Gros problème de virus!

salut!

Je suis en train d'arranger l'ordinateur d'un ami et quelle ne fut pas ma surprise quand j,ai vu qu'il avait environ 57 virus. L'ordinateur est vraiment ralenti par tout ca!

J,ai essayé de scanné avec avira antivir mais ca m'occasionnait plus de problème qu,autre chose car il détectait des choses sans arret et souvent c'était toujours le meme fichier. J'ai quand meme pu y faire un scan avec hijackthis!

Si vous pouviez m,aider, ce serait apprécier! Merci!

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:38, on 2008-10-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\AV9\av2009.exe
C:\WINDOWS\system32\ieupdates.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\poste001\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbHostIE.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fiyyndys] C:\WINDOWS\system32\rnokobee.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\poste001\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [BMcb22cb9a] Rundll32.exe "C:\WINDOWS\system32\hrjdqpcn.dll",s
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKCU\..\Run: [62572370704134798103066155709577] C:\Program Files\AV9\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xmk788YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mi [...] 7807723312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7807711703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.219
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.219
O20 - AppInit_DLLs: ejkiul.dll frxnbd.dll
O22 - SharedTaskScheduler: flensburg - {d6ef030a-a235-41ba-9ead-89b6ff542f00} - C:\WINDOWS\system32\pluwue.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8915 bytes

Répondre à Canardshooter

Bonjour,

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

Télécharge ComboFix (sUBs) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici mon rapport Combofix!

ComboFix 08-11-05.02 - poste001 2008-11-06 0:31:15.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.609 [GMT -5:00]
Lancé depuis: c:\documents and settings\poste001\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\poste001\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
c:\windows\system32\dhdvyxic.dll
c:\windows\system32\fbmkpa.dll
c:\windows\system32\fgehqnsy.ini
c:\windows\system32\gukdco.dll
c:\windows\system32\hpqqqino.ini
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\ilTAdMoq.ini
c:\windows\system32\ilTAdMoq.ini2
c:\windows\system32\kreessvs.dll
c:\windows\system32\lnbfrigu.dll
c:\windows\system32\mjwpucjo.dll
c:\windows\system32\mnqlxxbr.ini
c:\windows\system32\oxrqpjax.dll
c:\windows\system32\pgbfmvou.exe
c:\windows\system32\qoMdATli.dll
c:\windows\system32\rskahe.dll
c:\windows\system32\spekzi.dll
c:\windows\system32\ubvmmbdl.dll
c:\windows\system32\uegyeq.dll
c:\windows\system32\ugirfbnl.ini
c:\windows\system32\uuakktgr.ini
c:\windows\system32\vltgubcr.dll
c:\windows\system32\xajpqrxo.ini
c:\windows\system32\yolyxy.dll
c:\windows\system32\ysfqfena.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-06 au 2008-11-06 ))))))))))))))))))))))))))))))))))))
.

2008-10-29 12:00 . 2008-10-29 12:04 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-10-27 22:35 . 2008-11-06 00:35 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-27 22:35 . 2008-10-27 22:35 1,409 --a------ c:\windows\QTFont.for
2008-10-13 13:05 . 2008-11-06 00:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-10-13 12:29 . 2008-10-13 12:29 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-13 12:29 . 2008-10-13 12:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-07 12:25 . 2008-10-12 15:35 102,194 --a------ c:\windows\system32\cont_dcads-remove.exe
2008-10-06 06:44 . 2008-10-06 06:44 363,520 --a------ c:\windows\system32\nsdC.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 05:36 80,666,912 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-06 05:36 1,193,504 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-06 05:33 388,460 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-06 05:33 1,091,708 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-10-29 17:16 --------- d-----w c:\program files\AV9
2008-10-13 17:29 --------- d-----w c:\program files\Lavasoft
2008-10-12 16:02 --------- d-----w c:\documents and settings\poste001\Application Data\VSO_HWE
2008-09-18 23:03 221,184 ----a-w c:\windows\system32\uftymavp.dll
2008-09-18 23:03 108,544 ----a-w c:\windows\system32\wvUNffCr.dll
2008-09-18 23:00 115,200 ----a-w c:\windows\system32\wajiskdw.dll
2008-09-18 23:00 115,200 ----a-w c:\windows\system32\qpxbww.dll
2008-09-18 22:57 95,744 ----a-w c:\windows\system32\isodaagb.dll
2008-09-18 22:55 95,744 ----a-w c:\windows\system32\wwvdpxxj.dll
2008-09-15 04:16 95,744 ----a-w c:\windows\system32\blaveboi.dll
2008-09-15 04:16 115,200 ----a-w c:\windows\system32\qifexvlg.dll
2008-09-15 04:16 115,200 ------w c:\windows\system32\ejkiul.dll
2008-08-31 23:40 104,960 ----a-w c:\windows\system32\oglqzc.dll
2008-08-31 23:40 104,960 ----a-w c:\windows\system32\cixuudik.dll
2008-08-31 23:31 95,744 ----a-w c:\windows\system32\jnvrfpuu.dll
2008-08-31 22:34 104,960 ----a-w c:\windows\system32\yvdaxc.dll
2008-08-31 22:34 104,960 ----a-w c:\windows\system32\miblgpqu.dll
2008-08-31 22:31 95,744 ----a-w c:\windows\system32\xawtkevc.dll
2008-08-29 01:10 114,688 ----a-w c:\windows\system32\ionfvmug.dll
2008-08-29 01:10 114,688 ----a-w c:\windows\system32\dzarya.dll
2008-08-29 01:04 95,744 ----a-w c:\windows\system32\wpsuvsyp.dll
2008-08-29 00:07 114,688 ----a-w c:\windows\system32\tbvvkq.dll
2008-08-29 00:07 114,688 ----a-w c:\windows\system32\mqnbghii.dll
2008-08-26 09:34 114,688 ----a-w c:\windows\system32\iedqkd.dll
2008-08-26 09:34 114,688 ----a-w c:\windows\system32\cedeewhf.dll
2008-08-16 21:12 115,200 ----a-w c:\windows\system32\txqcxa.dll
2008-08-16 21:12 115,200 ----a-w c:\windows\system32\mwndexwr.dll
2008-08-12 00:12 119,296 ----a-w c:\windows\system32\txetlu.dll
2008-08-12 00:12 119,296 ----a-w c:\windows\system32\khckdbuf.dll
2008-08-11 00:08 102,400 ----a-w c:\windows\system32\tgcjng.dll
2008-08-11 00:08 102,400 ----a-w c:\windows\system32\ithckdom.dll
2008-08-09 15:29 102,400 ----a-w c:\windows\system32\wywnqa.dll
2008-08-09 15:29 102,400 ----a-w c:\windows\system32\hqgummgk.dll
2008-08-08 15:19 101,888 ----a-w c:\windows\system32\xijemh.dll
2008-08-08 15:19 101,888 ----a-w c:\windows\system32\wvnkvdrj.dll
2008-08-08 15:17 93,696 ----a-w c:\windows\system32\nnloopba.dll
2008-08-07 13:46 93,184 ----a-w c:\windows\system32\swdjpkih.dll
2008-08-06 13:48 101,888 ----a-w c:\windows\system32\imepqgfo.dll
2008-08-06 13:48 101,888 ----a-w c:\windows\system32\dykwzg.dll
2008-08-06 13:43 93,184 ----a-w c:\windows\system32\odaywwxp.dll
2007-10-26 17:21 47,360 ----a-w c:\documents and settings\poste001\Application Data\pcouffin.sys
2007-05-28 22:46 87,608 ----a-w c:\documents and settings\poste001\Application Data\ezpinst.exe
2004-10-01 19:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-29_13.02.42.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:13:24 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 12:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2004-08-05 12:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
- 2008-02-20 05:35:05 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
- 2004-08-05 12:00:00 247,808 -c--a-w c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:06 247,808 -c--a-w c:\windows\system32\dllcache\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c--a-w c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
- 2008-02-20 05:35:05 148,992 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w c:\windows\system32\dnsapi.dll
- 2004-08-05 12:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2007-10-30 17:20:55 360,064 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2004-08-05 12:00:00 247,808 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:41:06 247,808 ----a-w c:\windows\system32\mswsock.dll
- 2008-04-27 12:24:19 64,314 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-06 05:20:32 64,314 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-27 12:24:19 78,346 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-06 05:20:32 78,346 ----a-w c:\windows\system32\perfc00C.dat
- 2008-04-27 12:24:19 408,792 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-06 05:20:32 408,792 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-27 12:24:19 476,620 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-06 05:20:32 476,620 ----a-w c:\windows\system32\perfh00C.dat
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 ------w c:\windows\system32\spmsg.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ac431a0-5459-a4ad-af73-0f9d17ad5133}]
2008-10-06 06:44 363520 --a------ c:\windows\system32\nsdC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2}]
2008-06-24 12:09 90624 --a------ c:\windows\system32\awtqoOHW.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2007-07-13 598656]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"kis"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 139367]
"c811f806"="c:\windows\system32\oxrqpjax.dll" [BU]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\HDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2}"= "c:\windows\system32\awtqoOHW.dll" [2008-06-24 90624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqoOHW]
2008-06-24 12:09 90624 c:\windows\system32\awtqoOHW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ejkiul.dll frxnbd.dll spekzi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-06-01 24971]
.
Contenu du dossier 'Tâches planifiées'

2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-06 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{7960b23e-83fe-4dfd-87a1-bfe3d8f6e2a5} - c:\windows\system32\spekzi.dll
BHO-{B4156948-BDBD-47B2-B443-5B2DD0745EEC} - c:\windows\system32\qoMdATli.dll
MSConfigStartUp-62572370704134798103066155709577 - c:\program files\AV9\av2009.exe

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.nhl.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
O8 -: &Search - http://edits.mywebsearch.com/toolb [...] xmk788YYCA
O8 -: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 00:35:28
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\awtqoOHW.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-11-06 0:39:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-06 05:39:22
ComboFix2.txt 2008-10-29 17:05:48

Avant-CF: 45 616 488 448 octets libres
Après-CF: 45,563,113,472 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

273 --- E O F --- 2008-06-21 13:44:19

Message édité par Canardshooter le 06-11-2008 à 06:45:25

Répondre à Canardshooter

Bon suite a ce scan de combo fix, l,ordinateur va BEAUCOUP mieux! cependant, j,ai encore des gros problèmes de pop ups quand j'ouvre internet explorer...:S Que faire d'autre!

Merci de votre aide, c'est tellement apprécié!

Répondre à Canardshooter

allo?

Répondre à Canardshooter

est-ce que qqn saurait m'aider?

Répondre à Canardshooter

Forum Sécurité - Virus : Gros problème de virus!

Attention