bgchris26
-
Compteur de contenus
37 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par bgchris26
-
Résolu Ralentissement système important
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Pas de questions supplémentaires, je te remercie de m'avoir accordé tout ce temps ! Bonne continuation à toi ! -
Résolu Ralentissement système important
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Il fonctionne beaucoup mieux ! Du super boulot -
Résolu Ralentissement système important
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Salut Gof! Voici le rapport Malwarebytes Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3508 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 07/01/2010 19:57:33 mbam-log-2010-01-07 (19-57-33).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 265927 Temps écoulé: 1 hour(s), 34 minute(s), 28 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -
Résolu Ralentissement système important
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Bonsoir Gof ! Voici le rapport qui suit la manip que tu m'as demandé: Peux tu me dire ce que tu penses avoir détecter? ComboFix 10-01-02.03 - Christophe 05/01/2010 19:51:44.3.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1868 [GMT 1:00] Lancé depuis: c:\users\Christophe\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Christophe\Desktop\CFScript.txt AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\system\cmstp.exe" "c:\windows\System32\efceedadf1_z.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\cmstp.exe c:\windows\System32\efceedadf1_z.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 )))))))))))))))))))))))))))))))))))) . 2010-01-05 18:57 . 2010-01-05 18:57 -------- d-----w- c:\users\Christophe\AppData\Local\temp 2010-01-05 18:57 . 2010-01-05 18:57 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-01-05 18:57 . 2010-01-05 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-05 18:57 . 2010-01-05 18:57 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2009-12-25 10:26 . 2009-12-25 10:26 -------- d--h--r- c:\users\Christophe\AppData\Roaming\SecuROM 2009-12-25 10:26 . 2009-12-25 10:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-10 20:07 . 2009-12-22 08:20 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-12-08 19:20 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-08 19:20 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-08 19:20 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-08 19:15 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-03 00:13 . 2008-07-09 12:01 56770 ----a-w- c:\users\Christophe\AppData\Roaming\nvModes.dat 2010-01-02 15:51 . 2006-11-02 15:48 694498 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-02 15:51 . 2006-11-02 15:48 133500 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-02 10:38 . 2008-07-10 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-02 10:38 . 2008-07-21 17:36 5061520 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-01 20:09 . 2008-07-09 16:33 -------- d-----w- c:\program files\SpywareBlaster 2009-12-30 13:55 . 2008-07-21 17:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 13:54 . 2008-07-10 18:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 15:21 . 2007-11-02 09:56 -------- d-----w- c:\program files\Google 2009-12-27 08:33 . 2008-01-09 11:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-26 21:35 . 2007-11-02 10:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-23 16:05 . 2008-07-09 19:57 -------- d-----w- c:\programdata\avg8 2009-12-08 20:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-11-21 06:40 . 2009-12-08 19:16 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-08 19:16 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-08 19:16 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-08 19:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-15 21:36 . 2008-07-14 19:53 108 ----a-w- c:\users\Christophe\AppData\Roaming\wklnhst.dat 2009-11-15 10:28 . 2008-07-10 22:28 -------- d-----w- c:\program files\Easy Cleaner 2009-11-11 11:16 . 2007-11-02 12:30 -------- d-----w- c:\programdata\Microsoft Help 2009-11-03 06:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-02 19:42 . 2009-10-03 06:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:17 . 2009-11-25 21:53 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-25 21:07 . 2008-07-09 12:02 78936 ----a-w- c:\users\Christophe\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-08 21:08 . 2009-11-03 06:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-03 06:15 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-03 06:15 4096 ----a-w- c:\windows\system32\oleaccrc.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-30 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-11-17 19:56 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe] 2007-09-19 10:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):68,4b,b1,af,8c,de,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004884925-3776096063-155102671-1000] "EnableNotificationsRef"=dword:00000003 R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [09/07/2008 20:57 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [09/07/2008 20:57 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/10/2008 16:43 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/01/2009 18:48 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/01/2009 18:48 297752] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [09/07/2008 14:51 333088] R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\System32\drivers\ma730pt.sys [31/10/2008 21:23 103040] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [02/11/2007 18:46 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [02/11/2007 18:46 43904] R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [02/11/2007 18:46 9344] R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [02/11/2007 18:46 812544] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [09/07/2008 18:00 721904] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 11:44 30088] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [10/07/2008 21:02 21504] S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\System32\drivers\ma730c.sys [31/10/2008 21:23 156128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Contenu du dossier 'Tâches planifiées' 2009-12-29 c:\windows\Tasks\User_Feed_Synchronization-{31988905-11C4-4912-84C3-3B88BE10F3B6}.job - c:\windows\system32\msfeedssync.exe [2009-12-08 04:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.yahoo.com/ IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel IE: Google Sidewiki... . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-05 19:57 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4004884925-3776096063-155102671-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f0,6f,35,42,4e,c9,a2,7d,bf,a1,7d,29,4f,ca,a7,99,7e,d7,05,4b,b7,fa,dc, 53,4e,3f,27,99,6a,94,87,81,3e,65,3b,e6,b0,7c,37,c3,e8,2f,ae,59,fb,f8,d1,00,\ "??"=hex:96,23,91,b1,03,2d,c3,72,01,af,05,95,1a,1f,c3,6b [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000003d [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-01-05 19:59:52 ComboFix-quarantined-files.txt 2010-01-05 18:59 ComboFix2.txt 2010-01-03 10:41 Avant-CF: 41 788 338 176 octets libres Après-CF: 41 781 522 432 octets libres - - End Of File - - E1342869CB78413D7FBC979CE2B38DDF -
Résolu Ralentissement système important
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Bonjour Gof ! J'ai envoyé ce matin même le fichier sur le lien que tu m'as transmis. ++ -
Résolu Ralentissement système important
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Re! Avec tes précisions, j'ai pu effectuer l'analyse, voici le résultat: Fichier efceedadf1_z.dll reçu le 2010.01.03 20:43:43 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.03 - Ikarus T3.1.1.79.0 2009.12.31 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.03 - McAfee 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.01 - Microsoft 1.5302 2010.01.03 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.03 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.03 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.129 2010.01.03 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Information additionnelle File size: 23 bytes MD5...: 6c467296bf15f424fd6bd251b7bd46b2 SHA1..: a10aa0ed55656b5dc3dbb803ad2f13119ea9ef3d SHA256: 1196017caf33e9a44dd74f82c69f68c731d498333dbc243405443822a007e92b ssdeep: 3:gbTiR8Wlkn:gyR8Wlk<BR> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Unknown! sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.46 2010.01.03 - AhnLab-V3 5.0.0.2 2010.01.02 - AntiVir 7.9.1.122 2009.12.31 - Antiy-AVL 2.0.3.7 2009.12.31 - Authentium 5.2.0.5 2010.01.03 - Avast 4.8.1351.0 2010.01.03 - AVG 8.5.0.430 2010.01.03 - BitDefender 7.2 2010.01.03 - CAT-QuickHeal 10.00 2010.01.02 - ClamAV 0.94.1 2010.01.03 - Comodo 3457 2010.01.03 - DrWeb 5.0.1.12222 2010.01.03 - eSafe 7.0.17.0 2010.01.03 - eTrust-Vet 35.1.7210 2010.01.01 - F-Prot 4.5.1.85 2010.01.03 - F-Secure 9.0.15370.0 2010.01.03 - Fortinet 4.0.14.0 2010.01.02 - GData 19 2010.01.03 - Ikarus T3.1.1.79.0 2009.12.31 - K7AntiVirus 7.10.936 2010.01.02 - Kaspersky 7.0.0.125 2010.01.03 - McAfee 5850 2010.01.03 - McAfee-GW-Edition 6.8.5 2010.01.01 - Microsoft 1.5302 2010.01.03 - NOD32 4740 2010.01.03 - Norman 6.04.03 2009.12.31 - nProtect 2009.1.8.0 2010.01.03 - Panda 10.0.2.2 2010.01.03 - PCTools 7.0.3.5 2010.01.03 - Prevx 3.0 2010.01.03 - Rising 22.28.03.04 2009.12.31 - Sophos 4.49.0 2010.01.03 - Sunbelt 3.2.1858.2 2010.01.03 - TheHacker 6.5.0.3.129 2010.01.03 - TrendMicro 9.120.0.1004 2010.01.03 - VBA32 3.12.12.1 2010.01.01 - ViRobot 2009.12.31.2118 2009.12.31 - VirusBuster 5.0.21.0 2010.01.03 - Information additionnelle File size: 23 bytes MD5...: 6c467296bf15f424fd6bd251b7bd46b2 SHA1..: a10aa0ed55656b5dc3dbb803ad2f13119ea9ef3d SHA256: 1196017caf33e9a44dd74f82c69f68c731d498333dbc243405443822a007e92b ssdeep: 3:gbTiR8Wlkn:gyR8Wlk<BR> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Unknown! sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> -
Résolu Ralentissement système important
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Salut ! J'ai recherché le fichier avec le chemin d'accès mais il n'apparait pas dans le dossier système32 ... -
Résolu Ralentissement système important
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Bonjour et merci Gof! Je joins le rapport combo fix. ComboFix 10-01-02.03 - Christophe 03/01/2010 11:31:00.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1860 [GMT 1:00] Lancé depuis: c:\users\Christophe\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-03 au 2010-01-03 )))))))))))))))))))))))))))))))))))) . 2010-01-03 10:38 . 2010-01-03 10:39 -------- d-----w- c:\users\Christophe\AppData\Local\temp 2010-01-03 10:38 . 2010-01-03 10:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-25 10:26 . 2009-12-25 10:26 -------- d--h--r- c:\users\Christophe\AppData\Roaming\SecuROM 2009-12-25 10:26 . 2009-12-25 10:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-25 10:23 . 2009-12-25 10:23 95232 ----a-w- c:\windows\system\cmstp.exe 2009-12-10 20:07 . 2009-12-22 08:20 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-12-08 19:20 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-08 19:20 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-08 19:20 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-08 19:15 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-03 00:13 . 2008-07-09 12:01 56770 ----a-w- c:\users\Christophe\AppData\Roaming\nvModes.dat 2010-01-02 15:51 . 2006-11-02 15:48 694498 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-02 15:51 . 2006-11-02 15:48 133500 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-02 10:38 . 2008-07-10 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-02 10:38 . 2008-07-21 17:36 5061520 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-01 20:09 . 2008-07-09 16:33 -------- d-----w- c:\program files\SpywareBlaster 2009-12-30 13:55 . 2008-07-21 17:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 13:54 . 2008-07-10 18:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 15:21 . 2007-11-02 09:56 -------- d-----w- c:\program files\Google 2009-12-27 08:33 . 2008-01-09 11:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-26 21:35 . 2007-11-02 10:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-23 16:05 . 2008-07-09 19:57 -------- d-----w- c:\programdata\avg8 2009-12-08 20:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-11-21 06:40 . 2009-12-08 19:16 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-08 19:16 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-08 19:16 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-08 19:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-15 21:36 . 2008-07-14 19:53 108 ----a-w- c:\users\Christophe\AppData\Roaming\wklnhst.dat 2009-11-15 10:28 . 2008-07-10 22:28 -------- d-----w- c:\program files\Easy Cleaner 2009-11-11 11:16 . 2007-11-02 12:30 -------- d-----w- c:\programdata\Microsoft Help 2009-11-03 06:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-02 19:42 . 2009-10-03 06:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:17 . 2009-11-25 21:53 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-25 21:07 . 2008-07-09 12:02 78936 ----a-w- c:\users\Christophe\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-08 21:08 . 2009-11-03 06:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-03 06:15 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-03 06:15 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2008-07-09 13:55 . 2008-07-09 13:55 23 --sha-w- c:\windows\System32\efceedadf1_z.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-30 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2008-11-17 19:56 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe] 2007-09-19 10:09 311296 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):68,4b,b1,af,8c,de,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004884925-3776096063-155102671-1000] "EnableNotificationsRef"=dword:00000003 R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [09/07/2008 20:57 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [09/07/2008 20:57 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/10/2008 16:43 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/01/2009 18:48 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/01/2009 18:48 297752] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [09/07/2008 14:51 333088] R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\System32\drivers\ma730pt.sys [31/10/2008 21:23 103040] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [02/11/2007 18:46 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [02/11/2007 18:46 43904] R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [02/11/2007 18:46 9344] R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [02/11/2007 18:46 812544] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [09/07/2008 18:00 721904] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 11:44 30088] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [10/07/2008 21:02 21504] S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\System32\drivers\ma730c.sys [31/10/2008 21:23 156128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Contenu du dossier 'Tâches planifiées' 2009-12-29 c:\windows\Tasks\User_Feed_Synchronization-{31988905-11C4-4912-84C3-3B88BE10F3B6}.job - c:\windows\system32\msfeedssync.exe [2009-12-08 04:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.yahoo.com/ IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Explorer_Run-DllHst - c:\windows\dllhst3g.exe HKU-Default-Explorer_Run-SessMgr - c:\users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools\daemon.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-03 11:39 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4004884925-3776096063-155102671-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f0,6f,35,42,4e,c9,a2,7d,bf,a1,7d,29,4f,ca,a7,99,7e,d7,05,4b,b7,fa,dc, 53,4e,3f,27,99,6a,94,87,81,3e,65,3b,e6,b0,7c,37,c3,e8,2f,ae,59,fb,f8,d1,00,\ "??"=hex:96,23,91,b1,03,2d,c3,72,01,af,05,95,1a,1f,c3,6b [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000003d [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-01-03 11:41:28 ComboFix-quarantined-files.txt 2010-01-03 10:41 Avant-CF: 39 194 206 208 octets libres Après-CF: 39 158 296 576 octets libres - - End Of File - - A093A5140C359FAEB4859BDD3DAE6D24 -
Résolu Ralentissement système important
bgchris26 a posté un sujet dans Analyses et éradication malwares
Bonjour à tous! Voici plusieurs jours que mon système est fortement ralentit. Le lancement d'une application prend un temps important (plus d'1 minute) J'ai défragmenté mon disque dur mais cela persite. Je joint un rapport hijackthis Pourriez-vous m'aider s'il vous plait. Par avance merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:51, on 02/01/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\dfrgui.exe C:\Users\Christophe\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [sessMgr] C:\Users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [sessMgr] C:\Users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PEVSystemStart - Unknown owner - C:\29987-CF\PEV.cfxxe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8115 bytes -
Bonjour, mon antivirus AVG me détecte un chaval de troie (adsfreeimaj ou quelque chose come ca). J'ai essayé d'utiliser Malwebytes qui me supprime l'infection mais elle revient au démarrage ! Je solicite donc votre aide. Si par la même occasion il s'avère nécessaire de faire un petit nettoyage je suis preneur Je vous laisse mon rapport. Merci d'avance ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:56:47, on 27/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Users\Christophe\AppData\Roaming\ieudinit.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Christophe\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\System\logman.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKLM\..\Policies\Explorer\Run: [iEudinit] C:\Users\CHRIST~1\AppData\Roaming\ieudinit.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [sessMgr] C:\Users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [sessMgr] C:\Users\CHRIST~1\LOCALS~1\APPLIC~1\sessmgr.exe /waitservice (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9358 bytes
-
probleme critical error
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
ok et bien je vais suivre tes conseils. Concernant les services de sony je ne m'en sert pas sauf l'outil de mise à jour donc si tu peux me dire ce que je dois faire... J 'ai désinstallé spybot et adaware pour utiliser malwarebytes que je possédais mais n'utilisais pas... En attente de ta réponse ... -
probleme critical error
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Bonjour, dsl de la lenteur de la réponse je suis parti quelques jours. Je veux d'abord te remercier de ton aide les fenetress intempestives ont disparu! Je te poste mon log hijackthis. Je trouve qu'il y a beaucoup d'entrées peux tu m'aider à alléger un peu cela si c'est nécessaire ... encore merci pour votre forum qui m'a tjs apporté une grande aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:01, on 16/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\eMule\emule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Christophe\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11827 bytes -
probleme critical error
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
J'ai effectué ce que tu m'as dit voici le log SmitFraudFix v2.329 Scan done at 11:41:47,14, 10/07/2008 Run from C:\Users\Christophe\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6000] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\system32\svchost.exe C:\Windows\system32\stacsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Christophe\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Christophe »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Christophe\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\CHRIST~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri [!] Suspicious: NVGFIL~1.DLL BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} TypeLib: {15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF} Interface: {CAF9D798-C659-4B9B-8E19-EE27C3D04EE7} VersionIndependentProgID: BhoNew.Bho ProgID: BhoNew.Bho.1 »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="avgrsstx.dll" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End -
probleme critical error
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Merci à toi de prendre le temps de m'aider! Voici mon rapport comme demandé. SmitFraudFix v2.329 Scan done at 11:41:47,14, 10/07/2008 Run from C:\Users\Christophe\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6000] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\system32\svchost.exe C:\Windows\system32\stacsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Christophe\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Christophe »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Christophe\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\CHRIST~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri [!] Suspicious: NVGFIL~1.DLL BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} TypeLib: {15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF} Interface: {CAF9D798-C659-4B9B-8E19-EE27C3D04EE7} VersionIndependentProgID: BhoNew.Bho ProgID: BhoNew.Bho.1 »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="avgrsstx.dll" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B1D253E1-0545-40A2-9B07-897D366BA524}: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End -
Bonjour à tous! Alors voila je me retrouve en ce moment avec un probleme à chaque fois que j'ouvre internet explorer, une fenetre s'ouvre m'indiquant "Attention, some dangerous viruses detected in your system. microsoft windows XP files corrupted. this may lead to the destruction of ilmportant files in C:/WINDOWS. download protction software now" Je solicite donc votre aide pour éradiquer ce problème. Merci d'avance Je post mon log hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:48, on 10/07/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\system32\svchost.exe C:\Windows\system32\stacsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\AxBx\Multi Virus Cleaner 2008\MVC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Christophe\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE Site Blocker - {6DDBF417-0774-46AD-940B-6A4D9A039407} - C:\Windows\system32\NVGFIL~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14332 bytes
-
Salut à tous alors jviens soliciter votre aide pour un ptit problème très ennuyeux! Donc en fait j'ai un souci avec mes ports usb car quand je branche mes périphériques je ne les vois pas dans "poste de travail", pourtant quand je veux arrêter celui-ci en toute sécurité avec je peux! Donc en gros je peux l'arrêter mais je peux pas l'ouvrir ... Si qqn pouvait m'aider Merci!
-
Analyse rapport Hijackthis
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Voici également mon rapport diaghelp "Bad Gone" - 2007-07-08 20:22:51 - ComboFix 07-07-07.3 - Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\jdboqaqr.dll C:\WINDOWS\system32\tuvuvuu.dll C:\WINDOWS\system32\tncbhwbc.exe C:\WINDOWS\system32\rqaqobdj.ini C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\opnkjgh.dll C:\WINDOWS\system32\vtuts.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 ))))))))))))))))))))))))))))))) 2007-07-08 20:22 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-08 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-07-08 20:18 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2007-07-08 16:06 50,708 --a------ C:\WINDOWS\system32\ebyyjkvr.exe 2007-07-08 15:30 <REP> d-------- C:\Program Files\SEGA 2007-07-05 15:10 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-07-05 14:45 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-05 14:45 208,248 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-05 08:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2007-07-05 08:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller 2007-06-22 17:15 <REP> d-------- C:\Program Files\SC4Tool 2007-06-20 10:14 <REP> d-------- C:\Program Files\Maxis 2007-06-18 08:03 <REP> d-------- C:\Program Files\Windows Defender 2007-06-13 15:34 30,765 --a------ C:\WINDOWS\dr.exe 2007-06-13 15:34 30,765 --a------ C:\my.exe 2007-06-13 15:34 30,765 --a------ C:\documents.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-08 17:50:40 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-08 17:46:45 -------- d-----w C:\Program Files\eMule 2007-07-05 06:16:11 -------- d-----w C:\Program Files\MSN Messenger 2007-07-05 06:15:18 -------- d-----w C:\Program Files\Windows Live 2007-06-30 14:10:09 1,238 -c--a-w C:\WINDOWS\eReg.dat 2007-06-07 05:11:00 -------- d-----w C:\Program Files\Messenger Plus! Live 2007-06-01 06:20:30 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-05-20 20:43:25 -------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe 2007-05-20 19:31:36 -------- d-----w C:\Program Files\Ashampoo 2007-05-20 07:25:45 -------- d-----w C:\Program Files\Winamp 2007-05-17 03:41:38 -------- d-----w C:\DOCUME~1\BADGON~1\APPLIC~1\Microsoft Games 2007-05-17 03:36:32 -------- d-----w C:\Program Files\Microsoft Games 2007-05-17 03:31:39 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-05-17 03:31:39 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-05-16 15:39:46 -------- d-----w C:\Program Files\PhotoFiltre 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-16 12:14:44 -------- d-----w C:\Program Files\Paradox Interactive 2007-05-15 17:02:55 -------- d-----w C:\Program Files\Ubisoft 2007-05-15 05:27:44 -------- d-----w C:\DOCUME~1\BADGON~1\APPLIC~1\dvdcss 2007-05-13 07:48:52 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll 2007-05-13 06:21:17 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-05-12 16:32:25 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-05-12 16:11:30 -------- d-----w C:\Program Files\SmartPCTools 2007-05-11 05:47:58 -------- d-----w C:\Program Files\Google 2007-05-09 18:16:19 -------- d-----w C:\Program Files\EA Games 2007-05-09 16:52:19 -------- d-----w C:\Program Files\Alcohol Soft 2007-05-08 15:25:47 -------- d-----w C:\Program Files\Fichiers communs\Stardock 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2006-12-07 21:14:53 5 -csha-w C:\WINDOWS\system32\eafcce1_s.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C69F137-5BBC-40EF-A9F2-25F3D4039D70}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 C:\WINDOWS\ALCWZRD.EXE] "Alcmtr"="ALCMTR.EXE" [2004-07-20 10:22 C:\WINDOWS\ALCMTR.EXE] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-04-26 19:12] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-13 09:48] "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\Program Files\user32.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21] "TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 01:15] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 07:47] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "EzStatus"=C:\Apps\EZHome\EZStatus.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bad Gone^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] path=C:\Documents and Settings\Bad Gone\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "c:\Apps\Powercinema\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7eee122-011a-11dc-811d-00038a000015}] AutoRun\command- L:\CDCheck.exe Contents of the 'Scheduled Tasks' folder 2006-12-06 12:29:21 C:\WINDOWS\tasks\HDReg.job 2007-07-08 17:57:29 C:\WINDOWS\tasks\MP Scheduled Scan.job 2006-12-06 12:29:48 C:\WINDOWS\tasks\Rappel d'enregistrement 2.job 2006-12-06 12:29:48 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-08 20:27:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-08 20:29:23 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-08 20:29 --- E O F --- -
Analyse rapport Hijackthis
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Avant tout merci de m'accorder un peu de ton temps! Alors voici mon nouveau rapport "Bad Gone" - 2007-07-08 20:22:51 - ComboFix 07-07-07.3 - Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\jdboqaqr.dll C:\WINDOWS\system32\tuvuvuu.dll C:\WINDOWS\system32\tncbhwbc.exe C:\WINDOWS\system32\rqaqobdj.ini C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\opnkjgh.dll C:\WINDOWS\system32\vtuts.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 ))))))))))))))))))))))))))))))) 2007-07-08 20:22 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-08 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-07-08 20:18 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2007-07-08 16:06 50,708 --a------ C:\WINDOWS\system32\ebyyjkvr.exe 2007-07-08 15:30 <REP> d-------- C:\Program Files\SEGA 2007-07-05 15:10 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-07-05 14:45 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-05 14:45 208,248 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-05 08:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2007-07-05 08:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller 2007-06-22 17:15 <REP> d-------- C:\Program Files\SC4Tool 2007-06-20 10:14 <REP> d-------- C:\Program Files\Maxis 2007-06-18 08:03 <REP> d-------- C:\Program Files\Windows Defender 2007-06-13 15:34 30,765 --a------ C:\WINDOWS\dr.exe 2007-06-13 15:34 30,765 --a------ C:\my.exe 2007-06-13 15:34 30,765 --a------ C:\documents.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-08 17:50:40 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-08 17:46:45 -------- d-----w C:\Program Files\eMule 2007-07-05 06:16:11 -------- d-----w C:\Program Files\MSN Messenger 2007-07-05 06:15:18 -------- d-----w C:\Program Files\Windows Live 2007-06-30 14:10:09 1,238 -c--a-w C:\WINDOWS\eReg.dat 2007-06-07 05:11:00 -------- d-----w C:\Program Files\Messenger Plus! Live 2007-06-01 06:20:30 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-05-20 20:43:25 -------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe 2007-05-20 19:31:36 -------- d-----w C:\Program Files\Ashampoo 2007-05-20 07:25:45 -------- d-----w C:\Program Files\Winamp 2007-05-17 03:41:38 -------- d-----w C:\DOCUME~1\BADGON~1\APPLIC~1\Microsoft Games 2007-05-17 03:36:32 -------- d-----w C:\Program Files\Microsoft Games 2007-05-17 03:31:39 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-05-17 03:31:39 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-05-16 15:39:46 -------- d-----w C:\Program Files\PhotoFiltre 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-16 12:14:44 -------- d-----w C:\Program Files\Paradox Interactive 2007-05-15 17:02:55 -------- d-----w C:\Program Files\Ubisoft 2007-05-15 05:27:44 -------- d-----w C:\DOCUME~1\BADGON~1\APPLIC~1\dvdcss 2007-05-13 07:48:52 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll 2007-05-13 06:21:17 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-05-12 16:32:25 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-05-12 16:11:30 -------- d-----w C:\Program Files\SmartPCTools 2007-05-11 05:47:58 -------- d-----w C:\Program Files\Google 2007-05-09 18:16:19 -------- d-----w C:\Program Files\EA Games 2007-05-09 16:52:19 -------- d-----w C:\Program Files\Alcohol Soft 2007-05-08 15:25:47 -------- d-----w C:\Program Files\Fichiers communs\Stardock 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2006-12-07 21:14:53 5 -csha-w C:\WINDOWS\system32\eafcce1_s.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C69F137-5BBC-40EF-A9F2-25F3D4039D70}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 C:\WINDOWS\ALCWZRD.EXE] "Alcmtr"="ALCMTR.EXE" [2004-07-20 10:22 C:\WINDOWS\ALCMTR.EXE] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-04-26 19:12] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-13 09:48] "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\Program Files\user32.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21] "TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 01:15] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 07:47] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "EzStatus"=C:\Apps\EZHome\EZStatus.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bad Gone^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] path=C:\Documents and Settings\Bad Gone\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "c:\Apps\Powercinema\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7eee122-011a-11dc-811d-00038a000015}] AutoRun\command- L:\CDCheck.exe Contents of the 'Scheduled Tasks' folder 2006-12-06 12:29:21 C:\WINDOWS\tasks\HDReg.job 2007-07-08 17:57:29 C:\WINDOWS\tasks\MP Scheduled Scan.job 2006-12-06 12:29:48 C:\WINDOWS\tasks\Rappel d'enregistrement 2.job 2006-12-06 12:29:48 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-08 20:27:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-08 20:29:23 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-08 20:29 --- E O F --- -
Salut à tous! Je solicite votre aide pour analyser mon rapport et m'aider à le nettoyer... J'ai effectué avantde faire mon rapport différents antispy. Voici mon rapport: Logfile of HijackThis v1.99.1 Scan saved at 19:56:21, on 08/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Apps\EZHome\EZStatus.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\system32\ebyyjkvr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Bad Gone\Mes documents\Mes fichiers reçus\Logiciels\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jdboqaqr.dll",realset O4 - HKCU\..\Run: [EzStatus] C:\Apps\EZHome\EZStatus.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165411083484 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: DomainService - - C:\WINDOWS\system32\ebyyjkvr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe Merci beaucoup!
-
j'avais regardé ... mais le son est revenu... tout seull ... bizarre m'enfin je vais pas me pleindre! merci à toi de m'avoir répondu! bonne nuit à tous!
-
Salut à tous ... j'ai un petit probleme! Je m'explique ... plus de son sur mon PC ... avec winamp ... media player ... plus rien! j'ai vérifié un peu les paramétrages et j'ai l'impression que tout est nickel... donc je viens soliciter votre aider!!! svp
-
problème de connexion avec mozilla
bgchris26 a répondu à un(e) sujet de bgchris26 dans Internet & Réseaux
le redémarrage ne fait rien ... retour à IE -
Voila je suis sous Xp et en fait j'ai remarqué depuis un certain temps qu'il est de plus en plus long à s'arrêter ... mais vraiment long! du genre 4 ou 5 minutes .. Que puis-je faire pour accélérer tout ca??? Merci
-
Salut!! donc en fait j'ai un problème avec mozilla.. je l'installe normalement puis quand je veux accéder à internet avec il reste bloqué ... impossible de l'utiliser Quelqu'un peut il m'aider???! Mercii
-
Analyse HijackThis
bgchris26 a répondu à un(e) sujet de bgchris26 dans Analyses et éradication malwares
Merci bien! bonne soirée!