Gestionnaire des tâches

olivierbud · Juillet 30, 2008, 8:12

Bonjour, mon probléme c’est que lorsque je fait alt+ctrl+suppr le gestionnaire des tâches n’apparait pas idem lorsque je clique sur la barre des tâches rien ne se passe, il n’y a pas de message d’erreur il ne se passe rien.
La commande regedit ne fonctionnait plus j’ai passé un coup de spybot et maintenant c’est bon, je pense que les 2 pb était lié mais pour le gestionnaire des tâches je cale, quelqu’un aurait une idée?
Merci.

guigui14100 · Juillet 30, 2008, 8:27

Salut

Post un log hijackthis
Tu clique sur le fichier HiJackThis.exe
Tu clique sur I accept
Tu clique sur Do a system Scan and save a logfile
A la fin du scan, un fichier texte s’ouvre et tu colle son contenu sur le forum.

olivierbud · Juillet 30, 2008, 8:50

Nouveaux pb impossible de lancer hijackthis je fais executer et il ne se passe rien même en mode sans échec.

guigui14100 · Juillet 30, 2008, 8:55

Fait un scan complet avec malwarebytes antimalware,supprime toute les détections et colle le rapport

olivierbud · Juillet 30, 2008, 9:29

J’ai reussi avec hijackthis, je l’ai renommer et ça marche voici le log le scan avec malwarebytes antimalware est en cours.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:01, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Avast\aswUpdSv.exe
D:\Programme\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Avast\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\Avast\ashDisp.exe
D:\Programme\Souris\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
D:\Programme\Nouveau dossier (2)\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Olivier\Bureau\ton.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.free.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM…\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM…\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Souris\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - D:\PROGRA~1\Office\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - javadl.sun.com…
O17 - HKLM\System\CCS\Services\Tcpip…{37E97583-F56C-407A-8D2C-EC2B5E12CA74}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip…{37E97583-F56C-407A-8D2C-EC2B5E12CA74}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS2\Services\Tcpip…{37E97583-F56C-407A-8D2C-EC2B5E12CA74}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip…{37E97583-F56C-407A-8D2C-EC2B5E12CA74}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programme\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programme\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programme\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programme\Avast\ashWebSv.exe
O23 - Service: NBService - Nero AG - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

–
End of file - 5078 bytes

olivierbud · Juillet 30, 2008, 9:42

Voici le rapport de Malwarebytes’ Anti-Malware

Malwarebytes’ Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 2

21:40:56 30/07/2008
mbam-log-7-30-2008 (21-40-56).txt

Type de recherche: Examen complet (C:|D:|E:|F:|)
Eléments examinés: 87756
Temps écoulé: 17 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 113
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zftp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information_restore{FFAEC28A-AA19-4596-9046-7AAB793E40A8}\RP111\A0017384.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\nicomsp2p32.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

guigui14100 · Juillet 30, 2008, 9:45

Désactive tes protection
Utilise combofix
Laisse le travailler et colle le rapport

olivierbud · Juillet 30, 2008, 9:59

le rapport de combofix

ComboFix 08-07-29.1 - Olivier 2008-07-30 21:48:37.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1651 [GMT 2:00]
Endroit: C:\Documents and Settings\Olivier\Bureau\ComboFix.exe

Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Config.ini
C:\WINDOWS\system32\msosmhfp.dat
C:\WINDOWS\system32\nicozftp.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSP2P32

((((((((((((((((((((((((((((( Fichiers cr??s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 21:20 . 2008-07-30 21:20 d-------- C:\Documents and Settings\Olivier\Application Data\Malwarebytes
2008-07-30 21:20 . 2008-07-30 21:20 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 21:20 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 21:20 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 18:45 . 2008-07-30 20:51 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-30 17:39 . 2008-07-30 20:52 d-------- C:\Documents and Settings\Administrateur\Mod?les
2008-07-30 17:39 . 2008-07-30 20:52 d—s---- C:\Documents and Settings\Administrateur
2008-07-28 20:29 . 2008-07-29 09:28 d-------- C:\WINDOWS\system32\Adobe
2008-07-28 16:00 . 2008-07-28 16:00 d-------- C:\Program Files\Creative
2008-07-28 16:00 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-28 16:00 . 2003-01-07 15:22 139,264 --a------ C:\WINDOWS\system32\eax.dll
2008-07-27 23:04 . 2008-07-27 23:04 d-------- C:\Documents and Settings\Olivier\Application Data\vlc
2008-07-03 09:40 . 2008-07-05 00:14 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-03 09:40 . 2008-07-03 11:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-03 09:40 . 2008-07-05 00:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 14:01 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-25 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-31 21:06 61,440 ----a-w C:\WINDOWS\system32\nllhfc.exe
2008-05-31 21:06 61,440 ----a-w C:\WINDOWS\system32\conime.exe
2008-05-31 21:05 61,440 ----a-w C:\WINDOWS\system32\debz.exe
2008-05-31 19:23 --------- d-----w C:\Program Files\Fichiers communs\LogiShared
2008-05-31 19:23 --------- d-----w C:\Documents and Settings\Olivier\Application Data\Logitech
2008-05-31 19:23 --------- d-----w C:\Documents and Settings\Olivier\Application Data\Leadertech
2008-05-31 19:22 0 —ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-31 19:22 0 —ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-05-31 19:22 0 —ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-31 19:21 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-31 19:21 --------- d-----w C:\Documents and Settings\Olivier\Application Data\InstallShield
2008-05-31 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-31 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-12 05:41 180,224 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-04-12 05:30 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” [2004-08-03 22:32 208952]
“PHIME2002ASync”=“C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE” [2002-08-28 22:39 455168]
“PHIME2002A”=“C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE” [2002-08-28 22:39 455168]
“JMB36X IDE Setup”=“C:\WINDOWS\RaidTool\xInsIDE.exe” [2007-03-20 16:36 36864]
“36X Raid Configurer”=“C:\WINDOWS\System32\xRaidSetup.exe” [2007-03-21 18:23 1953792]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-12-05 02:41 8523776]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-12-05 02:41 81920]
“RTHDCPL”=“RTHDCPL.EXE” [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]
“nwiz”=“nwiz.exe” [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.yv12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d’Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d’Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d’Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
–a------ 2005-05-18 17:08 208896 D:\Programme\Anti Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
–a------ 2007-06-27 20:03 152872 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
–a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
–a------ 2002-12-10 08:50 602112 C:\WINDOWS\twain_32\FlatBed\HotKey.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
–a------ 2004-08-19 16:10 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“D:\Programme\Emule\emule.exe”=
“D:\Programme\VLC\vlc.exe”=
“D:\Programme\ADSL TV\adsltv.exe”=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 ayvwt;ayvwt;C:\DOCUME~1\Olivier\LOCALS~1\Temp_temp.dat []
S3 mjfdd;mjfdd;C:\DOCUME~1\Olivier\LOCALS~1\Temp_temp.dat []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.free.fr…
O8 -: E&xporter vers Microsoft Excel - D:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface{37E97583-F56C-407A-8D2C-EC2B5E12CA74}: NameServer = 212.27.53.252,212.27.54.252

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-07-30 21:50:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach?s …

Balayage cach? autostart entries …

Balayage des fichiers cach?s …

Scan termin? avec succ?s
Les fichiers cach?s: 0

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ayvwt]
“ImagePath”="??\C:\DOCUME~1\Olivier\LOCALS~1\Temp_temp.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mjfdd]
“ImagePath”="??\C:\DOCUME~1\Olivier\LOCALS~1\Temp_temp.dat"
.
------------------------ Other Running Processes ------------------------
.
D:\Programme\Avast\aswUpdSv.exe
D:\Programme\Avast\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\Souris\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programme\Avast\ashWebSv.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
.

.
Temps d’accomplissement: 2008-07-30 21:52:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 19:52:23

Pre-Run: 8,070,561,792 octets libres
Post-Run: 9,135,132,672 octets libres

150

Super ça marche le gestionnaire des tâches est de nouveaux accessible merci beaucoup guigui14100 je me voyais déjà en train de formater.

guigui14100 · Juillet 30, 2008, 10:03

Upload c’est fichier sur virus total et post les rapport en précisant le fichier

olivierbud · Juillet 31, 2008, 1:09

C:\WINDOWS\system32\nllhfc.exe
C:\WINDOWS\system32\debz.exe

c’est 2 fichiers étaient considérer comme des virus sur virus total avast les a repérés quand j’ai voulu les mettres en quarantaine il m’ a dit impossible de traiter le fichier, mais ils ne sont plus visible dans system 32.

guigui14100 · Juillet 31, 2008, 7:44

Ok et pour les autre fichier?

olivierbud · Juillet 31, 2008, 8:51

C:\WINDOWS\system32\msosmhfp.dat introuvable
C:\WINDOWS\system32\nicozftp.dat introuvable
C:\WINDOWS\system32\eax.dll r.a.s
C:\WINDOWS\system32\nllhfc.exe introuvable maintenant
C:\WINDOWS\system32\debz.exe introuvable maintenant
D:\Programme\Anti Blaxx\Anti-Blaxx.exe r.a.s
C:\WINDOWS\twain_32\FlatBed\HotKey.Exe r.a.s
C:\DOCUME~1\Olivier\LOCALS~1\Temp_temp.dat introuvable
C:\DOCUME~1\Olivier\LOCALS~1\Temp_temp.dat introuvable

guigui14100 · Juillet 31, 2008, 10:28

Essaye de rechercher ceux que tu n’a pas trouver aprés avoir fait outil > option des dossier > affichage > afficher les dossier caché et décoche masquer les fichier protégé du système et masquer les extension connu

olivierbud · Juillet 31, 2008, 10:54

J’ai suivi tes instructions mais je ne trouve pas les fichiers citée ci dessus, même en faisant une recherche dans windows je ne trouve rien.

guigui14100 · Juillet 31, 2008, 7:37

Désactive tes protections
Enregistre CFScript.txt au même endroit que combofix
Puis fait glisser le fichier sur l’icone de combofix

olivierbud · Août 1, 2008, 8:17

Voila c’est fait j’ai fait glisser le fichier sur combofix et jle programme a démarré voici le log

ComboFix 08-07-29.1 - Olivier 2008-08-01 20:13:29.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1669 [GMT 2:00]
Endroit: C:\Documents and Settings\Olivier\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Olivier\Bureau\CFScript.txt

Création d’un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\debz.exe
C:\WINDOWS\system32\nllhfc.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 21:20 . 2008-07-30 21:20 d-------- C:\Documents and Settings\Olivier\Application Data\Malwarebytes
2008-07-30 21:20 . 2008-07-30 21:20 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 18:45 . 2008-07-30 20:51 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-30 17:39 . 2008-07-30 20:52 d-------- C:\Documents and Settings\Administrateur\Modèles
2008-07-30 17:39 . 2008-07-30 20:52 d—s---- C:\Documents and Settings\Administrateur
2008-07-28 20:29 . 2008-07-29 09:28 d-------- C:\WINDOWS\system32\Adobe
2008-07-28 16:00 . 2008-07-28 16:00 d-------- C:\Program Files\Creative
2008-07-28 16:00 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-28 16:00 . 2003-01-07 15:22 139,264 --a------ C:\WINDOWS\system32\eax.dll
2008-07-27 23:04 . 2008-07-27 23:04 d-------- C:\Documents and Settings\Olivier\Application Data\vlc
2008-07-03 09:40 . 2008-07-05 00:14 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-03 09:40 . 2008-07-03 11:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-03 09:40 . 2008-07-05 00:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 14:01 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-25 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-30_21.52.17.01 )))))))))))))))))))))))))))))))))))))))))
.

2008-07-28 18:29:45 274,432 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat

2008-07-30 23:22:14 274,432 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat

2008-05-31 21:06:21 61,440 ----a-w C:\WINDOWS\system32\conime.exe

2004-08-19 14:09:52 27,648 ----a-w C:\WINDOWS\system32\conime.exe
2004-08-19 14:09:52 27,648 -c–a-w C:\WINDOWS\system32\dllcache\conime.exe
2008-08-01 18:09:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_600.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” [2004-08-03 22:32 208952]
“PHIME2002ASync”=“C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE” [2002-08-28 22:39 455168]
“PHIME2002A”=“C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE” [2002-08-28 22:39 455168]
“JMB36X IDE Setup”=“C:\WINDOWS\RaidTool\xInsIDE.exe” [2007-03-20 16:36 36864]
“36X Raid Configurer”=“C:\WINDOWS\System32\xRaidSetup.exe” [2007-03-21 18:23 1953792]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-12-05 02:41 8523776]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-12-05 02:41 81920]
“avast!”=“D:\PROGRA~1\Avast\ashDisp.exe” [2008-07-19 16:38 78008]
“RTHDCPL”=“RTHDCPL.EXE” [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]
“nwiz”=“nwiz.exe” [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.yv12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d’Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d’Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d’Adobe Reader.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup