Bjr,
J'ai mon pc qui deconne a mort.
Toutes les 5 secondes, mon bureau disparait et reviens quelques secondes, puis redisparait, puis reaparait.
Seul le programme en cours ne ferme pas.
Help Me please
Bye
Message édité par doudou_the_killer le 06-05-2008 à 21:27:03
Bonjour,
Télécharge puis installe HijackThis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser HijackThis v2.0.2
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:21:23, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
I:\Program_Files\eMule\emule.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\VirusEffaceur\pgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\VirusEffaceur\Tools\pblock.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\VirusEffaceur\Tools\sbiebho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - C:\WINDOWS\system32\urqomjJc.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\VIRUSE~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\VirusEffaceur\bm.exe" dm=http://viruseffaceur.com ad=http://viruseffaceur.com sd=http://gregistre.viruseffaceur.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\VirusEffaceur\ptask.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SuperCopier2.exe] d:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VirusEffaceur] C:\Program Files\VirusEffaceur\pgs.exe /min
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: RocketDock.lnk = I:\Program_Files\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = I:\Program_Files\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = I:\Program_Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = I:\Program_Files\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: urqomjJc - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://assets.xbox.com/ja-jp/press [...] -3qrtr.jpg
--
End of file - 11120 bytes
C'est grave docteur ??
Pas si grave 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 707
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|P:\|)
Eléments examinés: 154289
Temps écoulé: 1 hour(s), 33 minute(s), 30 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnkjhff.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c9de0c5-67a2-4aa8-a42f-892969757488} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8c9de0c5-67a2-4aa8-a42f-892969757488} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d761645b-6b20-4698-aee8-729981152a82} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbiebho.iefw (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbiebho.iefw.2 (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popupblocker.iegpb (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popupblocker.iegpb.1 (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{187b2540-46b7-4c01-931b-87717bc6a462} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a29462b-24dd-4b2e-a692-9b1002ba1800} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{495334b0-4d49-476a-83cd-ae267af143a9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhlp (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\pblock.DLL (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b82f29e4-8368-4b14-9c00-5138c0d94034} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnkjhff -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnkjhff -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\opnkjhff.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ffhjknpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ffhjknpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\VirusEffaceur\bm.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Program Files\VirusEffaceur\Tools\sbiebho.dll (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Program Files\VirusEffaceur\Tools\pblock.dll (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Program Files\VirusEffaceur\Activate.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Program Files\VirusEffaceur\dhlp.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\VirusEffaceur\scnkrnl.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\VirusEffaceur\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\VirusEffaceur\Up\gup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\dhlp.sys (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
PS : Cela me fait toujours la meme chose... 
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:47, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\FICHIE~1\VIRUSE~1\ugac.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\NETGEAR\WG111T\wlan111t.exe
I:\Program_Files\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
I:\Program_Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
I:\Program_Files\Vista Inspirat 2\YzShadow\YzShadow.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
I:\Program_Files\eMule\emule.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\VIRUSE~1\ugac.exe" -start
O4 - HKLM\..\Run: [ptask] C:\Program Files\VirusEffaceur\ptask.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SuperCopier2.exe] d:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VirusEffaceur] C:\Program Files\VirusEffaceur\pgs.exe /min
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: RocketDock.lnk = I:\Program_Files\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = I:\Program_Files\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = I:\Program_Files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = I:\Program_Files\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: urqomjJc - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://assets.xbox.com/ja-jp/press [...] -3qrtr.jpg
--
End of file - 12035 bytes
Re,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
ComboFix 08-04-29.5 - Kevin 2008-05-01 21:57:31.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.311 [GMT 2:00]
Endroit: C:\Documents and Settings\Kevin\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Kevin\ResErrors.log
C:\Program Files\internet explorer\iekey.dll
C:\Program Files\internet explorer\iexp1ore.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IEdate.dll
C:\WINDOWS\system32\ffhjknpo.ini
C:\WINDOWS\system32\ffhjknpo.ini2
C:\WINDOWS\system32\opnkjhff.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DHLP
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 21:57 . 2008-05-01 21:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-01 17:52 . 2008-05-01 17:52 <REP> d-------- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2008-05-01 17:52 . 2008-05-01 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 01:15 . 2008-05-01 01:15 396,288 --a------ C:\HijackThis.exe
2008-04-27 10:32 . 2008-04-27 10:32 <REP> d--hs---- C:\VirusEffaceur
2008-04-27 10:32 . 2008-04-30 14:48 <REP> d-------- C:\Documents and Settings\Kevin\Application Data\VirusEffaceur
2008-04-27 10:26 . 2008-04-27 10:26 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-13 18:13 . 2008-04-13 18:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-13 17:48 . 2008-04-13 17:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-04-13 17:42 . 2008-04-13 17:42 <REP> d-------- C:\Program Files\Pinnacle
2008-04-13 17:42 . 2008-04-13 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Yahoo!
2008-04-13 17:42 . 2008-04-13 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-04-13 17:36 . 2008-04-13 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-04-13 16:10 . 2008-04-13 16:11 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-13 16:05 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-13 16:05 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-13 16:05 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-13 16:05 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-13 16:05 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-13 16:05 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-13 16:05 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-13 16:05 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-13 16:05 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-09 18:54 . 2008-04-09 18:54 5,607 --a------ C:\WINDOWS\~GLH0004.TMP
2008-04-09 18:48 . 2008-04-09 18:48 <REP> d-------- C:\Program Files\TI Education
2008-04-09 18:48 . 1999-08-30 14:51 9,152 --a------ C:\WINDOWS\system32\drivers\Ticalc.sys
2008-04-09 18:48 . 1998-11-13 16:01 0 --a------ C:\WINDOWS\Wlink83p.ini
2008-04-09 18:43 . 2008-04-09 18:43 5,607 --a------ C:\WINDOWS\~GLH0003.TMP
2008-04-09 18:43 . 2008-04-09 18:43 5,607 --a------ C:\WINDOWS\~GLH0002.TMP
2008-04-09 18:43 . 2008-04-09 18:43 5,607 --a------ C:\WINDOWS\~GLH0001.TMP
2008-04-09 18:42 . 2008-04-09 18:42 5,607 --a------ C:\WINDOWS\~GLH0000.TMP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 11:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-12 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-12 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-28 14:04 --------- d-----w C:\Program Files\MOVAVI
2008-03-26 12:24 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-23 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 11:36 54,930 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-23 11:36 4,627 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-22 17:13 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Newsbin
2008-03-09 15:45 --------- d-----w C:\Program Files\NewsBin
.
------- Sigcheck -------
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-02-14 21:56 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-01-20 23:42 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-01-20 23:42 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"SuperCopier2.exe"="D:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="D:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 19:22 266240]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"ptask"="C:\Program Files\VirusEffaceur\ptask.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2006-02-14 11:24 248]
"nlsf"="cmd.exe" [2004-08-19 17:09 428032 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqomjJc]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program_Files\\Programs\\RM.exe"=
"H:\\Program_Files\\Programs\\PMSRegisterFile.exe"=
"H:\\Program_Files\\Programs\\umi.exe"=
"H:\\Program_Files\\Programs\\VideoSpin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:eMule TCP
"4672:UDP"= 4672:UDP:eMule UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 16:02]
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2003-08-20 11:51]
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 11:44]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 05:21]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 MBAMCatchMe;MBAMCatchMe;D:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d494522-8180-11dc-a40d-0013d4bcd8a0}]
\Shell\AutoRun\command - N:\ie.exe
\Shell\explore\Command - N:\ie.exe
\Shell\open\Command - N:\ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64425621-a9c0-11dc-a440-0013d4bcd8a0}]
\Shell\AutoRun\command - J:\ie.exe
\Shell\explore\Command - J:\ie.exe
\Shell\open\Command - J:\ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94281d3f-7ce7-11dc-8ac5-806d6172696f}]
\Shell\AutoRun\command - I:\ASUSACPI.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-25 11:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-04-16 06:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-01-21 16:09:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1192736019.job"
- D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 22:01:35
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 179
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Kevin\LOCALS~1\Temp\mc23.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program_Files\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-01 22:10:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 20:10:13
Pre-Run: 306,216,960 octets libres
Post-Run: 1,150,177,280 octets libres
225
Je redemarre mon pc, pour voir si cela ne le fait plus...
=D, SA MARCHE !!!!!!!!!!!!
Merci beaucoup AngelDark, je ne sais pas comment vous remerciez...
Une derniere question...
Que me conseilles tu comme ANTIVIRUS ??
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Folder::
|
Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
ComboFix 08-04-29.5 - Kevin 2008-05-01 22:37:17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.561 [GMT 2:00]
Endroit: C:\Documents and Settings\Kevin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VirusEffaceur
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-01 21:57 . 2008-05-01 21:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-01 17:52 . 2008-05-01 17:52 <REP> d-------- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2008-05-01 17:52 . 2008-05-01 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 01:15 . 2008-05-01 01:15 396,288 --a------ C:\HijackThis.exe
2008-04-27 10:32 . 2008-04-30 14:48 <REP> d-------- C:\Documents and Settings\Kevin\Application Data\VirusEffaceur
2008-04-27 10:26 . 2008-04-27 10:26 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-13 18:13 . 2008-04-13 18:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-13 17:48 . 2008-04-13 17:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-04-13 17:42 . 2008-04-13 17:42 <REP> d-------- C:\Program Files\Pinnacle
2008-04-13 17:42 . 2008-04-13 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Yahoo!
2008-04-13 17:42 . 2008-04-13 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-04-13 17:36 . 2008-04-13 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-04-13 16:10 . 2008-04-13 16:11 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-13 16:05 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-13 16:05 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-13 16:05 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-13 16:05 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-13 16:05 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-13 16:05 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-13 16:05 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-13 16:05 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-13 16:05 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-09 18:54 . 2008-04-09 18:54 5,607 --a------ C:\WINDOWS\~GLH0004.TMP
2008-04-09 18:48 . 2008-04-09 18:48 <REP> d-------- C:\Program Files\TI Education
2008-04-09 18:48 . 1999-08-30 14:51 9,152 --a------ C:\WINDOWS\system32\drivers\Ticalc.sys
2008-04-09 18:48 . 1998-11-13 16:01 0 --a------ C:\WINDOWS\Wlink83p.ini
2008-04-09 18:43 . 2008-04-09 18:43 5,607 --a------ C:\WINDOWS\~GLH0003.TMP
2008-04-09 18:43 . 2008-04-09 18:43 5,607 --a------ C:\WINDOWS\~GLH0002.TMP
2008-04-09 18:43 . 2008-04-09 18:43 5,607 --a------ C:\WINDOWS\~GLH0001.TMP
2008-04-09 18:42 . 2008-04-09 18:42 5,607 --a------ C:\WINDOWS\~GLH0000.TMP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 11:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-12 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-12 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-28 14:04 --------- d-----w C:\Program Files\MOVAVI
2008-03-26 12:24 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-23 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 11:36 54,930 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-23 11:36 4,627 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-22 17:13 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Newsbin
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 15:45 --------- d-----w C:\Program Files\NewsBin
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
------- Sigcheck -------
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-02-14 21:56 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-01-20 23:42 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-01-20 23:42 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-01_22.08.05.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 20:00:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 20:13:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"SuperCopier2.exe"="D:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="D:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 19:22 266240]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2006-02-14 11:24 248]
"nlsf"="cmd.exe" [2004-08-19 17:09 428032 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 16:52 44544]
C:\Documents and Settings\Kevin\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - I:\Program_Files\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - I:\Program_Files\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-13 13:07:26 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
hp psc 1000 series.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 02:23:52 67128]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-10-12 16:01:35 434176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqomjJc]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program_Files\\Programs\\RM.exe"=
"H:\\Program_Files\\Programs\\PMSRegisterFile.exe"=
"H:\\Program_Files\\Programs\\umi.exe"=
"H:\\Program_Files\\Programs\\VideoSpin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:eMule TCP
"4672:UDP"= 4672:UDP:eMule UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 16:02]
R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2003-08-20 11:51]
R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 11:44]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 05:21]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 MBAMCatchMe;MBAMCatchMe;D:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d494522-8180-11dc-a40d-0013d4bcd8a0}]
\Shell\AutoRun\command - N:\ie.exe
\Shell\explore\Command - N:\ie.exe
\Shell\open\Command - N:\ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64425621-a9c0-11dc-a440-0013d4bcd8a0}]
\Shell\AutoRun\command - J:\ie.exe
\Shell\explore\Command - J:\ie.exe
\Shell\open\Command - J:\ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94281d3f-7ce7-11dc-8ac5-806d6172696f}]
\Shell\AutoRun\command - I:\ASUSACPI.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-25 11:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-16 12:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-04-16 06:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-04-16 18:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-01-21 16:09:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1192736019.job"
- D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 22:38:32
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Kevin\LOCALS~1\Temp\mc22.tmp"
.
Temps d'accomplissement: 2008-05-01 22:40:00
ComboFix-quarantined-files.txt 2008-05-01 20:39:53
ComboFix2.txt 2008-05-01 20:10:17
Pre-Run: 1,130,045,440 octets libres
Post-Run: 1,120,481,280 octets libres
209
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:51, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program_Files\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: RocketDock.lnk = I:\Program_Files\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = I:\Program_Files\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: urqomjJc - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://assets.xbox.com/ja-jp/press [...] -3qrtr.jpg
--
End of file - 10476 bytes
Tout est OK ?
Apparemment ok.
Répondre à Angeldark
Ok 
Peut-tu me dire quel est le meilleur antivirus ?
Je viens d'installer G-Data mais je ne sais pas si il est si bon que sa...
Voir ma signature
Répondre à Angeldark
Merci beaucoup à toi, AngelDark !!!
Bon surf
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Répondre à Angeldark
-->- Recherche:
---------------------------------
-->- Suppression:
Tu as encore combofix, Hijackthis ou ils ont été virés ?
Répondre à Angeldark
Je les ai virer... Il ne fallait pas ? (PS : J'ai formater mon pc)
Attends, tu vas me dire que j'ai désinfecté ton pc pour que tu le formates 
Répondre à Angeldark
Au moins je sais le faire....
J'veux devenir informaticien plus tard....
Sa va beaucoup me servir je pense....
Formater ça va te servir dans la vie ?
Répondre à Angeldark
Nan, savoir virer les virus....
Bah chaque infection est différente, donc la procédure aussi.
Répondre à Angeldark
Ah Okay.... :s
Il y a 210 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
