Aller au contenu

wanghoc

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par wanghoc

  1. wanghoc
    Merci pour tous ces bons conseils qui m'ont permis de régler le problème et de faire un nettoyage du PC. Ca fait plaisir d'avoir affaire avec des gens compétents et très réactifs. Au plaisir... WangHoc
  2. wanghoc
    Bonjour Pear, et merci pour tous ces bons conseils très avisés. Je réponds seulement ce matin car l'analyse par Kaspezrsky a duré une bonne partie de la nuit... mais la bonne nouvelle, c'est qu'il n'a rien trouvé. Quant au rapport Combofix, ca reste toujours du chinois pour moi, mais je le joins comme prévu à cette réponse. ComboFix 10-01-12.02 - Hugues 13/01/2010 19:27:44.3.4 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1747 [GMT 1:00] Lancé depuis: c:\users\Hugues\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Hugues\Desktop\CFScript.txt SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\Gameztar Toolbar" "c:\programdata\{DF8B7D22-CFEA-4F9C-BA2C-2865C5C0BF6B}" "c:\windows\system32\drivers\lvuvc.hs" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\lvuvc.hs . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-13 au 2010-01-13 )))))))))))))))))))))))))))))))))))) . 2010-01-13 18:31 . 2010-01-13 18:33 -------- d-----w- c:\users\Hugues\AppData\Local\temp 2010-01-13 18:31 . 2010-01-13 18:31 -------- d-----w- c:\users\test\AppData\Local\temp 2010-01-13 18:31 . 2010-01-13 18:31 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-01-13 18:31 . 2010-01-13 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-13 18:31 . 2010-01-13 18:31 -------- d-----w- c:\users\a\AppData\Local\temp 2010-01-13 06:22 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 06:22 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-11 18:15 . 2010-01-11 18:15 -------- d-----w- c:\users\Hugues\AppData\Roaming\Malwarebytes 2010-01-11 18:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-11 18:15 . 2010-01-11 18:15 -------- d-----w- c:\programdata\Malwarebytes 2010-01-11 18:15 . 2010-01-11 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-11 18:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-11 17:53 . 2010-01-11 18:06 -------- d-----w- C:\tdsskiller 2010-01-09 15:18 . 2010-01-09 15:18 -------- d-----w- C:\VundoFix Backups 2010-01-08 16:52 . 2010-01-08 16:52 -------- d-----w- c:\users\Hugues\AppData\Roaming\Uniblue 2010-01-05 20:40 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2010-01-05 20:40 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2010-01-05 20:40 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2010-01-05 20:40 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2010-01-05 20:40 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2010-01-05 20:40 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2010-01-05 20:40 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2010-01-05 20:40 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2010-01-05 20:40 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2010-01-05 20:40 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-12-22 15:34 . 2009-12-22 14:55 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-12-22 14:54 . 2009-12-23 13:19 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-12-22 14:54 . 2009-12-23 13:19 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-12-22 14:54 . 2009-12-23 13:19 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-12-22 14:54 . 2009-12-23 13:19 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-12-22 14:54 . 2009-12-23 13:19 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-12-22 14:48 . 2009-12-22 14:48 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-22 14:48 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-12-22 14:48 . 2009-12-22 14:55 -------- d-----w- c:\programdata\Lavasoft 2009-12-22 14:48 . 2009-12-22 14:48 -------- d-----w- c:\program files\Lavasoft 2009-12-15 21:14 . 2009-12-15 02:21 3035703 -c----w- c:\programdata\{DF8B7D22-CFEA-4F9C-BA2C-2865C5C0BF6B}\Setup.exe 2009-12-15 21:14 . 2009-12-15 21:33 -------- d-----w- c:\program files\Gameztar Toolbar 2009-12-15 21:14 . 2009-12-15 21:33 -------- dc-h--w- c:\programdata\{DF8B7D22-CFEA-4F9C-BA2C-2865C5C0BF6B} . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-13 18:33 . 2009-07-17 14:45 48158 ----a-w- c:\programdata\nvModes.dat 2010-01-13 18:32 . 2008-12-20 02:09 -------- d-----w- c:\programdata\NVIDIA 2010-01-13 18:30 . 2008-01-21 08:40 713304 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-13 18:30 . 2008-01-21 08:40 143336 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-13 18:16 . 2009-04-21 17:56 -------- d-----w- c:\programdata\Microsoft Help 2010-01-13 18:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-12 21:53 . 2009-07-13 18:05 -------- d-----w- c:\users\Hugues\AppData\Roaming\vlc 2010-01-12 21:12 . 2009-01-15 18:38 -------- d-----w- c:\users\Hugues\AppData\Roaming\dvdcss 2010-01-11 18:01 . 2007-08-09 17:12 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys 2010-01-09 13:36 . 2009-01-10 12:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-01-07 14:55 . 2009-12-22 14:55 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll 2010-01-05 20:39 . 2009-01-11 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-04 06:36 . 2009-03-15 09:39 -------- d-----w- c:\program files\Common Files\Steam 2009-12-23 13:20 . 2009-12-22 14:55 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-12-23 13:20 . 2009-12-22 14:55 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-12-23 13:20 . 2009-12-22 14:55 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-12-23 13:20 . 2009-12-22 14:55 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll 2009-12-23 13:20 . 2009-12-22 14:55 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-12-23 13:20 . 2009-12-22 14:55 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2009-12-23 13:19 . 2009-12-22 14:55 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-12-22 17:01 . 2009-07-17 16:21 -------- d-----w- c:\program files\Yahoo! 2009-12-22 14:55 . 2009-12-22 14:55 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-12-22 14:55 . 2009-12-22 14:55 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-12-22 14:55 . 2009-12-22 14:55 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-12-22 14:55 . 2009-12-22 14:55 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-12-22 14:55 . 2009-12-22 14:55 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-12-22 13:09 . 2009-05-24 17:07 -------- d-----w- c:\program files\Everest Casino 2009-12-10 09:44 . 2009-07-30 17:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll 2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe 2009-11-24 15:15 . 2009-01-07 06:18 -------- d-----w- c:\program files\Microsoft 2009-11-24 15:15 . 2009-11-24 15:15 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-11-24 15:12 . 2009-03-06 14:09 86576 ----a-w- c:\users\Hugues\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2009-11-24 15:12 . 2009-03-06 14:09 392728 ----a-w- c:\users\Hugues\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll 2009-11-24 15:12 . 2009-03-06 14:09 132672 ----a-w- c:\users\Hugues\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2009-11-24 15:12 . 2009-11-24 15:12 0 ----a-r- c:\users\Hugues\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 2009-11-22 11:09 . 2009-11-15 09:00 -------- d-----w- c:\users\Hugues\AppData\Roaming\Crayon Physics Deluxe 2009-11-22 09:07 . 2009-11-22 09:07 -------- d-----w- c:\users\Hugues\AppData\Roaming\Megaupload 2009-11-21 06:40 . 2009-12-09 19:06 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 19:06 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-09 19:06 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-09 19:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-19 19:21 . 2009-01-10 19:38 -------- d-----w- c:\programdata\Media Center Programs 2009-11-19 19:21 . 2009-11-19 19:13 -------- d-----w- c:\program files\Common Files\BioWare 2009-11-18 02:16 . 2009-11-18 02:16 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-18 02:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-18 02:16 . 2009-11-18 02:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-18 02:16 . 2009-11-18 02:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-09 12:31 . 2009-12-09 21:33 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-11-09 12:30 . 2009-12-09 21:33 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-11-09 10:36 . 2009-12-09 21:33 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll 2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll 2009-11-02 19:42 . 2009-10-03 05:35 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 14:59 . 2009-07-08 18:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-10-29 14:48 . 2009-10-29 14:59 368640 ----a-w- c:\users\Hugues\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll 2009-10-29 09:17 . 2009-11-25 08:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-27 18:26 . 2009-02-25 19:39 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-27 18:26 . 2009-02-25 19:39 22328 ----a-w- c:\users\Hugues\AppData\Roaming\PnkBstrK.sys 2009-10-27 18:26 . 2009-02-25 19:39 22328 ----a-w- c:\users\Hugues\AppData\Roaming\PnkBstrK.sys 2009-10-27 18:25 . 2009-02-25 19:39 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-27 18:25 . 2009-02-25 19:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-10-27 18:25 . 2009-02-25 19:39 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2009-10-20 16:34 . 2009-03-08 19:17 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-10-20 16:34 . 2009-03-08 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="e:\ms money\System\mnyexpr.exe" [2003-06-18 204800] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-06-25 171448] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Adobe Reader Speed Launcher"="e:\adobe\Reader\Reader_sl.exe" [2008-06-12 34672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):f1,27,04,99,ed,4c,ca,01 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/12/2009 15:55 64288] R2 a2free;a-squared Free Service;e:\a-squared free\a2service.exe [22/12/2009 12:35 1858144] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/07/2009 18:36 108289] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1181328] R2 SBSDWSCService;SBSD Security Center Service;e:\spybot - search & destroy\SDWinSec.exe [10/01/2009 13:23 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 05:33 232960] R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [15/01/2009 09:15 15360] R3 PhilCap;Pinnacle PCTV service;c:\windows\System32\drivers\PhilCap.sys [17/07/2007 10:22 908832] R3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;c:\windows\System32\drivers\RTL85n86.sys [02/11/2006 11:25 311808] S2 gupdate1ca39d42f8b33be;Service Google Update (gupdate1ca39d42f8b33be);c:\program files\Google\Update\GoogleUpdate.exe [20/09/2009 10:24 133104] S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;e:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [19/11/2009 20:18 25832] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/10/2009 06:36 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864] S3 Ph6xIB32;Philips 716x PCIe TV Card;c:\windows\System32\drivers\Ph6xIB32.sys [02/11/2006 11:32 1031296] S3 SQTECH913D;913D Camera;c:\windows\System32\drivers\Capt913d.sys [11/01/2009 08:40 29522] --- Autres Services/Pilotes en mémoire --- *Deregistered* - pavboot [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 09:24] 2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 09:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ IE: E&xporter vers Microsoft Excel - e:\msoffi~1\Office12\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\users\Hugues\AppData\Roaming\Mozilla\Firefox\Profiles\8uyag35l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://google.fr/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA5&q= FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: e:\adobe\Reader\browser\nppdf32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-13 19:33 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1093667380-711141455-590860009-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:09,6f,60,fe,24,53,dd,b6,0b,7d,cf,2d,c7,1b,b5,6f,f8,b7,c1,88,d6,5f,91, b4,cc,d4,16,86,fa,62,43,94,2f,04,d6,71,ab,80,71,2c,2c,0d,d4,5e,19,0e,99,96,\ "??"=hex:f4,bc,e1,ea,94,b8,96,09,bb,f7,fa,bc,41,c3,b9,50 [HKEY_USERS\S-1-5-21-1093667380-711141455-590860009-1001\Software\SecuROM\License information*] "datasecu"=hex:e1,e2,2f,aa,50,8d,4b,48,0c,6c,5a,6f,7d,fb,8f,a4,c6,5d,8f,8e,7b, d4,6c,a9,05,a5,5b,a9,16,e3,f3,31,1a,3d,3d,b8,f3,af,bb,67,b5,a7,77,23,84,d7,\ "rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe e:\alcohol 52\StarWind\StarWindServiceAE.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Windows Live\Contacts\wlcomm.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2010-01-13 19:36:46 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-13 18:36 ComboFix2.txt 2010-01-13 18:07 ComboFix3.txt 2010-01-12 19:42 Avant-CF: 8 664 498 176 octets libres Après-CF: 8 502 358 016 octets libres - - End Of File - - 540C114510DE61D703AD06D11C09F010 WangHoc
  3. wanghoc
    Bonsoir, Super, ca fait plus de 24H00 que je n'ai plus d'alerte pour le virus Vundo.Gen !!! Voila le rapport Combofix... J'espère que ca vous parle parce que pour moi c'est du chinois ComboFix 10-01-12.02 - Hugues 12/01/2010 20:31:03.1.4 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1734 [GMT 1:00] Lancé depuis: c:\users\Hugues\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\users\Hugues\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk G:\install.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-12 au 2010-01-12 )))))))))))))))))))))))))))))))))))) . 2010-01-12 19:35 . 2010-01-12 19:38 -------- d-----w- c:\users\Hugues\AppData\Local\temp 2010-01-11 18:15 . 2010-01-11 18:15 -------- d-----w- c:\users\Hugues\AppData\Roaming\Malwarebytes 2010-01-11 18:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-11 18:15 . 2010-01-11 18:15 -------- d-----w- c:\programdata\Malwarebytes 2010-01-11 18:15 . 2010-01-11 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-11 18:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-11 17:53 . 2010-01-11 18:06 -------- d-----w- C:\tdsskiller 2010-01-09 15:18 . 2010-01-09 15:18 -------- d-----w- C:\VundoFix Backups 2010-01-08 16:52 . 2010-01-08 16:52 -------- d-----w- c:\users\Hugues\AppData\Roaming\Uniblue 2010-01-05 20:40 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2010-01-05 20:40 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2010-01-05 20:40 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2010-01-05 20:40 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2010-01-05 20:40 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2010-01-05 20:40 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2010-01-05 20:40 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2010-01-05 20:40 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2010-01-05 20:40 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2010-01-05 20:40 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-12-22 15:34 . 2009-12-22 14:55 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-12-22 14:54 . 2009-12-23 13:19 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-12-22 14:54 . 2009-12-23 13:19 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-12-22 14:54 . 2009-12-23 13:19 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-12-22 14:54 . 2009-12-23 13:19 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-12-22 14:54 . 2009-12-23 13:19 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-12-22 14:48 . 2009-12-22 14:48 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-22 14:48 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-12-22 14:48 . 2009-12-22 14:55 -------- d-----w- c:\programdata\Lavasoft 2009-12-22 14:48 . 2009-12-22 14:48 -------- d-----w- c:\program files\Lavasoft 2009-12-15 21:14 . 2009-12-15 02:21 3035703 -c----w- c:\programdata\{DF8B7D22-CFEA-4F9C-BA2C-2865C5C0BF6B}\Setup.exe 2009-12-15 21:14 . 2009-12-15 21:33 -------- d-----w- c:\program files\Gameztar Toolbar 2009-12-15 21:14 . 2009-12-15 21:33 -------- dc-h--w- c:\programdata\{DF8B7D22-CFEA-4F9C-BA2C-2865C5C0BF6B} . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-12 19:37 . 2009-07-17 14:45 48158 ----a-w- c:\programdata\nvModes.dat 2010-01-12 19:36 . 2008-12-20 02:09 -------- d-----w- c:\programdata\NVIDIA 2010-01-12 19:36 . 2009-01-23 20:51 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-01-12 19:34 . 2008-01-21 08:40 713304 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-12 19:34 . 2008-01-21 08:40 143336 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-11 21:22 . 2009-07-13 18:05 -------- d-----w- c:\users\Hugues\AppData\Roaming\vlc 2010-01-11 21:22 . 2009-01-15 18:38 -------- d-----w- c:\users\Hugues\AppData\Roaming\dvdcss 2010-01-11 18:01 . 2007-08-09 17:12 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys 2010-01-09 13:36 . 2009-01-10 12:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-01-07 14:55 . 2009-12-22 14:55 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll 2010-01-05 20:39 . 2009-01-11 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-04 06:36 . 2009-03-15 09:39 -------- d-----w- c:\program files\Common Files\Steam 2009-12-23 13:20 . 2009-12-22 14:55 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-12-23 13:20 . 2009-12-22 14:55 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-12-23 13:20 . 2009-12-22 14:55 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-12-23 13:20 . 2009-12-22 14:55 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll 2009-12-23 13:20 . 2009-12-22 14:55 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-12-23 13:20 . 2009-12-22 14:55 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2009-12-23 13:19 . 2009-12-22 14:55 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-12-22 17:01 . 2009-07-17 16:21 -------- d-----w- c:\program files\Yahoo! 2009-12-22 14:55 . 2009-12-22 14:55 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-12-22 14:55 . 2009-12-22 14:55 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-12-22 14:55 . 2009-12-22 14:55 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-12-22 14:55 . 2009-12-22 14:55 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-12-22 14:55 . 2009-12-22 14:55 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-12-22 13:09 . 2009-05-24 17:07 -------- d-----w- c:\program files\Everest Casino 2009-12-10 09:44 . 2009-07-30 17:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-10 05:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-09 21:34 . 2009-04-21 17:56 -------- d-----w- c:\programdata\Microsoft Help 2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll 2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe 2009-11-24 15:15 . 2009-01-07 06:18 -------- d-----w- c:\program files\Microsoft 2009-11-24 15:15 . 2009-11-24 15:15 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-11-24 15:12 . 2009-03-06 14:09 86576 ----a-w- c:\users\Hugues\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2009-11-24 15:12 . 2009-03-06 14:09 392728 ----a-w- c:\users\Hugues\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll 2009-11-24 15:12 . 2009-03-06 14:09 132672 ----a-w- c:\users\Hugues\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2009-11-24 15:12 . 2009-11-24 15:12 0 ----a-r- c:\users\Hugues\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 2009-11-22 11:09 . 2009-11-15 09:00 -------- d-----w- c:\users\Hugues\AppData\Roaming\Crayon Physics Deluxe 2009-11-22 09:07 . 2009-11-22 09:07 -------- d-----w- c:\users\Hugues\AppData\Roaming\Megaupload 2009-11-21 06:40 . 2009-12-09 19:06 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 19:06 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-09 19:06 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-09 19:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-19 19:21 . 2009-01-10 19:38 -------- d-----w- c:\programdata\Media Center Programs 2009-11-19 19:21 . 2009-11-19 19:13 -------- d-----w- c:\program files\Common Files\BioWare 2009-11-18 02:16 . 2009-11-18 02:16 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-18 02:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-18 02:16 . 2009-11-18 02:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-18 02:16 . 2009-11-18 02:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-09 12:31 . 2009-12-09 21:33 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-11-09 12:30 . 2009-12-09 21:33 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-11-09 10:36 . 2009-12-09 21:33 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll 2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll 2009-11-02 19:42 . 2009-10-03 05:35 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 14:59 . 2009-07-08 18:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-10-29 14:48 . 2009-10-29 14:59 368640 ----a-w- c:\users\Hugues\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll 2009-10-29 09:17 . 2009-11-25 08:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-27 18:26 . 2009-02-25 19:39 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-10-27 18:26 . 2009-02-25 19:39 22328 ----a-w- c:\users\Hugues\AppData\Roaming\PnkBstrK.sys 2009-10-27 18:26 . 2009-02-25 19:39 22328 ----a-w- c:\users\Hugues\AppData\Roaming\PnkBstrK.sys 2009-10-27 18:25 . 2009-02-25 19:39 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-10-27 18:25 . 2009-02-25 19:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-10-27 18:25 . 2009-02-25 19:39 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2009-10-20 16:34 . 2009-03-08 19:17 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-10-20 16:34 . 2009-03-08 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="e:\ms money\System\mnyexpr.exe" [2003-06-18 204800] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "SpybotSD TeaTimer"="e:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Steam"="e:\steam\Steam.exe" [2009-10-24 1217808] "RGSC"="e:\games\GTA4\Rockstar Games Social Club\RGSCLauncher.exe" [2009-07-08 306088] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-06-25 171448] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Adobe Reader Speed Launcher"="e:\adobe\Reader\Reader_sl.exe" [2008-06-12 34672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):f1,27,04,99,ed,4c,ca,01 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/12/2009 15:55 64288] R2 a2free;a-squared Free Service;e:\a-squared free\a2service.exe [22/12/2009 12:35 1858144] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/07/2009 18:36 108289] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1181328] R2 SBSDWSCService;SBSD Security Center Service;e:\spybot - search & destroy\SDWinSec.exe [10/01/2009 13:23 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 05:33 232960] R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [15/01/2009 09:15 15360] R3 PhilCap;Pinnacle PCTV service;c:\windows\System32\drivers\PhilCap.sys [17/07/2007 10:22 908832] R3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;c:\windows\System32\drivers\RTL85n86.sys [02/11/2006 11:25 311808] S2 gupdate1ca39d42f8b33be;Service Google Update (gupdate1ca39d42f8b33be);c:\program files\Google\Update\GoogleUpdate.exe [20/09/2009 10:24 133104] S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;e:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [19/11/2009 20:18 25832] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/10/2009 06:36 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864] S3 Ph6xIB32;Philips 716x PCIe TV Card;c:\windows\System32\drivers\Ph6xIB32.sys [02/11/2006 11:32 1031296] S3 SQTECH913D;913D Camera;c:\windows\System32\drivers\Capt913d.sys [11/01/2009 08:40 29522] --- Autres Services/Pilotes en mémoire --- *Deregistered* - pavboot [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 09:24] 2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 09:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ IE: E&xporter vers Microsoft Excel - e:\msoffi~1\Office12\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\users\Hugues\AppData\Roaming\Mozilla\Firefox\Profiles\8uyag35l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://google.fr/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA5&q= FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: e:\adobe\Reader\browser\nppdf32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1093667380-711141455-590860009-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:09,6f,60,fe,24,53,dd,b6,0b,7d,cf,2d,c7,1b,b5,6f,f8,b7,c1,88,d6,5f,91, b4,cc,d4,16,86,fa,62,43,94,2f,04,d6,71,ab,80,71,2c,2c,0d,d4,5e,19,0e,99,96,\ "??"=hex:f4,bc,e1,ea,94,b8,96,09,bb,f7,fa,bc,41,c3,b9,50 [HKEY_USERS\S-1-5-21-1093667380-711141455-590860009-1001\Software\SecuROM\License information*] "datasecu"=hex:e1,e2,2f,aa,50,8d,4b,48,0c,6c,5a,6f,7d,fb,8f,a4,c6,5d,8f,8e,7b, d4,6c,a9,05,a5,5b,a9,16,e3,f3,31,1a,3d,3d,b8,f3,af,bb,67,b5,a7,77,23,84,d7,\ "rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe e:\alcohol 52\StarWind\StarWindServiceAE.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Windows Live\Contacts\wlcomm.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\logitech\logitech webcam software\lu\lulnchr.exe c:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe . ************************************************************************** . Heure de fin: 2010-01-12 20:42:28 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-12 19:42 Avant-CF: 8 735 072 256 octets libres Après-CF: 8 363 913 216 octets libres - - End Of File - - 23B45FE4E1EE943810AA20D9EE34AA36 WangHoc
  4. wanghoc
    Bonsoir, Merci pour votre réponse rapide, et excusez moi pour le délai de réponse très long...., mais j'ai eu un dur week end Vous trouverez ci-dessous les rapports tdsskiler et MBAM... En espérant que cela vous aide pour régler mon problème. 19:06:37:818 5448 TDSS rootkit removing tool 2.2.0 Jan 11 2010 08:45:19 19:06:37:818 5448 ================================================================================ 19:06:37:818 5448 SystemInfo: 19:06:37:818 5448 OS Version: 6.0.6002 ServicePack: 2.0 19:06:37:818 5448 Product type: Workstation 19:06:37:818 5448 ComputerName: HUGUES 19:06:37:818 5448 UserName: Hugues 19:06:37:818 5448 Windows directory: C:\Windows 19:06:37:818 5448 Processor architecture: Intel x86 19:06:37:818 5448 Number of processors: 4 19:06:37:819 5448 Page size: 0x1000 19:06:37:820 5448 Boot type: Normal boot 19:06:37:820 5448 ================================================================================ 19:06:37:823 5448 UnloadDriverW: NtUnloadDriver error 2 19:06:37:823 5448 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 19:06:37:837 5448 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 19:06:37:844 5448 UtilityInit: KLMD drop and load success 19:06:37:844 5448 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000) 19:06:37:845 5448 UtilityInit: KLMD open success 19:06:37:845 5448 UtilityInit: Initialize success 19:06:37:845 5448 19:06:37:845 5448 Scanning Services ... 19:06:37:845 5448 CreateRegParser: Registry parser init started 19:06:37:845 5448 CreateRegParser: DisableWow64Redirection error 19:06:37:845 5448 wfopen_ex: Trying to open file C:\Windows\system32\config\system 19:06:37:845 5448 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043 19:06:37:845 5448 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:06:37:845 5448 wfopen_ex: Trying to KLMD file open 19:06:37:845 5448 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system 19:06:37:845 5448 wfopen_ex: File opened ok (Flags 2) 19:06:37:851 5448 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 346F28 19:06:37:851 5448 wfopen_ex: Trying to open file C:\Windows\system32\config\software 19:06:37:851 5448 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043 19:06:37:851 5448 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:06:37:851 5448 wfopen_ex: Trying to KLMD file open 19:06:37:852 5448 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software 19:06:37:852 5448 wfopen_ex: File opened ok (Flags 2) 19:06:37:852 5448 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 346F50 19:06:37:852 5448 CreateRegParser: EnableWow64Redirection error 19:06:37:852 5448 CreateRegParser: RegParser init completed 19:06:38:202 5448 GetAdvancedServicesInfo: Raw services enum returned 440 services 19:06:38:206 5448 fclose_ex: Trying to close file C:\Windows\system32\config\system 19:06:38:207 5448 fclose_ex: Trying to close file C:\Windows\system32\config\software 19:06:38:207 5448 19:06:38:207 5448 Scanning Kernel memory ... 19:06:38:207 5448 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 19:06:38:207 5448 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8676B338 19:06:38:207 5448 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects 19:06:38:207 5448 19:06:38:207 5448 DetectCureTDL3: DEVICE_OBJECT: 86CA87C8 19:06:38:207 5448 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86CA87C8 19:06:38:207 5448 DetectCureTDL3: DEVICE_OBJECT: 85D35350 19:06:38:207 5448 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85D35350 19:06:38:207 5448 DetectCureTDL3: DEVICE_OBJECT: 858EC9E8 19:06:38:207 5448 KLMD_GetLowerDeviceObject: Trying to get lower device object for 858EC9E8 19:06:38:207 5448 KLMD_ReadMem: Trying to ReadMemory 0x858EC9E8[0x38] 19:06:38:207 5448 DetectCureTDL3: DRIVER_OBJECT: 8588B988 19:06:38:207 5448 KLMD_ReadMem: Trying to ReadMemory 0x8588B988[0xA8] 19:06:38:207 5448 KLMD_ReadMem: Trying to ReadMemory 0x85883600[0x20] 19:06:38:207 5448 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvstor32, Driver Name: nvstor32 19:06:38:207 5448 DetectCureTDL3: IrpHandler (0) addr: 8A54260A 19:06:38:208 5448 DetectCureTDL3: IrpHandler (1) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (2) addr: 8A542565 19:06:38:208 5448 DetectCureTDL3: IrpHandler (3) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (4) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (5) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (6) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (7) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler ( addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (9) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (10) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (11) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (12) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (13) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (14) addr: 8A5426CB 19:06:38:208 5448 DetectCureTDL3: IrpHandler (15) addr: 8A511EE3 19:06:38:208 5448 DetectCureTDL3: IrpHandler (16) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (17) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (18) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (19) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (20) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (21) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (22) addr: 8A51788F 19:06:38:208 5448 DetectCureTDL3: IrpHandler (23) addr: 8A5428FE 19:06:38:208 5448 DetectCureTDL3: IrpHandler (24) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (25) addr: 8223A9D2 19:06:38:208 5448 DetectCureTDL3: IrpHandler (26) addr: 8223A9D2 19:06:38:208 5448 TDL3_FileDetect: Processing driver: nvstor32 19:06:38:208 5448 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\nvstor32.sys 19:06:38:208 5448 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\nvstor32.sys 19:06:38:218 5448 TDL3_FileDetect: C:\Windows\system32\drivers\nvstor32.sys - Verdict: Clean 19:06:38:218 5448 19:06:38:218 5448 DetectCureTDL3: DEVICE_OBJECT: 8678A410 19:06:38:218 5448 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8678A410 19:06:38:218 5448 DetectCureTDL3: DEVICE_OBJECT: 85984A60 19:06:38:218 5448 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85984A60 19:06:38:218 5448 DetectCureTDL3: DEVICE_OBJECT: 85984C90 19:06:38:218 5448 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85984C90 19:06:38:218 5448 KLMD_ReadMem: Trying to ReadMemory 0x85984C90[0x38] 19:06:38:218 5448 DetectCureTDL3: DRIVER_OBJECT: 8588B988 19:06:38:218 5448 KLMD_ReadMem: Trying to ReadMemory 0x8588B988[0xA8] 19:06:38:219 5448 KLMD_ReadMem: Trying to ReadMemory 0x85883600[0x20] 19:06:38:219 5448 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvstor32, Driver Name: nvstor32 19:06:38:219 5448 DetectCureTDL3: IrpHandler (0) addr: 8A54260A 19:06:38:219 5448 DetectCureTDL3: IrpHandler (1) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (2) addr: 8A542565 19:06:38:219 5448 DetectCureTDL3: IrpHandler (3) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (4) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (5) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (6) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (7) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler ( addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (9) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (10) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (11) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (12) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (13) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (14) addr: 8A5426CB 19:06:38:219 5448 DetectCureTDL3: IrpHandler (15) addr: 8A511EE3 19:06:38:219 5448 DetectCureTDL3: IrpHandler (16) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (17) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (18) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (19) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (20) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (21) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (22) addr: 8A51788F 19:06:38:219 5448 DetectCureTDL3: IrpHandler (23) addr: 8A5428FE 19:06:38:219 5448 DetectCureTDL3: IrpHandler (24) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (25) addr: 8223A9D2 19:06:38:219 5448 DetectCureTDL3: IrpHandler (26) addr: 8223A9D2 19:06:38:219 5448 TDL3_FileDetect: Processing driver: nvstor32 19:06:38:219 5448 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\nvstor32.sys 19:06:38:219 5448 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\nvstor32.sys 19:06:38:221 5448 TDL3_FileDetect: C:\Windows\system32\drivers\nvstor32.sys - Verdict: Clean 19:06:38:221 5448 19:06:38:221 5448 Completed 19:06:38:221 5448 19:06:38:222 5448 Results: 19:06:38:222 5448 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 19:06:38:222 5448 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 19:06:38:222 5448 File objects infected / cured / cured on reboot: 0 / 0 / 0 19:06:38:223 5448 19:06:38:224 5448 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 19:06:38:224 5448 UtilityDeinit: KLMD(ARK) unloaded successfully Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3540 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 11/01/2010 19:59:47 mbam-log-2010-01-11 (19-59-47).txt Type de recherche: Examen complet (C:\|E:\|G:\|H:\|I:\|) Eléments examinés: 251192 Temps écoulé: 26 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 40 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 30 Fichier(s) infecté(s): 78 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260 (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080 (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\components (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810 (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\data (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290 (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960 (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\components (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully. C:\ProgramData\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\QuestService\questservice.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\QuestService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\ProgramData\QuestService\questservice111.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\lri.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\lri.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPApx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\lri.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\protectEXE20091215.log (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\config.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\data.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\LRI.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\searchPlugins\questservice111.xml (Adware.DoubleD) -> Quarantined and deleted successfully. WangHoc
  5. wanghoc
    Bonjour, Depuis plusieurs semaines, je suis infesté par le virus "Vundo.Gen" situé dans le fichier :"C:/Windows/System32/tdlcmd.dll" Je suis protégé par Avira Antivir Personnal. J'ai essayé de nombreux logiciels pour arriver à supprimer ce virus, mais sans résultats (Spybot, Ad-aware, a-square,Ccleaner). J'ai consulté un certain nombre de sujets dans le forum, mais vu la diversité des réponses, j'ai besoin d'avoir une aide personnalisée. Pouvez-vous m'aider ? WangHoc
  6. wanghoc
    Bonjour à tous, Voila, quand je lance Avast antivirus, j'ai un virus qui est detecté que je n'arrive pas à supprimer ou a mettre en quarantaine. J'ai déja fait scanné mon PC avec un antivirus en ligne et avec Spybot, mais sans résultat. Vous trouverez ci-dessous le rapport HijackThis que je viens tout juste de réaliser, mais je vous avoue que c'est un peu du chinois pour moi. Merci d'avance pour tous vos conseils avisés. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:06:03, on 10/01/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16764) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avast\ashDisp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\wsqmcons.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Program Files\Windows Mail\WinMail.exe E:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 4439 bytes WangHoc
×
×
  • Créer...