PC redemarre tout seul+empeche d'aller sur internet+Plein de pubs
Forum Sécurité - Virus : PC redemarre tout seul+empeche d'aller sur internet+Plein de pubs
Bonjour voila mes problems:
_mon pc redémarre tout seul tous les jours à 9h50!!!
_Internet Explorer m'empeche d'aller sur certains sites(qui sont tout à fait normaux ^^) qui en plus de cela plusieurs publicitées pour des jeux en ligne viennent s'ouvrir. En esperant grace à vous tout va redevenir normal.
Je vais poster mon rapport HijackThis.
Le voici:
Logfile of HijackThis v1.99.1
Scan saved at 10:21:49, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\chef\Mes documents\Débarra\logiciels\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3095D50F-F1BA-4BBC-A54D-819EEB7E0898} - C:\WINDOWS\system32\ljJCuTmm.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {D083C3F4-4201-4765-B9B1-792C225AC410} - C:\WINDOWS\system32\mlJcAQiF.dll (file missing)
O2 - BHO: (no name) - {D1811913-FEB4-4342-A24A-763A2E79A3B1} - C:\WINDOWS\system32\rqRKEWMg.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\chef\svchost.exe
O4 - HKLM\..\Run: [c8d4de60] rundll32.exe "C:\WINDOWS\system32\stsvhhnf.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMcbe7edfc] Rundll32.exe "C:\WINDOWS\system32\ynqijnff.dll",s
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3815331382
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD39/ [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6004ECB-7DA1-4550-9979-4634711A9F2F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A14A7A-0C27-4571-A1E0-AB61CD85964D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljJCuTmm - ljJCuTmm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
voici le rapport:
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 854
13:32:37 14/06/2008
mbam-log-6-14-2008 (13-32-37).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 171913
Temps écoulé: 1 hour(s), 29 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 56
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ec085a8-9818-43b7-b975-ec7555eda4d2} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a74c41c-0837-4fbe-ba50-621eb70f01ce} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{25297614-1b76-4c2c-82c6-62738aa0e8f0} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37f89457-1208-4670-9245-58c62bd6d870} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{45477032-abd0-454d-9ce4-ea34c10322f8} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69e34747-0b27-4b30-ae20-1023bf29e246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{79be5b3b-80b2-4b77-a042-efc90f6e0de7} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ebb34cf-1728-4136-a968-48f231dad1b4} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{88daa291-b413-4c46-b378-3be66f65369e} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{936a2f4a-53f8-4d2f-92aa-2f9de889841c} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{afcc3fa7-82a9-42d5-a405-78711e97a5d6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cc05a4a3-7b28-488f-ab02-6aaedb86accf} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e80114aa-6653-4952-9e97-5f1dc63bee0f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f9109a2a-432b-4add-a6fa-06ba22dcd2d9} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca3958a-8d38-4d14-8b81-ccd7f68a8a01} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8d4de60 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcbe7edfc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\rdblgsbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lbsglbdr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stsvhhnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnhhvsts.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565811.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565825.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565826.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565827.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566067.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566080.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566081.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566257.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567828.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567829.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567830.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567874.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567875.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567900.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567901.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567902.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568040.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568187.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568198.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569102.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569192.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569451.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569452.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569453.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569479.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569480.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569481.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0569980.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0569981.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570017.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570018.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570019.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570020.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570021.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP181\A0573474.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP185\A0577642.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0577945.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578295.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578296.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578307.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578310.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591904.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591926.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591967.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591989.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ysifwvgi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynqijnff.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Re,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Re desolé je ne trouve pas où desactiver l'antivirus( AVG free edition). Le d'sinstaller peut-il etre possible?? Vu que je dois changer!
Message édité par de_beuze le 14-06-2008 à 16:08:56
Pas grave, fais sans la désactivation.
Répondre à Angeldark
voila j'ai fais la desactivaton!!
ComboFix 08-06-12.2 - chef 2008-06-14 16:55:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\chef\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
ADS - svchost.exe: deleted 100 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 100 bytes in 1 streams.
ADS - explorer.exe: deleted 36 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\vtmp2
C:\WINDOWS\BMcbe7edfc.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\elvmsnmr.ini
C:\WINDOWS\system32\FiQAcJlm.ini
C:\WINDOWS\system32\FiQAcJlm.ini2
C:\WINDOWS\system32\gMWEKRqr.ini
C:\WINDOWS\system32\gMWEKRqr.ini2
C:\WINDOWS\system32\hibcycqs.ini
C:\WINDOWS\system32\ilcgtuht.dll
C:\WINDOWS\system32\iqugpjge.dll
C:\WINDOWS\system32\jybvweys.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\tnmojbae.dll
C:\WINDOWS\system32\umqlwngo.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))
.
2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\chef\Application Data\Malwarebytes
2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 11:57 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 11:57 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 11:49 . 2008-06-14 11:49 <REP> d-------- C:\Documents and Settings\chef\Application Data\Uniblue
2008-06-12 22:52 . 2008-06-12 22:52 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-06-11 10:47 . 2008-06-11 10:47 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 08:39 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:39 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 18:31 . 2008-06-06 18:31 <REP> d-------- C:\Program Files\RomuSoft
2008-06-03 13:53 . 2008-06-03 13:53 192,512 --a------ C:\WINDOWS\off-road-uninst.exe
2008-06-03 13:52 . 2008-06-03 16:51 <REP> d-------- C:\Program Files\M6 Jeux
2008-06-03 13:52 . 2008-06-03 13:52 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-06-03 13:32 . 2008-06-03 13:32 <REP> d-------- C:\Documents and Settings\chef\Application Data\THQ
2008-05-27 17:53 . 2008-05-27 17:53 123 --a------ C:\WINDOWS\wininit.ini
2008-05-24 08:18 . 2008-05-24 08:21 <REP> d--hs---- C:\Documents and Settings\chef\!
2008-05-24 08:18 . 2008-05-24 08:18 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-05-24 08:17 . 2008-05-29 09:18 <REP> d-------- C:\WINDOWS\system32\vntiho05
2008-05-16 17:04 . 2008-05-27 16:36 <REP> d-------- C:\Program Files\LimeWire
2008-05-16 17:04 . 2008-05-27 16:27 <REP> d-------- C:\Documents and Settings\chef\Application Data\LimeWire
2008-05-16 13:57 . 2008-06-11 17:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 13:57 . 2008-05-16 13:57 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 07:12 --------- d-----w C:\Documents and Settings\chef\Application Data\AVG7
2008-06-14 03:41 --------- d-----w C:\Program Files\eMule
2008-06-13 15:02 --------- d-----w C:\Program Files\EA GAMES
2008-06-12 20:56 --------- d-----w C:\Program Files\VisualTaskTips
2008-06-09 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-04 08:22 --------- d-----w C:\Documents and Settings\chef\Application Data\AdobeUM
2008-06-03 11:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 11:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 07:55 --------- d-----w C:\Program Files\SuperMarioPac
2008-05-23 15:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-18 13:07 --------- d-----w C:\Program Files\VirtualDJ
2008-05-16 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 16:56 --------- d-----w C:\Program Files\Java
2008-05-09 16:53 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 10:28 --------- d-----w C:\Program Files\Windows Live
2008-05-02 10:28 --------- d-----w C:\Program Files\Fake Webcam
2008-03-14 21:24 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-14 21:24 253,952 ------w C:\WINDOWS\Setup1.exe
2008-03-14 17:53 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-14 17:53 5,368 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-14 16:55 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-01-02 17:02 22,328 ----a-w C:\Documents and Settings\chef\Application Data\PnkBstrK.sys
2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]
C:\WINDOWS\system32\ljJCuTmm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D083C3F4-4201-4765-B9B1-792C225AC410}]
C:\WINDOWS\system32\mlJcAQiF.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1811913-FEB4-4342-A24A-763A2E79A3B1}]
C:\WINDOWS\system32\rqRKEWMg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [ ]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-11-13 14:07 1289000]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:47 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-05 00:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-19 21:38 219136]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"= C:\WINDOWS\system32\ljJCuTmm.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCuTmm]
ljJCuTmm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VP40"= vp4vfw.dll
"vidc.ffds"= ffdshow.ax
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahm30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ovc41.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"<NO NAME>"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\chef\\Mes documents\\Jeux\\mini jeux\\Volley\\volley.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\EA GAMES\\NFS Underground\\Speed.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2000-02-22 16:46]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
S0 Ahm30;Ahm30;C:\WINDOWS\system32\Drivers\Ahm30.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcfbf0e4-d006-11dc-96f4-0015f237590f}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-22 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 17:00:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-14 17:06:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 15:06:32
Pre-Run: 73,027,543,040 octets libres
Post-Run: 73,348,734,976 octets libres
214 --- E O F --- 2008-06-11 08:48:16
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Registry::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
ComboFix 08-06-12.2 - chef 2008-06-15 12:54:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.567 [GMT 2:00]
Endroit: C:\Documents and Settings\chef\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\chef\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\chef\real.txt
C:\WINDOWS\system32\taskkill.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))))))))
.
2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\chef\Application Data\Malwarebytes
2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 11:57 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 11:57 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 11:49 . 2008-06-14 11:49 <REP> d-------- C:\Documents and Settings\chef\Application Data\Uniblue
2008-06-12 22:52 . 2008-06-12 22:52 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-06-11 10:47 . 2008-06-11 10:47 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 08:39 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:39 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 18:31 . 2008-06-06 18:31 <REP> d-------- C:\Program Files\RomuSoft
2008-06-03 13:53 . 2008-06-03 13:53 192,512 --a------ C:\WINDOWS\off-road-uninst.exe
2008-06-03 13:52 . 2008-06-03 16:51 <REP> d-------- C:\Program Files\M6 Jeux
2008-06-03 13:52 . 2008-06-03 13:52 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-06-03 13:32 . 2008-06-03 13:32 <REP> d-------- C:\Documents and Settings\chef\Application Data\THQ
2008-05-27 17:53 . 2008-05-27 17:53 123 --a------ C:\WINDOWS\wininit.ini
2008-05-24 08:18 . 2008-05-24 08:21 <REP> d--hs---- C:\Documents and Settings\chef\!
2008-05-24 08:17 . 2008-05-29 09:18 <REP> d-------- C:\WINDOWS\system32\vntiho05
2008-05-16 17:04 . 2008-05-27 16:36 <REP> d-------- C:\Program Files\LimeWire
2008-05-16 17:04 . 2008-05-27 16:27 <REP> d-------- C:\Documents and Settings\chef\Application Data\LimeWire
2008-05-16 13:57 . 2008-06-11 17:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 13:57 . 2008-05-16 13:57 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 07:38 --------- d-----w C:\Documents and Settings\chef\Application Data\AVG7
2008-06-15 03:32 --------- d-----w C:\Program Files\eMule
2008-06-13 15:02 --------- d-----w C:\Program Files\EA GAMES
2008-06-12 20:56 --------- d-----w C:\Program Files\VisualTaskTips
2008-06-09 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-04 08:22 --------- d-----w C:\Documents and Settings\chef\Application Data\AdobeUM
2008-06-03 11:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 11:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 07:55 --------- d-----w C:\Program Files\SuperMarioPac
2008-05-23 15:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-23 15:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-18 13:07 --------- d-----w C:\Program Files\VirtualDJ
2008-05-16 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 16:56 --------- d-----w C:\Program Files\Java
2008-05-09 16:53 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 10:28 --------- d-----w C:\Program Files\Windows Live
2008-05-02 10:28 --------- d-----w C:\Program Files\Fake Webcam
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-02 17:02 22,328 ----a-w C:\Documents and Settings\chef\Application Data\PnkBstrK.sys
2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-14_17.06.21.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 14:59:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 07:48:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [ ]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-11-13 14:07 1289000]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:47 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-05 00:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-19 21:38 219136]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2007-07-07 15:02:00 626176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VP40"= vp4vfw.dll
"vidc.ffds"= ffdshow.ax
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahm30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ovc41.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"<NO NAME>"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\chef\\Mes documents\\Jeux\\mini jeux\\Volley\\volley.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\EA GAMES\\NFS Underground\\Speed.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2000-02-22 16:46]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
S0 Ahm30;Ahm30;C:\WINDOWS\system32\Drivers\Ahm30.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcfbf0e4-d006-11dc-96f4-0015f237590f}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-22 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 12:56:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
Temps d'accomplissement: 2008-06-15 12:59:24
ComboFix-quarantined-files.txt 2008-06-15 10:58:22
ComboFix2.txt 2008-06-14 15:06:36
Pre-Run: 76,965,199,872 octets libres
Post-Run: 76,954,320,896 octets libres
175 --- E O F --- 2008-06-11 08:48:16
Logfile of HijackThis v1.99.1
Scan saved at 13:05:58, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\chef\Mes documents\Débarra\logiciels\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3815331382
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD39/ [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6004ECB-7DA1-4550-9979-4634711A9F2F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A14A7A-0C27-4571-A1E0-AB61CD85964D}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
voila tous
Encore des soucis ?
Répondre à Angeldark
Ba écoute c'est vrai que je n'ai plus de pubs et je peux aller ou je veux sur le net!! mais je saurais que demain si mon pc redemarre encore tout seul ou pas!! mais merci deja!!
Message édité par de_beuze le 15-06-2008 à 20:54:24
No problem 
Répondre à Angeldark
Voila je viens de verifier et il ne redemarre plus tout seul! Tout est redevenu comme avant merci!!!!
Bon surf
Répondre à Angeldark
Voila je suis desolé mais mon pc se remet a redémarrer tout seul toujours a la meme heure qu'avant!! Cela fait 3 jours que sa a repris!
Message édité par de_beuze le 25-06-2008 à 13:43:10
Reposte un rapport Hijackthis.
Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.
Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
Répondre à Angeldark
voila le rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 14:34:08, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\chef\Mes documents\Débarra\logiciels\Proteger pc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3815331382
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD39/ [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6004ECB-7DA1-4550-9979-4634711A9F2F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A14A7A-0C27-4571-A1E0-AB61CD85964D}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Gmer m'as dit qu'il n'a rien trouver!!!!
Ce problème n'est pas lié à une infection pour moi.
Répondre à Angeldark
ok ba merci quand meme alors!!
Tu devrais voir dans la section Hardware.
Répondre à Angeldark
Il y a 1875 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
Par Sham_Rock il y a 23 jours :
