Se connecter / S'enregistrer
Votre question

help PC very infecté

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Décembre 2008 21:57:44

quelqu'un pourrait il m'aidé j'ai des virus dans mon PC, j'ai PC cilin comme antivirus et il me dit qu'il detecte TROJ_VUNDO , CFTMON ,WORM SPYBOT et qu'il ne peut ni supprimé ni mettre en quarantaine.

Je nesuis pas trés forte en informatique (mais je suis pas nulle)
S.O.S

Autres pages sur : help very infecta

1 Décembre 2008 22:33:08

En attendant ,j'ai lu d'autre sujet et j'ai vu que j'allais surement avoir besoin de hijackthis et combofix. je les ai telecharger et j'ai lancè combofix puis j'ai lançé hijackthis voila les rapport:
COMBOFIX


ComboFix 08-12-01.01 - HP_Administrateur 2008-12-01 22:15:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.432 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\Recycled
c:\windows\csrss.exe
c:\windows\system32\cfx32.ocx
c:\windows\system32\kazaabackupfiles
c:\windows\System32csrss.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.

2008-12-01 20:59 . 2008-12-01 22:11 <REP> d-------- C:\Hijackthis
2008-11-30 22:34 . 2008-11-30 22:34 <REP> d-------- c:\program files\K-Lite Codec Pack
2008-11-30 22:34 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-11-30 18:37 . 2008-11-30 18:38 <REP> d-------- c:\program files\CCleaner
2008-11-30 17:32 . 2008-11-30 17:32 2,972,736 --a------ c:\program files\ccsetup214.exe
2008-11-30 01:34 . 2008-11-30 01:34 <REP> d-------- c:\program files\FileZilla FTP Client
2008-11-30 01:20 . 2008-11-30 01:20 3,705,812 --a------ c:\program files\FileZilla_3.1.5.1_win32-setup.exe
2008-11-30 01:01 . 2008-11-30 01:01 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-30 01:01 . 2008-11-30 01:01 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-30 01:01 . 2008-11-30 01:01 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-30 01:01 . 2008-11-30 01:01 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-28 20:25 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-28 20:25 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-11-28 20:25 . 2008-04-13 20:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-28 20:25 . 2008-04-13 20:45 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2008-11-27 21:53 . 2008-11-27 21:53 <REP> d-------- c:\windows\ASTULogTemp
2008-11-27 21:53 . 2008-11-27 21:53 166,244 --a------ c:\windows\system32\ASTULog.cab
2008-11-27 21:53 . 2008-11-27 21:53 1,056 --a------ c:\windows\system32\setup.inf
2008-11-27 21:53 . 2008-11-27 21:53 283 --a------ c:\windows\system32\setup.rpt
2008-11-27 16:12 . 2008-11-27 16:12 39,936 --a------ c:\windows\system32\hgGxUNDS.dll
2008-11-26 20:46 . 2008-11-26 20:57 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\FTPRush
2008-11-26 20:44 . 2008-11-26 20:44 5,041,432 --a------ c:\program files\ftprush.exe
2008-11-21 00:14 . 2008-11-04 10:11 <REP> d-------- c:\program files\__MACOSX
2008-11-14 00:11 . 2008-11-14 00:11 <REP> d-------- c:\documents and settings\All Users\Application Data\LookMyPC
2008-11-12 18:27 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 21:00 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 19:49 --------- d-----w c:\program files\Trend Micro
2008-12-01 01:04 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\FileZilla
2008-11-30 20:19 --------- d-----w c:\program files\eMule
2008-11-30 16:37 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-30 00:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 21:46 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\dvdcss
2008-11-04 09:10 41,390 ----a-w c:\program files\player.swf
2008-10-20 13:38 6,880 ----a-w c:\program files\swfobject.js
2008-10-17 21:20 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\vlc
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-13 18:16 --------- d-----w c:\program files\AutoCAD LT 2000
2008-10-12 19:19 --------- d-----w c:\program files\AutoCAD 2006
2008-10-12 18:23 --------- d-----w c:\program files\baah
2008-10-09 21:51 --------- d-----w c:\program files\AutoCAD LT 2000croquis
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-06-13 18:39 3,309,160 ----a-w c:\program files\eMule0.49a-Installer1.exe
2008-04-14 14:46 6,116,304 ----a-w c:\program files\Firefox Setup 2.0.0.13.exe
2008-04-04 14:27 19,302,904 ----a-w c:\program files\VeohSetup-3.9.1.1165.exe
2006-09-22 11:41 0 ------w c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2006-09-16 16:08 251 ----a-w c:\program files\wt3d.ini
2005-12-27 07:21 7,477,561 ----a-w c:\program files\setup_all.exe
2002-07-15 20:25 18,047 ------w c:\documents and settings\HP_Administrateur\Crack_nero5590_by_BArt.exe
2008-07-22 11:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072220080723\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-11-27 16:12 39936 --a------ c:\windows\system32\hgGxUNDS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-04-03 901185]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-01 27136]

