astroboy911

Avira AntiVir Personal Report file date: 2008-05-10 18:26 Scanning for 1258665 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-JULIEN Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 2008-05-05 16:19:13 ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 2008-05-09 16:19:14 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 2008-05-10 16:19:23 AESCN.DLL : 8.1.0.16 119156 Bytes 2008-05-10 16:19:23 AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-10 16:19:22 AEPACK.DLL : 8.1.1.4 364918 Bytes 2008-05-10 16:19:21 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-10 16:19:20 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 2008-05-10 16:19:19 AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-10 16:19:18 AEGEN.DLL : 8.1.0.20 299380 Bytes 2008-05-10 16:19:17 AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-10 16:19:16 AECORE.DLL : 8.1.0.28 168310 Bytes 2008-05-10 16:19:15 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-05-10 18:26 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'mobsync.exe' - '1' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned Scan process 'ACEngSvr.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned Scan process 'ACMON.exe' - '1' Module(s) have been scanned Scan process 'wcourier.exe' - '1' Module(s) have been scanned Scan process 'ATKOSD2.exe' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'spmgr.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'DMedia.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ALU.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'Net4Switch.exe' - '1' Module(s) have been scanned Scan process 'asghost.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'GFNEXSrv.exe' - '1' Module(s) have been scanned Scan process 'wlanext.exe' - '1' Module(s) have been scanned Scan process 'ASLDRSrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 74 processes with 74 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '13' files ). Starting the file scan: Begin scan in 'C:\' <VistaOS> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\ProgramData\hvxqczpg\wbunmrkd.exe [DETECTION] Is the Trojan horse TR/Agent.lpu [NOTE] The file was moved to '489acee5.qua'! C:\ProgramData\kjyfapuj\mtuncpct.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '489acefd.qua'! C:\Windows\System32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <Data> End of the scan: 2008-05-10 19:00 Used time: 34:39 min The scan has been done completely. 13705 Scanning directories 317440 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 317438 Files not concerned 1582 Archives were scanned 3 Warnings 2 Notes

ok apres le boulot vers 16heures alors, merci à plus

et le nouveau HiJack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:18:40, on 09/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Julien\AppData\Local\Temp\fccyXPIa.dll,#1 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: APSHook.dll O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe -- End of file - 7770 bytes Et voilà, j'espère que ça sera utile.

voila le log combofix: ComboFix 08-05-08.1 - Julien 2008-05-09 20:56:14.1 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1680 [GMT 2:00] Endroit: C:\Users\Julien\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\xbaqktfv.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))))))) . 2008-05-09 20:55 . 2008-05-09 20:55 <REP> d-------- C:\327882R2FWJFW 2008-05-08 22:36 . 2008-05-08 22:36 <REP> d-------- C:\Program Files\Trend Micro 2008-05-08 18:13 . 2008-05-08 18:25 <REP> d-------- C:\Users\Julien\AppData\Roaming\gtk-2.0 2008-05-08 18:12 . 2008-05-08 18:12 <REP> d-------- C:\Users\Julien\.thumbnails 2008-05-08 18:10 . 2008-05-08 18:25 <REP> d-------- C:\Users\Julien\.gimp-2.4 2008-05-08 18:09 . 2008-05-08 18:09 <REP> d-------- C:\Program Files\GIMP-2.0 2008-05-08 17:31 . 2008-05-08 17:31 <REP> d-------- C:\VundoFix Backups 2008-05-08 17:31 . 2008-05-08 17:31 147,456 --a------ C:\VundoFix.exe 2008-05-02 12:16 . 2008-05-02 12:13 691,545 --a------ C:\Windows\unins000.exe 2008-05-02 12:16 . 2008-05-02 12:16 2,545 --a------ C:\Windows\unins000.dat 2008-05-02 11:47 . 2008-05-02 11:47 <REP> d-------- C:\Windows\BDOSCAN8 2008-05-02 00:53 . 2008-05-02 00:53 <REP> d-------- C:\Users\All Users\kjyfapuj 2008-05-02 00:53 . 2008-05-02 00:53 <REP> d-------- C:\Users\All Users\hvxqczpg 2008-05-02 00:53 . 2008-05-02 00:53 <REP> d-------- C:\PROGRA~2\kjyfapuj 2008-05-02 00:53 . 2008-05-02 00:53 <REP> d-------- C:\PROGRA~2\hvxqczpg 2008-04-30 19:03 . 2008-04-30 19:03 98,304 --a------ C:\Windows\System32\CmdLineExt.dll 2008-04-30 18:49 . 2008-04-30 19:00 <REP> d-------- C:\GTR2 2008-04-30 18:47 . 2008-04-30 18:47 <REP> d-------- C:\Program Files\DAEMON Tools Lite 2008-04-30 18:44 . 2008-04-30 18:44 <REP> d-------- C:\Users\Julien\AppData\Roaming\DAEMON Tools 2008-04-30 18:44 . 2008-04-30 18:44 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-04-29 21:47 . 2008-04-29 21:47 <REP> d-------- C:\Users\Julien\AppData\Roaming\Nero 2008-04-29 21:28 . 2008-04-29 21:28 <REP> d-------- C:\Users\All Users\Nero 2008-04-29 21:28 . 2008-04-29 21:29 <REP> d-------- C:\Program Files\Nero 2008-04-29 21:28 . 2008-04-29 21:29 <REP> d-------- C:\Program Files\Common Files\Nero 2008-04-29 21:28 . 2008-04-29 21:28 <REP> d-------- C:\PROGRA~2\Nero 2008-04-29 21:28 . 2006-03-17 11:45 1,757,184 --a------ C:\Windows\System32\imagX7.dll 2008-04-29 21:28 . 2006-03-17 11:45 802,816 --a------ C:\Windows\System32\imagXRA7.dll 2008-04-29 21:28 . 2006-03-17 11:45 497,296 --a------ C:\Windows\System32\imagXpr7.dll 2008-04-29 21:28 . 2006-03-17 14:49 368,640 --a------ C:\Windows\System32\TwnLib4.dll 2008-04-29 21:28 . 2006-03-17 11:45 258,048 --a------ C:\Windows\System32\imagXR7.dll 2008-04-29 14:49 . 2008-04-29 14:50 <REP> d-------- C:\Users\All Users\Adobe 2008-04-29 14:49 . 2008-04-29 14:49 <REP> d-------- C:\Program Files\Common Files\Adobe 2008-04-29 07:18 . 2008-04-29 07:26 <REP> d-------- C:\Users\All Users\Yahoo! 2008-04-29 07:18 . 2008-04-29 07:26 <REP> d-------- C:\PROGRA~2\Yahoo! 2008-04-29 07:17 . 2008-04-29 07:17 <REP> d-------- C:\Users\Julien\AppData\Roaming\Yahoo! 2008-04-29 07:17 . 2008-04-29 07:17 <REP> d-------- C:\Program Files\Yahoo! 2008-04-28 23:55 . 2008-04-28 23:55 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-04-28 21:02 . 2008-05-09 20:45 <REP> d-------- C:\Users\Julien\AppData\Roaming\OpenOffice.org2 2008-04-28 16:24 . 2008-04-28 23:56 <REP> d-------- C:\Downloads 2008-04-28 16:04 . 2008-05-08 18:04 <REP> d-------- C:\Users\Julien\AppData\Roaming\foobar2000 2008-04-28 16:04 . 2008-04-28 16:04 <REP> d-------- C:\Program Files\foobar2000 2008-04-28 12:37 . 2008-04-28 12:37 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-04-28 06:55 . 2007-04-19 14:13 15 --a------ C:\F3SC_F3SV_VISTA.10 2008-04-28 06:55 . 2007-03-13 05:02 12 --a------ C:\RECOVERY.DAT 2008-04-28 06:53 . 2006-03-09 04:58 1,060,424 --a------ C:\Windows\System32\WdfCoInstaller01000.dll 2008-04-28 06:53 . 