rapport hijackhisRésolu/Fermé

Question

Bonjour,
je suis infecté par un virus, pouvez vous me dire si je dois quelques lignes du rapport hijackthis suivant : Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 18:28, on 2008-12-11 
Platform: Windows Vista SP1 (WinNT 6.00.1905) 
MSIE: Internet Explorer v7.00 (7.00.6001.18000) 
Boot mode: Safe mode with network support 

Running processes: 
C:\Windows\Explorer.EXE 
c:\program files\avira\antivir personaledition classic\avscan.exe 
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 
C:\Program Files\AVG\AVG8\avgscanx.exe 
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 
C:\Windows\system32\cmd.exe 
C:\Windows\system32\findstr.exe 
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/... 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll 
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll 
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll 
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe 
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" 
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe 
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" 
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" 
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start 
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" 
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe 
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" 
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" 
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart 
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup 
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit 
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe 
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin
pjpi160_07.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin
pjpi160_07.dll 
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) 
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) 
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL 
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll 
O20 - AppInit_DLLs: avgrsstx.dll 
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) 
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe 
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe 
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe 
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe 
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe 
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe 
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe 
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe 
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe 
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe 
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe 


merci d'avance

Utilisateur anonyme · Answer

Bonjour

Hijakthis doit être exécuté en mode normal si possible.
Inutile d'avoir plusieus anti-virus ;-)

nico6566 · Answer

ok je vais le refaire en mode normal

nico6566 · Answer

le voici: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:27, on 11/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Readereader_sl.exe
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

Utilisateur anonyme · Answer

Rien à signaler, mis à part que tu devais désinstaller un anti-virus AntiVir ou AVG au choix.
Pense à mettre à jour ta version de Java et désinstaller toutes les anciennes versions présentes dans ajouter/supprimer des programmes.
https://www.java.com/fr/download/manual.jsp

nico6566 · Answer

donc que puis je faire si antivir, avg, spybot, hijackthis, combofix, lopsd, malware ne m'ont pas reparer mon ordi??

Utilisateur anonyme · Answer

Aucun des logiciels qur tu cites ne vont réparer ton ordinateur.
Tu dis être infecté par un virus, comment le sais-tu ? Quel logiciel te l'a indiqué ? Où se situe le "virus" détecté ? Explique nous tes problèmes clairement ce sera un plus pour l'aide que tu reçevras ;-)

nico6566 · Answer

alors je suis sur d'avoir un virus car en recuperant mon ordi (apres le passage de mon fils) je me suis aperçu qu'il n'y avait plus d'internet.
je redemarre, mon pc ne detecte aucun reseau et je m'âperçois que l'icone avast a disparu!!!!
je double clique sur le raccourci du bureau, est la il me dit que ce n'est pas une application win32 valable
je comprend donc qu'il s'agit d'un virus qui m'empeche d'utiliser avast et internet.
Mais ce n'est pas tout,certains logiciels de nettoyage ne veulent pas s'ouvrir.
je decide donc d'enlever avast et de le remplacer par antivir mais apres avoir fait un test, rien a signaler.
pareil pour spybot, anti malware.
Je décide de me renseigner alors et je vois que comfix reviens souvent.
je le renomme comme indiqué il redemarre mais le virus est toujours la!!!
Que dois je faire?!!!
merci d'avance

Utilisateur anonyme · Answer

As-tu essayé la restauration du système ? Essaie pour voir !
Le cas échéant exécute à nouveau Combofix et colle tous les rapports ici.

nico6566 · Answer

alors pour la restauration du systeme la seule qui existe date d'avant hier donc elle me sert a rien et je ois faire les scans en mode normal ou sans echec?

Utilisateur anonyme · Answer

En mode normal :-)

nico6566 · Answer

ok alors pour l'instant.
malware et spybot 0 probleme
que dois je faire maintenant?

Utilisateur anonyme · Answer

J'attends les rapports de Combofix voir mon message au chiffre 8 ;-)

nico6566 · Answer

oups désolé, tiens voila mon rapport combo: ComboFix 08-12-09.03 - Nicolas 2008-12-13 10:56:51.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1983 [GMT 1:00] Lancé depuis: c:\users\Nicolas\Desktop est1.exe * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 )))))))))))))))))))))))))))))))))))) . 2008-12-13 00:40 . 2008-11-06 02:03 d-------- C:\SDFix 2008-12-13 00:39 . 2008-12-13 00:39 d-------- C: sit 2008-12-12 22:38 . 2008-12-12 22:38 d-------- C:\Temp 2008-12-09 20:34 . 2008-12-12 17:32 d-------- c:\users\All Users\Avira 2008-12-09 20:34 . 2008-12-09 20:34 d-------- c:\program files\Avira 2008-12-09 20:34 . 2008-12-12 17:32 d-------- c:\progra~2\Avira 2008-12-09 17:24 . 2008-12-09 19:12 d--h----- C:\$AVG8.VAULT$ 2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\windows\System32\drivers\Avg 2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\users\All Users\avg8 2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\program files\AVG 2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\progra~2\avg8 2008-12-09 17:08 . 2008-12-09 17:08 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys 2008-12-09 17:08 . 2008-12-09 17:08 10,520 --a------ c:\windows\System32\avgrsstx.dll 2008-12-09 15:45 . 2008-12-09 15:45 0 --ah----- C: tuser.dat.LOG2 2008-12-09 15:45 . 2008-12-09 15:45 0 --ah----- C: tuser.dat.LOG1 2008-12-09 15:45 . 2008-12-09 15:45 0 --a------ C: tuser.dat 2008-12-07 20:33 . 2008-12-11 18:25 d-------- c:\program files\Navilog1 2008-12-07 20:33 . 2008-12-11 18:53 d-------- c:\program files\FindyKill 2008-12-07 20:33 . 2008-12-13 00:43 d-------- C:\Lop SD 2008-12-07 16:37 . 2008-12-07 16:37 d-------- c:\users\All Users\WindowsSearch 2008-12-07 16:37 . 2008-12-07 16:37 d-------- c:\progra~2\WindowsSearch 2008-12-07 16:31 . 2008-12-07 21:16 d-------- c:\program files\Trend Micro 2008-12-07 13:21 . 2008-12-07 13:21 61,440 --a------ c:\windows\System32\drivers brp.sys 2008-12-06 17:30 . 2008-12-06 17:30 61,440 --a------ c:\windows\System32\drivers\htviku.sys 2008-12-06 14:03 . 2008-12-06 14:03 61,440 --a------ c:\windows\System32\drivers\iuxjcxm.sys 2008-11-30 18:36 . 2008-11-30 19:45 d-------- c:\program files\Stellar Phoenix Windows Data Recovery 2008-11-30 18:36 . 1998-06-24 00:00 260,920 --a------ c:\windows\System32\MSDATGRD.OCX 2008-11-30 18:36 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe 2008-11-30 18:36 . 2006-03-01 02:10 69,632 --a------ c:\windows\System32\Crypserv.exe 2008-11-30 18:36 . 2006-01-10 03:47 31,846 --a------ c:\windows\System32\Ckldrv.sys 2008-11-30 18:36 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe 2008-11-30 18:36 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll 2008-11-30 18:36 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe 2008-11-30 18:36 . 2008-11-30 18:36 1,680 --a------ c:\windows\System32\esnecil.nlp 2008-11-30 18:36 . 2008-12-01 12:27 1,680 --a------ c:\windows\System32\esnecil.ind 2008-11-30 18:36 . 2008-11-30 18:36 71 --a------ c:\windows\Crypkey.ini 2008-11-30 18:36 . 2008-11-30 18:36 4 --a------ c:\windows\vx86036.dat 2008-11-29 00:45 . 2008-11-29 00:45 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 00:45 . 2008-11-29 00:45 d-------- c:\program files\iTunes 2008-11-29 00:45 . 2008-11-29 00:45 d-------- c:\program files\iPod 2008-11-29 00:45 . 2008-11-29 00:45 d-------- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 00:45 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-11-29 00:45 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-11-29 00:42 . 2008-11-29 00:43 d-------- c:\program files\QuickTime 2008-11-29 00:32 . 2008-11-29 00:32 d-------- c:\program files\Apple Software Update 2008-11-28 13:14 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-28 13:14 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-28 13:14 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-28 13:14 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-28 13:14 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-14 17:02 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-14 17:02 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-14 17:02 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-14 17:02 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-14 17:01 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-14 17:01 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-14 17:01 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-14 17:01 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-14 17:01 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-13 17:17 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-13 17:17 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-13 17:17 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 23:49 48,605 ----a-w c:\users\Nicolas\AppData\Roaming vModes.dat 2008-12-12 22:59 --------- d-----w c:\program files\Windows Photo Gallery 2008-12-12 22:59 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-12 22:59 --------- d-----w c:\program files\Glary Utilities 2008-12-12 22:59 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2008-12-08 19:50 --------- d-----w c:\program files\Common Files\LightScribe 2008-12-07 15:51 --------- d-----w c:\program files\RogueRemover FREE 2008-12-06 13:56 --------- d-----w c:\program files\Windows Live Safety Center 2008-12-06 13:03 598 ----a-w c:\program files\ckec.txt 2008-12-05 15:52 --------- d-----w c:\program files\SpeedFan 2008-11-28 23:45 --------- d-----w c:\program files\Common Files\Apple 2008-11-28 23:45 --------- d-----w c:\progra~2\Apple Computer 2008-11-28 23:44 --------- d-----w c:\program files\Bonjour 2008-11-19 18:19 --------- d-----w c:\progra~2\Microsoft Help 2008-11-10 23:23 --------- d-----w c:\program files\Sports Interactive 2008-11-10 17:11 --------- d-----w c:\program files\VirtualDJ 2008-11-10 14:45 --------- d-----w c:\program files\XBox 360 Controller for Windows Software 2008-11-10 14:44 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2008-11-09 21:11 --------- d-----w c:\users\Nicolas\AppData\Roaming\Sports Interactive 2008-11-09 21:11 --------- d-----w c:\progra~2\Sports Interactive 2008-11-09 09:56 --------- d-----w c:\users\Nicolas\AppData\Roaming\Pioneer 2008-11-09 09:52 56,176,554 ----a-w c:\windows\System32\xa1487937.exe 2008-11-09 09:52 56,176,554 ----a-w c:\windows\System32\xa1478951.exe 2008-10-31 21:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-31 21:53 --------- d-----w c:\program files\Pioneer 2008-10-31 21:44 56,176,554 ----a-w c:\windows\System32\xa48481787.exe 2008-10-31 21:44 56,176,554 ----a-w c:\windows\System32\xa48388608.exe 2008-10-31 17:17 --------- d-----w c:\users\Nicolas\AppData\Roaming\GlarySoft 2008-10-31 17:13 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-10-31 14:46 --------- d-----w c:\users\Nicolas\AppData\Roaming\Canneverbe_Limited 2008-10-31 14:46 --------- d-----w c:\program files\CDBurnerXP 2008-10-29 18:08 --------- d-----w c:\program files\Audacity 2008-10-28 12:01 --------- d-----w c:\program files\CyberLink 2008-10-27 09:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll 2008-10-27 07:53 --------- d-----w c:\program files\Common Files\Adobe 2008-10-27 07:40 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-10-26 21:27 --------- d-----w c:\progra~2\FLEXnet 2008-10-23 10:18 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-22 15:35 --------- d-----w c:\progra~2\KONAMI 2008-10-22 15:24 --------- d-----w c:\program files\KONAMI 2008-10-22 15:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe 2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-20 13:08 --------- d-----w c:\program files\PhotoFiltre Studio 2008-10-16 11:00 --------- d-----w c:\program files\Windows Mail 2008-10-15 16:56 --------- d-----w c:\program files\Messenger Plus! Live 2008-10-14 10:39 --------- d-----w c:\program files\Steam 2008-10-10 03:52 452,440 ----a-w c:\windows\System32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows\System32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows\System32\D3DCompiler_40.dll 2008-10-09 12:24 691 ----a-w c:\users\Nicolas\AppData\Roaming\GetValue.vbs 2008-10-09 12:24 35 ----a-w c:\users\Nicolas\AppData\Roaming\SetValue.bat 2008-10-06 10:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll 2008-10-04 09:15 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-21 20:16 73,728 ----a-w c:\windows\unacev2.dll 2008-09-20 19:40 159,232 ----a-w c:\windows\System32\fmod.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32 tkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32 toskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-08-29 15:26 174 --sha-w c:\program files\desktop.ini 2008-07-08 22:16 22 --sha-w c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-08 171448] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NvSvc"="c:\windows\system32 vsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-09 1261336] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm "VIDC.IV41"= ir41_32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\users\Nicolas\AppData\Local\Temp\ljJAQjhI [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-08 11:50 1410296 c:\program files\Steam\Steam.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2915097475-978210674-2564524945-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4757DF27-BB99-458F-80CB-DB0364C8F28F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{419E922C-2259-4F5C-8434-B5F1D2E96D3A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{ECCE1CEF-E35A-4D98-B328-225A47D70E75}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{B1344676-1E9E-49F4-BEFF-004FD45764AA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{DAFED501-636C-479A-ADC7-F51D37194812}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{CF5CB537-2C04-4D5C-B313-116C065540B1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{784E8AF5-EE15-4095-8C99-D54E639665D9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9AB13774-E2B9-40EA-8F43-6C77C248E531}c:\program files\counter-strike source\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2 "UDP Query User{738A8863-1308-4261-B3FE-233ED632198F}c:\program files\counter-strike source\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2 "TCP Query User{1D766687-D288-45F5-A7AA-77C621E26DB6}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E48D6642-3D7C-48D9-8E47-858BC441C9E2}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{5BF8495A-BECE-4D57-9FC6-1E493DE476F5}c:\program files\windows sidebar\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows "UDP Query User{F700FF29-638E-4CE8-95A2-CC9A36E58A74}c:\program files\windows sidebar\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows "{0162208B-F511-447C-BA23-D14C5E0FE5A6}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{76DA121E-1B63-4547-A387-37931CF5B2F7}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{B59AA498-A014-4797-8DB8-6F7F0865A1A0}c:\program files\ea games\battlefield 1942\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942 "UDP Query User{5B5DB351-95AC-4526-BB9F-7FA771289BA5}c:\program files\ea games\battlefield 1942\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942 "{2D3A569A-DB18-4593-A3B6-98B139058859}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{3CF97DD3-BBFD-40A1-844F-FEBF6D6AA632}"= UDP:c:\users\Nicolas\Desktop\WoW-2.3.0.7561-frFR-downloader.exe:Blizzard Downloader "{4A574829-3CCD-44BB-ACB3-4C48776C116E}"= TCP:c:\users\Nicolas\Desktop\WoW-2.3.0.7561-frFR-downloader.exe:Blizzard Downloader "{F6F603CB-1CAD-44AE-A477-1840B3E5BA76}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{DE190A5C-36AE-47C8-A0F9-33B17B538064}c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader "UDP Query User{23D9357E-8243-4CAC-AC70-AD02C0CAF86E}c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader "TCP Query User{8ED87126-5B2E-45E5-8137-1EE4862F99B2}c:\users\nicolas\desktop\burning crusade.exe"= UDP:c:\users icolas\desktop\burning crusade.exe:burning crusade.exe "UDP Query User{BC279812-FEFC-4627-9931-58D2BEBA82BE}c:\users\nicolas\desktop\burning crusade.exe"= TCP:c:\users icolas\desktop\burning crusade.exe:burning crusade.exe "{A1B7680A-0D0A-46D2-8C3C-F0430F0B6F0C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{9B0EECE1-7B18-4D48-843F-032A153F60D3}c:\program files\virtualdj\virtualdj.exe"= UDP:c:\program files\virtualdj\virtualdj.exe:VirtualDJ "UDP Query User{26EE9CE0-CB84-4CBF-8290-316AB813576A}c:\program files\virtualdj\virtualdj.exe"= TCP:c:\program files\virtualdj\virtualdj.exe:VirtualDJ "{810088E9-9EBC-475A-A452-C8414E0CC76C}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{586B91AA-858F-4B62-8EAF-160A5661BA0C}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{84597939-5A0C-4CFF-9133-F5C03A5E8DB6}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{ED014EB8-5DEA-46D3-B6EF-0C3F0C5C8326}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{175A709B-81E5-498F-B5DF-A6B9D2E26B1A}"= UDP:c:\users\Nicolas\Desktop\pes2009.exe:Pro Evolution Soccer 2009 "{2B941644-3820-41BD-B7C0-EAD244367187}"= TCP:c:\users\Nicolas\Desktop\pes2009.exe:Pro Evolution Soccer 2009 "{9C53AB34-96E6-48BD-874A-9091E97CACA4}"= UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{7BE5BA14-0E42-4C00-9B1A-67339BE2F9D3}"= TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{26847272-7F95-499D-8574-2E92A8C25779}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{6EA9CE83-3C62-4785-A34D-06AB05475EF8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{48138C1E-3885-43E1-AB46-50F233C8DA13}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{FC3999DD-A2EB-44D7-8DDA-85AB3B6602FD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-09 97928] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FireFox -: Profile - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\cf79nyng.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ FF -: plugin - c:\program files\iTunes\Mozilla Plugins pitunes.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0 pctrl.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology pViewpoint.dll FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-13 11:01:21 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3936) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\AVG\AVG8\avgwdsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\Crypserv.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe c:\windows\System32\conime.exe c:\windows\System32 undll32.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\program files\iPod\bin\iPodService.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2008-12-13 11:10:31 - La machine a redémarré [Nicolas] ComboFix-quarantined-files.txt 2008-12-13 10:10:09 Avant-CF: 7 920 594 944 octets libres Après-CF: 7,670,272,000 octets libres 330 --- E O F --- 2008-12-05 12:15:07 merci de ton aide boulepate62

nico6566 · Answer

oups désolé, tiens voila mon rapport combo: ComboFix 08-12-09.03 - Nicolas 2008-12-13 10:56:51.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1983 [GMT 1:00] Lancé depuis: c:\users\Nicolas\Desktop est1.exe * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 )))))))))))))))))))))))))))))))))))) . 2008-12-13 00:40 . 2008-11-06 02:03 d-------- C:\SDFix 2008-12-13 00:39 . 2008-12-13 00:39 d-------- C: sit 2008-12-12 22:38 . 2008-12-12 22:38 d-------- C:\Temp 2008-12-09 20:34 . 2008-12-12 17:32 d-------- c:\users\All Users\Avira 2008-12-09 20:34 . 2008-12-09 20:34 d-------- c:\program files\Avira 2008-12-09 20:34 . 2008-12-12 17:32 d-------- c:\progra~2\Avira 2008-12-09 17:24 . 2008-12-09 19:12 d--h----- C:\$AVG8.VAULT$ 2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\windows\System32\drivers\Avg 2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\users\All Users\avg8 2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\program files\AVG 2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\progra~2\avg8 2008-12-09 17:08 . 2008-12-09 17:08 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys 2008-12-09 17:08 . 2008-12-09 17:08 10,520 --a------ c:\windows\System32\avgrsstx.dll 2008-12-09 15:45 . 2008-12-09 15:45 0 --ah----- C: tuser.dat.LOG2 2008-12-09 15:45 . 2008-12-09 15:45 0 --ah----- C: tuser.dat.LOG1 2008-12-09 15:45 . 2008-12-09 15:45 0 --a------ C: tuser.dat 2008-12-07 20:33 . 2008-12-11 18:25 d-------- c:\program files\Navilog1 2008-12-07 20:33 . 2008-12-11 18:53 d-------- c:\program files\FindyKill 2008-12-07 20:33 . 2008-12-13 00:43 d-------- C:\Lop SD 2008-12-07 16:37 . 2008-12-07 16:37 d-------- c:\users\All Users\WindowsSearch 2008-12-07 16:37 . 2008-12-07 16:37 d-------- c:\progra~2\WindowsSearch 2008-12-07 16:31 . 2008-12-07 21:16 d-------- c:\program files\Trend Micro 2008-12-07 13:21 . 2008-12-07 13:21 61,440 --a------ c:\windows\System32\drivers brp.sys 2008-12-06 17:30 . 2008-12-06 17:30 61,440 --a------ c:\windows\System32\drivers\htviku.sys 2008-12-06 14:03 . 2008-12-06 14:03 61,440 --a------ c:\windows\System32\drivers\iuxjcxm.sys 2008-11-30 18:36 . 2008-11-30 19:45 d-------- c:\program files\Stellar Phoenix Windows Data Recovery 2008-11-30 18:36 . 1998-06-24 00:00 260,920 --a------ c:\windows\System32\MSDATGRD.OCX 2008-11-30 18:36 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe 2008-11-30 18:36 . 2006-03-01 02:10 69,632 --a------ c:\windows\System32\Crypserv.exe 2008-11-30 18:36 . 2006-01-10 03:47 31,846 --a------ c:\windows\System32\Ckldrv.sys 2008-11-30 18:36 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe 2008-11-30 18:36 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll 2008-11-30 18:36 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe 2008-11-30 18:36 . 2008-11-30 18:36 1,680 --a------ c:\windows\System32\esnecil.nlp 2008-11-30 18:36 . 2008-12-01 12:27 1,680 --a------ c:\windows\System32\esnecil.ind 2008-11-30 18:36 . 2008-11-30 18:36 71 --a------ c:\windows\Crypkey.ini 2008-11-30 18:36 . 2008-11-30 18:36 4 --a------ c:\windows\vx86036.dat 2008-11-29 00:45 . 2008-11-29 00:45 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 00:45 . 2008-11-29 00:45 d-------- c:\program files\iTunes 2008-11-29 00:45 . 2008-11-29 00:45 d-------- c:\program files\iPod 2008-11-29 00:45 . 2008-11-29 00:45 d-------- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 00:45 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-11-29 00:45 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-11-29 00:42 . 2008-11-29 00:43 d-------- c:\program files\QuickTime 2008-11-29 00:32 . 2008-11-29 00:32 d-------- c:\program files\Apple Software Update 2008-11-28 13:14 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-28 13:14 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-28 13:14 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-28 13:14 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-28 13:14 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-14 17:02 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-14 17:02 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-14 17:02 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-14 17:02 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-14 17:01 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-14 17:01 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-14 17:01 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-14 17:01 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-14 17:01 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-13 17:17 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-13 17:17 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-13 17:17 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 23:49 48,605 ----a-w c:\users\Nicolas\AppData\Roaming vModes.dat 2008-12-12 22:59 --------- d-----w c:\program files\Windows Photo Gallery 2008-12-12 22:59 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-12 22:59 --------- d-----w c:\program files\Glary Utilities 2008-12-12 22:59 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2008-12-08 19:50 --------- d-----w c:\program files\Common Files\LightScribe 2008-12-07 15:51 --------- d-----w c:\program files\RogueRemover FREE 2008-12-06 13:56 --------- d-----w c:\program files\Windows Live Safety Center 2008-12-06 13:03 598 ----a-w c:\program files\ckec.txt 2008-12-05 15:52 --------- d-----w c:\program files\SpeedFan 2008-11-28 23:45 --------- d-----w c:\program files\Common Files\Apple 2008-11-28 23:45 --------- d-----w c:\progra~2\Apple Computer 2008-11-28 23:44 --------- d-----w c:\program files\Bonjour 2008-11-19 18:19 --------- d-----w c:\progra~2\Microsoft Help 2008-11-10 23:23 --------- d-----w c:\program files\Sports Interactive 2008-11-10 17:11 --------- d-----w c:\program files\VirtualDJ 2008-11-10 14:45 --------- d-----w c:\program files\XBox 360 Controller for Windows Software 2008-11-10 14:44 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2008-11-09 21:11 --------- d-----w c:\users\Nicolas\AppData\Roaming\Sports Interactive 2008-11-09 21:11 --------- d-----w c:\progra~2\Sports Interactive 2008-11-09 09:56 --------- d-----w c:\users\Nicolas\AppData\Roaming\Pioneer 2008-11-09 09:52 56,176,554 ----a-w c:\windows\System32\xa1487937.exe 2008-11-09 09:52 56,176,554 ----a-w c:\windows\System32\xa1478951.exe 2008-10-31 21:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-31 21:53 --------- d-----w c:\program files\Pioneer 2008-10-31 21:44 56,176,554 ----a-w c:\windows\System32\xa48481787.exe 2008-10-31 21:44 56,176,554 ----a-w c:\windows\System32\xa48388608.exe 2008-10-31 17:17 --------- d-----w c:\users\Nicolas\AppData\Roaming\GlarySoft 2008-10-31 17:13 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-10-31 14:46 --------- d-----w c:\users\Nicolas\AppData\Roaming\Canneverbe_Limited 2008-10-31 14:46 --------- d-----w c:\program files\CDBurnerXP 2008-10-29 18:08 --------- d-----w c:\program files\Audacity 2008-10-28 12:01 --------- d-----w c:\program files\CyberLink 2008-10-27 09:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll 2008-10-27 07:53 --------- d-----w c:\program files\Common Files\Adobe 2008-10-27 07:40 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-10-26 21:27 --------- d-----w c:\progra~2\FLEXnet 2008-10-23 10:18 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-22 15:35 --------- d-----w c:\progra~2\KONAMI 2008-10-22 15:24 --------- d-----w c:\program files\KONAMI 2008-10-22 15:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe 2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-20 13:08 --------- d-----w c:\program files\PhotoFiltre Studio 2008-10-16 11:00 --------- d-----w c:\program files\Windows Mail 2008-10-15 16:56 --------- d-----w c:\program files\Messenger Plus! Live 2008-10-14 10:39 --------- d-----w c:\program files\Steam 2008-10-10 03:52 452,440 ----a-w c:\windows\System32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows\System32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows\System32\D3DCompiler_40.dll 2008-10-09 12:24 691 ----a-w c:\users\Nicolas\AppData\Roaming\GetValue.vbs 2008-10-09 12:24 35 ----a-w c:\users\Nicolas\AppData\Roaming\SetValue.bat 2008-10-06 10:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll 2008-10-04 09:15 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-21 20:16 73,728 ----a-w c:\windows\unacev2.dll 2008-09-20 19:40 159,232 ----a-w c:\windows\System32\fmod.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32 tkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32 toskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-08-29 15:26 174 --sha-w c:\program files\desktop.ini 2008-07-08 22:16 22 --sha-w c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-08 171448] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NvSvc"="c:\windows\system32 vsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-09 1261336] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm "VIDC.IV41"= ir41_32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\users\Nicolas\AppData\Local\Temp\ljJAQjhI [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-08 11:50 1410296 c:\program files\Steam\Steam.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2915097475-978210674-2564524945-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4757DF27-BB99-458F-80CB-DB0364C8F28F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{419E922C-2259-4F5C-8434-B5F1D2E96D3A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{ECCE1CEF-E35A-4D98-B328-225A47D70E75}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{B1344676-1E9E-49F4-BEFF-004FD45764AA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{DAFED501-636C-479A-ADC7-F51D37194812}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{CF5CB537-2C04-4D5C-B313-116C065540B1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{784E8AF5-EE15-4095-8C99-D54E639665D9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9AB13774-E2B9-40EA-8F43-6C77C248E531}c:\program files\counter-strike source\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2 "UDP Query User{738A8863-1308-4261-B3FE-233ED632198F}c:\program files\counter-strike source\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2 "TCP Query User{1D766687-D288-45F5-A7AA-77C621E26DB6}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E48D6642-3D7C-48D9-8E47-858BC441C9E2}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{5BF8495A-BECE-4D57-9FC6-1E493DE476F5}c:\program files\windows sidebar\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows "UDP Query User{F700FF29-638E-4CE8-95A2-CC9A36E58A74}c:\program files\windows sidebar\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows "{0162208B-F511-447C-BA23-D14C5E0FE5A6}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{76DA121E-1B63-4547-A387-37931CF5B2F7}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{B59AA498-A014-4797-8DB8-6F7F0865A1A0}c:\program files\ea games\battlefield 1942\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942 "UDP Query User{5B5DB351-95AC-4526-BB9F-7FA771289BA5}c:\program files\ea games\battlefield 1942\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942 "{2D3A569A-DB18-4593-A3B6-98B139058859}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{3CF97DD3-BBFD-40A1-844F-FEBF6D6AA632}"= UDP:c:\users\Nicolas\Desktop\WoW-2.3.0.7561-frFR-downloader.exe:Blizzard Downloader "{4A574829-3CCD-44BB-ACB3-4C48776C116E}"= TCP:c:\users\Nicolas\Desktop\WoW-2.3.0.7561-frFR-downloader.exe:Blizzard Downloader "{F6F603CB-1CAD-44AE-A477-1840B3E5BA76}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{DE190A5C-36AE-47C8-A0F9-33B17B538064}c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader "UDP Query User{23D9357E-8243-4CAC-AC70-AD02C0CAF86E}c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader "TCP Query User{8ED87126-5B2E-45E5-8137-1EE4862F99B2}c:\users\nicolas\desktop\burning crusade.exe"= UDP:c:\users icolas\desktop\burning crusade.exe:burning crusade.exe "UDP Query User{BC279812-FEFC-4627-9931-58D2BEBA82BE}c:\users\nicolas\desktop\burning crusade.exe"= TCP:c:\users icolas\desktop\burning crusade.exe:burning crusade.exe "{A1B7680A-0D0A-46D2-8C3C-F0430F0B6F0C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{9B0EECE1-7B18-4D48-843F-032A153F60D3}c:\program files\virtualdj\virtualdj.exe"= UDP:c:\program files\virtualdj\virtualdj.exe:VirtualDJ "UDP Query User{26EE9CE0-CB84-4CBF-8290-316AB813576A}c:\program files\virtualdj\virtualdj.exe"= TCP:c:\program files\virtualdj\virtualdj.exe:VirtualDJ "{810088E9-9EBC-475A-A452-C8414E0CC76C}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{586B91AA-858F-4B62-8EAF-160A5661BA0C}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{84597939-5A0C-4CFF-9133-F5C03A5E8DB6}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{ED014EB8-5DEA-46D3-B6EF-0C3F0C5C8326}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{175A709B-81E5-498F-B5DF-A6B9D2E26B1A}"= UDP:c:\users\Nicolas\Desktop\pes2009.exe:Pro Evolution Soccer 2009 "{2B941644-3820-41BD-B7C0-EAD244367187}"= TCP:c:\users\Nicolas\Desktop\pes2009.exe:Pro Evolution Soccer 2009 "{9C53AB34-96E6-48BD-874A-9091E97CACA4}"= UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{7BE5BA14-0E42-4C00-9B1A-67339BE2F9D3}"= TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{26847272-7F95-499D-8574-2E92A8C25779}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{6EA9CE83-3C62-4785-A34D-06AB05475EF8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{48138C1E-3885-43E1-AB46-50F233C8DA13}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{FC3999DD-A2EB-44D7-8DDA-85AB3B6602FD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-09 97928] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FireFox -: Profile - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\cf79nyng.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ FF -: plugin - c:\program files\iTunes\Mozilla Plugins pitunes.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0 pctrl.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology pViewpoint.dll FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-13 11:01:21 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3936) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\AVG\AVG8\avgwdsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\Crypserv.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe c:\windows\System32\conime.exe c:\windows\System32 undll32.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\program files\iPod\bin\iPodService.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2008-12-13 11:10:31 - La machine a redémarré [Nicolas] ComboFix-quarantined-files.txt 2008-12-13 10:10:09 Avant-CF: 7 920 594 944 octets libres Après-CF: 7,670,272,000 octets libres 330 --- E O F --- 2008-12-05 12:15:07 merci de ton aide boulepate62

Utilisateur anonyme · Answer

Rends toi sur Vitustotal.
-----> https://www.virustotal.com/gui/

Là ou c'est marqué Choisir tape la ligne ci-dessous et clic sur Envoyer le fichier.
c:\windows\System32\xa1487937.exe

Patiente et colle ici le rapport lorsque l'analyse sera terminée.


Recommence avec cette ligne :
c:\windows\System32\xa1487937.exe

A++

nico6566 · Answer

je n'ai pas d'acces a internet depuis mon pc infecté (le virus ma deparametrer internet)

nico6566 · Answer

probleme resolue: alors voici la solution , il s'agissait en fait d'une modification de la base de registre (:@ grrrr)

http://forum.telecharger.01net.com/forum/high-tech/ARCHIVE-L-ORDINATEUR-INDIVIDUEL/Acces-Internet-et-reseaux/disparition-erreurs-871122-sujet_12073_1.htm#post5436

Utilisateur anonyme · Answer

ça empêche pas que ton ordinateur est toujours infecté.
Mais bon si c'est résolu pour toi alors moi aussi.

++

Rapport hijackhis

18 réponses

Discussions similaires

Newsletters