c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-01 27136]

c:\documents and settings\Invit‚.WLAN\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-01 27136]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-01 27136]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\hgGxUNDS.dll" [2008-11-27 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGxUNDS]
2008-11-27 16:12 39936 c:\windows\system32\hgGxUNDS.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Microsoft Librarys Server REG_SZ c:\windows\system32csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SuperCopier\\SuperCopier.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-01-01 2799488]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-02-02 194304]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\DRIVERS\wn5301.sys [2005-01-01 468768]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\DRIVERS\wn5401.sys [2005-01-01 449920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{436fe2b4-f67d-11db-90f1-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9c474c3-c154-11dc-adb1-f9b1550134d4}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Microsoft Librarys Server - c:\windows\system32csrss.exe
HKCU-RunServices-Microsoft Librarys Server - c:\windows\system32csrss.exe
HKLM-Run-Microsoft Librarys Server - c:\windows\system32csrss.exe
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-NWEReboot - (no file)
HKLM-RunServices-Microsoft Librarys Server - c:\windows\system32csrss.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\6zoay4vp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 22:17:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Librarys Server = c:\windows\system32csrss.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Librarys Server = c:\windows\system32csrss.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Librarys Server = c:\windows\system32csrss.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Librarys Server = c:\windows\system32csrss.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\hgGxUNDS.dll
.
Heure de fin: 2008-12-01 22:19:37
ComboFix-quarantined-files.txt 2008-12-01 21:19:29

Avant-CF: 25 372 102 656 octets libres
Après-CF: 25,362,616,320 octets libres

231 --- E O F --- 2008-11-13 00:07:31


----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------
puis celui de hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:17, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/fileassoc.asp?LangID...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\windows\system32\hgGxUNDS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Barre d'outils du menu Anti-fraude de Trend Micro - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Librarys Server] C:\windows\system32csrss.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\RunServices: [Microsoft Librarys Server] C:\windows\system32csrss.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Librarys Server] C:\windows\system32csrss.exe
O4 - HKCU\..\RunServices: [Microsoft Librarys Server] C:\windows\system32csrss.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} (NOXLATE) - file://C:\Program Files\AutoCAD LT 2000\InstFred.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormPr...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Contrôle d'AcDcToday) - file://C:\Program Files\AutoCAD LT 2000\AcDcToday.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD LT 2000\AcPreview.ocx
O20 - Winlogon Notify: hgGxUNDS - C:\windows\SYSTEM32\hgGxUNDS.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10425 bytes
2 Décembre 2008 22:08:44

c'est bon j'ai réglé le problème (je pense ) en piochant des infos à droite à gauche( un coup de combofix , un coup de smitfraudfix, MBAM,vundofixvirtumundobegone et 2 ou 3 autre dont je me souvient plus et c'est réglé). Je tiens à me remercier tout particulièrement de toute l'aide que je me suis apporter sans laquelle je ne m'en serait pas sortie.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS