Se connecter / S'enregistrer
Votre question

Gros problème de virus!

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Octobre 2008 15:27:15

salut!

Je suis en train d'arranger l'ordinateur d'un ami et quelle ne fut pas ma surprise quand j,ai vu qu'il avait environ 57 virus. L'ordinateur est vraiment ralenti par tout ca!

J,ai essayé de scanné avec avira antivir mais ca m'occasionnait plus de problème qu,autre chose car il détectait des choses sans arret et souvent c'était toujours le meme fichier. J'ai quand meme pu y faire un scan avec hijackthis!

Si vous pouviez m,aider, ce serait apprécier! Merci!

Autres pages sur : gros probleme virus

28 Octobre 2008 15:28:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:38, on 2008-10-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\AV9\av2009.exe
C:\WINDOWS\system32\ieupdates.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\poste001\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nhl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbHostIE.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fiyyndys] C:\WINDOWS\system32\rnokobee.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\poste001\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [BMcb22cb9a] Rundll32.exe "C:\WINDOWS\system32\hrjdqpcn.dll",s
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKCU\..\Run: [62572370704134798103066155709577] C:\Program Files\AV9\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.219
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.123 85.255.112.219
O20 - AppInit_DLLs: ejkiul.dll frxnbd.dll
O22 - SharedTaskScheduler: flensburg - {d6ef030a-a235-41ba-9ead-89b6ff542f00} - C:\WINDOWS\system32\pluwue.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8915 bytes
a b 8 Sécurité
28 Octobre 2008 16:50:42

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Contenus similaires
    6 Novembre 2008 06:23:38

    Voici mon rapport Combofix!

    ComboFix 08-11-05.02 - poste001 2008-11-06 0:31:15.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.609 [GMT -5:00]
    Lancé depuis: c:\documents and settings\poste001\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\poste001\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
    c:\windows\system32\dhdvyxic.dll
    c:\windows\system32\fbmkpa.dll
    c:\windows\system32\fgehqnsy.ini
    c:\windows\system32\gukdco.dll
    c:\windows\system32\hpqqqino.ini
    c:\windows\system32\ieupdates.exe.tmp
    c:\windows\system32\ilTAdMoq.ini
    c:\windows\system32\ilTAdMoq.ini2
    c:\windows\system32\kreessvs.dll
    c:\windows\system32\lnbfrigu.dll
    c:\windows\system32\mjwpucjo.dll
    c:\windows\system32\mnqlxxbr.ini
    c:\windows\system32\oxrqpjax.dll
    c:\windows\system32\pgbfmvou.exe
    c:\windows\system32\qoMdATli.dll
    c:\windows\system32\rskahe.dll
    c:\windows\system32\spekzi.dll
    c:\windows\system32\ubvmmbdl.dll
    c:\windows\system32\uegyeq.dll
    c:\windows\system32\ugirfbnl.ini
    c:\windows\system32\uuakktgr.ini
    c:\windows\system32\vltgubcr.dll
    c:\windows\system32\xajpqrxo.ini
    c:\windows\system32\yolyxy.dll
    c:\windows\system32\ysfqfena.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-06 au 2008-11-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-29 12:00 . 2008-10-29 12:04 <REP> d-------- c:\windows\system32\CatRoot_bak
    2008-10-27 22:35 . 2008-11-06 00:35 54,156 --ah----- c:\windows\QTFont.qfn
    2008-10-27 22:35 . 2008-10-27 22:35 1,409 --a------ c:\windows\QTFont.for
    2008-10-13 13:05 . 2008-11-06 00:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-10-13 12:29 . 2008-10-13 12:29 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-10-13 12:29 . 2008-10-13 12:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2008-10-07 12:25 . 2008-10-12 15:35 102,194 --a------ c:\windows\system32\cont_dcads-remove.exe
    2008-10-06 06:44 . 2008-10-06 06:44 363,520 --a------ c:\windows\system32\nsdC.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-06 05:36 80,666,912 --sha-w c:\windows\system32\drivers\fidbox.dat
    2008-11-06 05:36 1,193,504 --sha-w c:\windows\system32\drivers\fidbox2.dat
    2008-11-06 05:33 388,460 --sha-w c:\windows\system32\drivers\fidbox2.idx
    2008-11-06 05:33 1,091,708 --sha-w c:\windows\system32\drivers\fidbox.idx
    2008-10-29 17:16 --------- d-----w c:\program files\AV9
    2008-10-13 17:29 --------- d-----w c:\program files\Lavasoft
    2008-10-12 16:02 --------- d-----w c:\documents and settings\poste001\Application Data\VSO_HWE
    2008-09-18 23:03 221,184 ----a-w c:\windows\system32\uftymavp.dll
    2008-09-18 23:03 108,544 ----a-w c:\windows\system32\wvUNffCr.dll
    2008-09-18 23:00 115,200 ----a-w c:\windows\system32\wajiskdw.dll
    2008-09-18 23:00 115,200 ----a-w c:\windows\system32\qpxbww.dll
    2008-09-18 22:57 95,744 ----a-w c:\windows\system32\isodaagb.dll
    2008-09-18 22:55 95,744 ----a-w c:\windows\system32\wwvdpxxj.dll
    2008-09-15 04:16 95,744 ----a-w c:\windows\system32\blaveboi.dll
    2008-09-15 04:16 115,200 ----a-w c:\windows\system32\qifexvlg.dll
    2008-09-15 04:16 115,200 ------w c:\windows\system32\ejkiul.dll
    2008-08-31 23:40 104,960 ----a-w c:\windows\system32\oglqzc.dll
    2008-08-31 23:40 104,960 ----a-w c:\windows\system32\cixuudik.dll
    2008-08-31 23:31 95,744 ----a-w c:\windows\system32\jnvrfpuu.dll
    2008-08-31 22:34 104,960 ----a-w c:\windows\system32\yvdaxc.dll
    2008-08-31 22:34 104,960 ----a-w c:\windows\system32\miblgpqu.dll
    2008-08-31 22:31 95,744 ----a-w c:\windows\system32\xawtkevc.dll
    2008-08-29 01:10 114,688 ----a-w c:\windows\system32\ionfvmug.dll
    2008-08-29 01:10 114,688 ----a-w c:\windows\system32\dzarya.dll
    2008-08-29 01:04 95,744 ----a-w c:\windows\system32\wpsuvsyp.dll
    2008-08-29 00:07 114,688 ----a-w c:\windows\system32\tbvvkq.dll
    2008-08-29 00:07 114,688 ----a-w c:\windows\system32\mqnbghii.dll
    2008-08-26 09:34 114,688 ----a-w c:\windows\system32\iedqkd.dll
    2008-08-26 09:34 114,688 ----a-w c:\windows\system32\cedeewhf.dll
    2008-08-16 21:12 115,200 ----a-w c:\windows\system32\txqcxa.dll
    2008-08-16 21:12 115,200 ----a-w c:\windows\system32\mwndexwr.dll
    2008-08-12 00:12 119,296 ----a-w c:\windows\system32\txetlu.dll
    2008-08-12 00:12 119,296 ----a-w c:\windows\system32\khckdbuf.dll
    2008-08-11 00:08 102,400 ----a-w c:\windows\system32\tgcjng.dll
    2008-08-11 00:08 102,400 ----a-w c:\windows\system32\ithckdom.dll
    2008-08-09 15:29 102,400 ----a-w c:\windows\system32\wywnqa.dll
    2008-08-09 15:29 102,400 ----a-w c:\windows\system32\hqgummgk.dll
    2008-08-08 15:19 101,888 ----a-w c:\windows\system32\xijemh.dll
    2008-08-08 15:19 101,888 ----a-w c:\windows\system32\wvnkvdrj.dll
    2008-08-08 15:17 93,696 ----a-w c:\windows\system32\nnloopba.dll
    2008-08-07 13:46 93,184 ----a-w c:\windows\system32\swdjpkih.dll
    2008-08-06 13:48 101,888 ----a-w c:\windows\system32\imepqgfo.dll
    2008-08-06 13:48 101,888 ----a-w c:\windows\system32\dykwzg.dll
    2008-08-06 13:43 93,184 ----a-w c:\windows\system32\odaywwxp.dll
    2007-10-26 17:21 47,360 ----a-w c:\documents and settings\poste001\Application Data\pcouffin.sys
    2007-05-28 22:46 87,608 ----a-w c:\documents and settings\poste001\Application Data\ezpinst.exe
    2004-10-01 19:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-29_13.02.42.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-08-16 12:13:24 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:37:01 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:37:01 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
    + 2008-06-20 17:47:22 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
    + 2008-06-20 17:47:22 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    + 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    + 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
    + 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:44:02 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:44:02 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
    - 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
    + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
    - 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
    + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
    - 2000-08-31 12:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
    + 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
    - 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
    + 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
    - 2004-08-05 12:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys
    + 2008-06-20 10:44:38 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
    - 2008-02-20 05:35:05 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
    - 2004-08-05 12:00:00 247,808 -c--a-w c:\windows\system32\dllcache\mswsock.dll
    + 2008-06-20 17:41:06 247,808 -c--a-w c:\windows\system32\dllcache\mswsock.dll
    - 2007-10-30 17:20:55 360,064 -c--a-w c:\windows\system32\dllcache\tcpip.sys
    + 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys
    - 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
    - 2008-02-20 05:35:05 148,992 ----a-w c:\windows\system32\dnsapi.dll
    + 2008-06-20 17:41:06 148,992 ----a-w c:\windows\system32\dnsapi.dll
    - 2004-08-05 12:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys
    + 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
    - 2007-10-30 17:20:55 360,064 ----a-w c:\windows\system32\drivers\tcpip.sys
    + 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
    - 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
    - 2004-08-05 12:00:00 247,808 ----a-w c:\windows\system32\mswsock.dll
    + 2008-06-20 17:41:06 247,808 ----a-w c:\windows\system32\mswsock.dll
    - 2008-04-27 12:24:19 64,314 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-06 05:20:32 64,314 ----a-w c:\windows\system32\perfc009.dat
    - 2008-04-27 12:24:19 78,346 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-11-06 05:20:32 78,346 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-04-27 12:24:19 408,792 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-06 05:20:32 408,792 ----a-w c:\windows\system32\perfh009.dat
    - 2008-04-27 12:24:19 476,620 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-11-06 05:20:32 476,620 ----a-w c:\windows\system32\perfh00C.dat
    - 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
    + 2007-11-30 12:39:29 18,296 ------w c:\windows\system32\spmsg.dll
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ac431a0-5459-a4ad-af73-0f9d17ad5133}]
    2008-10-06 06:44 363520 --a------ c:\windows\system32\nsdC.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2}]
    2008-06-24 12:09 90624 --a------ c:\windows\system32\awtqoOHW.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2007-07-13 598656]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
    "kis"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 139367]
    "c811f806"="c:\windows\system32\oxrqpjax.dll" [BU]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\HDAudPropShortcut.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2}"= "c:\windows\system32\awtqoOHW.dll" [2008-06-24 90624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqoOHW]
    2008-06-24 12:09 90624 c:\windows\system32\awtqoOHW.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=ejkiul.dll frxnbd.dll spekzi.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    R0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-06-01 24971]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-11-06 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{7960b23e-83fe-4dfd-87a1-bfe3d8f6e2a5} - c:\windows\system32\spekzi.dll
    BHO-{B4156948-BDBD-47B2-B443-5B2DD0745EEC} - c:\windows\system32\qoMdATli.dll
    MSConfigStartUp-62572370704134798103066155709577 - c:\program files\AV9\av2009.exe


    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.nhl.com/
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
    O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
    O8 -: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
    O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-06 00:35:28
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\system32\winlogon.exe
    -> c:\windows\system32\awtqoOHW.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    c:\windows\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe
    c:\windows\system32\imapi.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-06 0:39:32 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-06 05:39:22
    ComboFix2.txt 2008-10-29 17:05:48

    Avant-CF: 45 616 488 448 octets libres
    Après-CF: 45,563,113,472 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    273 --- E O F --- 2008-06-21 13:44:19
    6 Novembre 2008 18:48:53

    Bon suite a ce scan de combo fix, l,ordinateur va BEAUCOUP mieux! cependant, j,ai encore des gros problèmes de pop ups quand j'ouvre internet explorer...:S Que faire d'autre!

    Merci de votre aide, c'est tellement apprécié!
    8 Novembre 2008 09:13:36

    est-ce que qqn saurait m'aider?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS