02-11 14:53 --------- d-----w C:\Program Files\eChanblard
2008-01-31 10:40 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-01-31 10:40 290,816 ------w C:\Windows\Setup1.exe
2008-01-19 07:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-19 07:33 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-19 07:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-19 07:33 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-19 07:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-19 07:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-19 07:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-19 07:33 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-19 07:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-19 07:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-19 07:33 151,040 ----a-w C:\Windows\notepad.exe
2008-01-19 07:33 134,656 ----a-w C:\Windows\regedit.exe
2008-01-19 07:33 13,312 ----a-w C:\Windows\fveupdate.exe
2008-01-10 22:00 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-01-10 22:00 315,392 ----a-w C:\Windows\HideWin.exe
2007-12-17 21:29 4,699,360 ----a-w C:\Users\Moi\Crysis.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-07_17.01.45,24 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-07 14:12:30 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-07 15:21:46 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-07 14:14:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-07 15:22:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-07 15:22:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-07 14:58:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-07 15:18:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-07 14:14:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-07 15:22:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-07 15:22:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-07 14:30:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-07 15:11:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-07 14:30:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-07 15:11:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-07 14:30:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-07 15:11:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-08-03 13:51 1422632]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-30 20:35 288576]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 18:01 4431872 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-04 19:22 1822720 C:\Windows\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Activer l'ensemble clavier et souris sans fil Labtec.lnk - C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe [2008-02-14 17:02:28 258048]
w98Eject.lnk - C:\Windows\System\w98eject.exe [2008-03-17 00:53:49 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"Logoff"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoRun"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Logoff"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{149D6482-6EDC-4230-93EA-3F796E4CED4C}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{15A4AE1E-A19A-44F4-B762-4DAE228C2DB9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{AB339B62-EC6E-4563-B2DA-B3982825EF4F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{266C9913-B4C6-41CC-8D56-C9062ED6492C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B49FB02A-2CE8-4963-8DAE-F15BC54562F4}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{E62C9170-5B7A-44B1-93AA-CCF6F683D4BC}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"{714FCC69-BCAB-4462-9275-5BE8019CE499}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8ED04EC9-EDC5-4945-B2BB-9EE0BDD84449}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{E7C80232-8A9C-4193-BB47-19A296305085}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{48A88120-FC02-46C7-9C16-69ECF7E76D5B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{78B3201F-CAB6-4A14-B3B3-E93EACA22CD2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{87331382-7390-488B-82DB-08BEF364AFE3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E739351C-9978-4DE0-A0A1-C8A765DC0C4E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2423DBC6-68FE-43EC-868C-E39D789F4ACD}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{87949928-C2C7-45F9-8E04-DB29E76FDCA1}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{8D8F481D-FE1D-4D3D-979E-4DEFDE7DA6D5}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E9CA980B-AAD3-471C-A967-A5F06454B75C}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{E605CE9A-9EBC-434F-AB29-95D08602A327}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{74115B70-D641-429B-BC1A-D785E8C9CB42}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{740886BA-8CD0-4C95-A0C3-8D0E0E940CCE}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{3ACE5508-64EF-472D-821D-A75E14C74FB4}"= UDP:C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2 Demo SP\graw2.exe:Ghost Recon Advanced Warfighter® 2 Demo SP
"{DC634112-E171-4C31-B9CA-442C03CD2D60}"= TCP:C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2 Demo SP\graw2.exe:Ghost Recon Advanced Warfighter® 2 Demo SP
"{ADA4985B-3318-4DB8-806D-165A9A04D197}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C9DEC5FD-F32B-49FD-AF1D-A92CB3C470AE}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{94987069-3CF0-44ED-AB9C-65C649549A1A}"= UDP:C:\Program Files\Eidos\Conflict Denied Ops Demo\ConflictDeniedOps.exe:Conflict: Denied Ops Demo
"{7C413A94-C48A-45FD-B5CB-1E975886585E}"= TCP:C:\Program Files\Eidos\Conflict Denied Ops Demo\ConflictDeniedOps.exe:Conflict: Denied Ops Demo
"TCP Query User{7B093708-BAD6-419B-B619-018E9C6D2D45}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E6D7475D-E677-4002-8D8D-F51ECA1CB70E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 moufiltr;Mouse Filter Drive;C:\Windows\system32\drivers\moufiltr.sys [2003-01-23 15:29]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-06-27 07:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 09:30]
S3 USBTINSP;TI-Nspire(TM) Handheld Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys [2007-09-28 10:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ddcdf7d-d2e8-11dc-85bf-001bfcfe7592}]
\shell\AutoRun\command - G:\PreyLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79066406-a549-11db-93be-001bfcfe7592}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-06 22:00:19 C:\Windows\Tasks\User_Feed_Synchronization-{027C974E-2FE4-4092-B576-F1BADCD232F3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 17:22:26
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\system32\conime.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\AstSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\UAService7.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 17:26:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 15:26:28
ComboFix2.txt 2008-04-07 15:01:52
Pre-Run: 133,661,876,224 octets libres
Post-Run: 133,926,617,088 octets libres
.
2008-04-06 11:39:33 --- E O F ---


hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:51, on 07/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System\w98eject.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon888.free.fr/plugins/hardwaredetection_2_0_4_13.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
0
Réponse 6 / 11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 17:40
re,

ce n´est pas encore terminé :

renomme ceci : C:\Windows\System32\gpprefcl.dll en gpprefcl.zzz > si tu rencontre des difficultés apres le renommage tu le renommera en gpprefcl.dll

puis

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

@+
0
Réponse 7 / 11
Matleboss1991 Messages postés 7 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 7 avril 2008
7 avril 2008 à 17:59
CRC failed in basic\mfc71u.dll
Unexpected end of archive

voila antivir ne s'instale pas de plus je c'est pas si c'est réparable mais internet explorer ne marche plus comme avant(recherche par mots clé)
0
Réponse 8 / 11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 18:06
tu n´as pas reussi a faire le fix reg ?
antivir ne s´instale pas pourquoi ?
@+
0
Matleboss1991 Messages postés 7 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 7 avril 2008
7 avril 2008 à 18:09
j'ai fait le fix reg et il a marcher
0
Réponse 9 / 11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 18:15
ok

c´est quoi que tu appele recherche par mot cle

qu´est ce qu´il te dit antivir ?

@+
0
Matleboss1991 Messages postés 7 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 7 avril 2008
7 avril 2008 à 18:25
dans la barre d'adresse je taper das mot comme dans google et sa m'ouvrer une recherche google avec ces mots

et quand j'ouvre l'instalateur antivir il me met sa
Extracting eula.txt
Extracting readme.txt
Extracting basic\addr_file.html
Extracting filelist.ini
Extracting product.ini
Extracting basic\vista64\avgntflt.inf
Extracting basic\avipbb.inf
Extracting basic\ssmdrv.inf
Extracting basic\avadmin.exe
Extracting basic\avcenter.exe
Extracting basic\avconfig.exe
Extracting basic\avgnt.exe
Extracting basic\avguard.exe
Extracting basic\avnotify.exe
Extracting basic\avscan.exe
Extracting basic\guardgui.exe
Extracting basic\imp64b.exe
Extracting basic\licmgr.exe
Extracting basic\preupd.exe
Extracting basic\sched.exe
Extracting basic\setup.exe
Extracting basic\update.exe
Extracting basic\wsctool.exe
Extracting basic\avarkt.dll
Extracting basic\avconfig.dll
Extracting basic\avevtlog.dll
Extracting basic\avewin32.dll
Extracting basic\avgio.dll
Extracting basic\avinet.dll
Extracting basic\avipc.dll
Extracting basic\avnotify.dll
Extracting basic\avpack32.dll
Extracting basic\avpref.dll
Extracting basic\AVReg.dll
Extracting basic\avrep.dll
Extracting basic\avscan.dll
Extracting basic\avwinll.dll
Extracting basic\ccev.dll
Extracting basic\ccevrc.dll
Extracting basic\ccgen.dll
Extracting basic\ccgenrc.dll
Extracting basic\ccgrdrc.dll
Extracting basic\ccguard.dll
Extracting basic\cclib.dll
Extracting basic\cclic.dll
Extracting basic\cclicrc.dll
Extracting basic\ccmainrc.dll
Extracting basic\ccmsg.dll
Extracting basic\ccprofil.dll
Extracting basic\ccquamgr.dll
Extracting basic\ccquarc.dll
Extracting basic\ccreporc.dll
Extracting basic\ccreport.dll
Extracting basic\ccscanrc.dll
Extracting basic\ccsched.dll
Extracting basic\ccscherc.dll
Extracting basic\ccupdate.dll
Extracting basic\ccupdrc.dll
Extracting guardevt.dll
Extracting basic\guardmsg.dll
Extracting basic\licmgr.dll
Extracting basic\luke.dll
Extracting basic\lukeres.dll
Extracting basic\mfc71u.dll
CRC failed in basic\mfc71u.dll
Unexpected end of archive
0
Réponse 10 / 11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 18:38
re,

la barre d´adresse est faite pour mettre une adresse ?!

pouer antivir :

essaie de le reprendre :

http://www.commentcamarche.net/telecharger/telechargement 55 antivir

et reessaie

@+
0
Matleboss1991 Messages postés 7 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 7 avril 2008
7 avril 2008 à 20:27
AntiVir PersonalEdition Classic
Report file date: lundi 7 avril 2008 18:47

Scanning for 1185187 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Username: SYSTEM
Computer name: MATRIX666

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:45:23
ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 07/04/2008 16:45:23
ANTIVIR3.VDF : 7.0.3.130 10240 Bytes 07/04/2008 16:45:23
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 07/04/2008 16:45:23
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 07/04/2008 16:45:23
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: lundi 7 avril 2008 18:47

Starting search for hidden objects.
'73405' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'UAService7.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'AstSrv.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'w98eject.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'aaCenter.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '15' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
[DETECTION] Contains detection pattern of the dropper DR/Pakes.cgn.1
[INFO] The file was deleted!
C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
[DETECTION] Contains detection pattern of the dropper DR/Pakes.cgn.4
[INFO] The file was deleted!
C:\ProgramData\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '485d616e.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '485d6171.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48636181.qua'!
C:\ProgramData\Spybot - Search & Destroy\Recovery\Zango2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '48686178.qua'!
C:\Users\Moi\Desktop\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.75
[INFO] The file was deleted!
C:\Users\Moi\Downloads\Navilog1.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.74
[INFO] The file was deleted!
C:\Windows\System32\gpprefcl.dll
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[WARNING] The file could not be deleted!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\Windows\winsxs\x86_microsoft-windows-g..ppolicy-policymaker_31bf3856ad364e35_6.0.6001.18034_none_372cc6574910ad11\gpprefcl.dll
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[WARNING] The file could not be deleted!


End of the scan: lundi 7 avril 2008 20:25
Used time: 1:37:50 min

The scan has been done completely.

17252 Scanning directories
676143 Files were scanned
6 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
4 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
676137 Files not concerned
4718 Archives were scanned
4 Warnings
1 Notes
73405 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 11 / 11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 20:37
re,

renomme ces deux fichiers :

C:\Windows\winsxs\x86_microsoft-windows-g..ppolicy-policymaker_31bf3856ad364e35_6.0.6001.1­8034_none_372cc6574910ad11\gpprefcl.dll

et

C:\Windows\System32\gpprefcl.dll

en gpprefcl.zzz

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «Ok» pour valider les changements.

Et appliquer !

pour les trouver

dis moi quoi

@+
0

Discussions similaires

petit colis
tina -
Utilisateur anonyme -

6 réponses
comment écrire des petits chiffres ?
Elisa-x3 -
Luka_65 -

9 réponses
Comment faire du jaune avec la peinture?
Céline -
Kenzouj -

17 réponses
Autoradio et mémoire : fils jaune et rouge
Poupoupidoo -
Sunka63 -

6 réponses
Dimensions L x l x H : comment lire ces infos ?
Miss-Curieuse -
valou -

8 réponses