2007-03-01 14:30 196,608 --a------ C:\Windows\System32\SynCtrl.dll 2008-04-28 06:53 . 2007-03-01 15:24 182,456 --a------ C:\Windows\System32\drivers\SynTP.sys 2008-04-28 06:53 . 2007-03-01 14:29 163,840 --a------ C:\Windows\System32\SynCOM.dll 2008-04-28 06:53 . 2007-03-01 14:37 143,360 --a------ C:\Windows\System32\SynTPAPI.dll 2008-04-28 06:53 . 2007-03-01 15:22 110,592 --a------ C:\Windows\System32\SynTPCo4.dll 2008-04-28 06:51 . 2007-01-11 11:04 12,367,616 --a------ C:\Windows\System32\drivers\StkCPipe.sys 2008-04-28 06:51 . 2007-02-13 06:41 1,245,056 --a------ C:\Windows\System32\drivers\StkCMini.sys 2008-04-28 06:51 . 2005-12-26 19:11 172,032 --a------ C:\Windows\VideoView.exe 2008-04-28 06:51 . 2007-02-07 12:32 106,496 --a------ C:\Windows\StkC112X.exe 2008-04-28 06:51 . 2007-02-07 13:21 77,824 --a------ C:\Windows\System32\StkCProp.ax 2008-04-28 06:51 . 2007-02-07 12:51 69,632 --a------ C:\Windows\System32\StkCWIA.dll 2008-04-28 06:51 . 2007-02-12 08:59 61,440 --a------ C:\Windows\StkUnist.exe 2008-04-28 06:51 . 2006-12-10 18:33 49,152 --a------ C:\Windows\System32\StkSSrv.dll 2008-04-28 06:51 . 2007-02-07 12:44 24,576 --a------ C:\Windows\System32\StkCSrv.exe 2008-04-28 06:32 . 2008-04-28 06:32 <REP> d-------- C:\Program Files\BitComet 2008-04-28 06:32 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll 2008-04-28 06:31 . 2008-04-28 06:31 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-28 06:30 . 2008-04-28 06:30 <REP> d-------- C:\Windows\PCHEALTH 2008-04-28 06:28 . 2008-04-28 06:28 <REP> d-------- C:\Users\All Users\WLInstaller 2008-04-28 06:28 . 2008-04-28 12:37 <REP> d-------- C:\Program Files\Windows Live 2008-04-28 06:28 . 2008-04-28 06:30 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-28 06:28 . 2008-04-28 06:28 <REP> d-------- C:\PROGRA~2\WLInstaller 2008-04-28 06:14 . 2008-04-28 06:15 <REP> d-------- C:\Program Files\OpenOffice.org 2.4 2008-04-28 06:13 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\Java 2008-04-28 06:13 . 2008-04-28 06:13 <REP> d-------- C:\Program Files\Common Files\Java 2008-04-28 06:07 . 2008-04-28 06:07 <REP> d-------- C:\Windows\System32\Attansic 2008-04-28 01:59 . 2008-04-28 01:59 <REP> d-------- C:\PerfLogs 2008-04-28 01:44 . 2008-04-28 01:23 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-04-28 01:44 . 2008-04-28 01:23 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-04-28 01:24 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe 2008-04-28 01:23 . 2008-04-28 01:45 196,608 --a------ C:\Windows\SPInstall.etl 2008-04-28 01:12 . 2008-04-28 01:12 <REP> d-------- C:\Users\Julien\AppData\Roaming\ma-config.com 2008-04-28 01:12 . 2008-04-28 01:12 <REP> d-------- C:\Program Files\ma-config.com 2008-04-28 00:52 . 2008-04-28 00:52 <REP> d-------- C:\Users\Julien\AppData\Roaming\vlc 2008-04-28 00:37 . 2008-05-03 09:13 27,430 --a------ C:\Users\Julien\AppData\Roaming\nvModes.dat 2008-04-28 00:34 . 2008-05-02 12:21 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-04-28 00:34 . 2008-05-02 12:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-28 00:34 . 2008-05-02 12:21 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy 2008-04-28 00:33 . 2008-04-28 00:33 <REP> d-------- C:\Program Files\VideoLAN 2008-04-28 00:32 . 2008-04-28 00:32 <REP> d-------- C:\Program Files\Alwil Software 2008-04-28 00:32 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-04-28 00:09 . 2008-04-28 00:09 <REP> d-------- C:\Program Files\CCleaner 2008-04-27 23:50 . 2008-04-27 23:50 <REP> dr------- C:\Users\Julien\Searches 2008-04-27 23:50 . 2008-04-29 07:45 <REP> dr------- C:\Users\Julien\Contacts 2008-04-27 23:48 . 2008-04-27 23:50 <REP> dr------- C:\Users\Julien\Videos 2008-04-27 23:48 . 2008-05-03 14:39 <REP> dr------- C:\Users\Julien\Saved Games 2008-04-27 23:48 . 2008-04-27 21:35 <REP> d-------- C:\Users\Julien\Roaming 2008-04-27 23:48 . 2008-04-29 07:18 <REP> dr------- C:\Users\Julien\Pictures 2008-04-27 23:48 . 2008-04-29 07:18 <REP> dr------- C:\Users\Julien\Music 2008-04-27 23:48 . 2008-04-27 23:50 <REP> dr------- C:\Users\Julien\Links 2008-04-27 23:48 . 2008-05-08 01:43 <REP> dr------- C:\Users\Julien\Downloads 2008-04-27 23:48 . 2008-05-03 16:57 <REP> dr------- C:\Users\Julien\Documents 2008-04-27 23:48 . 2006-11-02 14:37 <REP> d-------- C:\Users\Julien\AppData\Roaming\Media Center Programs 2008-04-27 23:48 . 2008-04-27 23:50 <REP> d--h----- C:\Users\Julien\AppData 2008-04-27 23:48 . 2008-05-08 18:25 <REP> d-------- C:\Users\Julien 2008-04-27 23:48 . 2008-04-28 00:20 524,288 --ahs---- C:\Users\Julien\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms 2008-04-27 23:48 . 2008-05-09 21:02 524,288 --ahs---- C:\Users\Julien\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms 2008-04-27 23:48 . 2008-05-09 21:06 262,144 --ah----- C:\Users\Julien\ntuser.dat.LOG1 2008-04-27 23:48 . 2008-05-09 21:02 65,536 --ahs---- C:\Users\Julien\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf 2008-04-27 23:48 . 2008-04-27 23:48 0 --ah----- C:\Users\Julien\ntuser.dat.LOG2 2008-04-27 23:40 . 2008-04-27 23:40 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts 2008-04-27 23:13 . 2007-05-23 09:11 356,352 --a------ C:\Windows\System32\NVUNINST.EXE 2008-04-27 22:46 . 2008-04-27 22:46 1,820 --a------ C:\Windows\System32\rasctrnm.h 2008-04-27 22:33 . 2008-04-27 22:33 988,216 --a------ C:\Windows\System32\winload.exe 2008-04-27 22:33 . 2008-04-27 22:33 927,288 --a------ C:\Windows\System32\winresume.exe 2008-04-27 22:33 . 2008-04-27 22:33 615,992 --a------ C:\Windows\System32\ci.dll 2008-04-27 22:33 . 2008-04-27 22:33 378,368 --a------ C:\Windows\System32\srcore.dll 2008-04-27 22:33 . 2008-04-27 22:33 318,464 --a------ C:\Windows\System32\rstrui.exe 2008-04-27 22:33 . 2008-04-27 22:33 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-04-27 22:33 . 2008-04-27 22:33 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-27 22:33 . 2008-04-27 22:33 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-27 22:33 . 2008-04-27 22:33 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-04-27 22:33 . 2008-04-27 22:33 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-27 22:32 . 2008-04-27 22:32 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-04-27 22:31 . 2008-04-27 22:31 295,936 --a------ C:\Windows\System32\gdi32.dll 2008-04-27 22:24 . 2008-04-27 22:24 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-04-27 22:24 . 2008-04-27 22:24 826,880 --a------ C:\Windows\System32\wininet.dll 2008-04-27 22:10 . 2008-04-27 22:10 0 --a------ C:\Windows\System32\drivers\1043_ASUSTeK_F3Sv.alu 2008-04-27 21:56 . 2008-05-09 21:04 45,056 --a------ C:\Windows\System32\acovcnt.exe 2008-04-27 21:45 . 2008-04-27 21:45 <REP> d-------- C:\Windows\System32\Macromed . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-28 00:09 174 --sha-w C:\Program Files\desktop.ini 2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Mail 2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Journal 2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Defender 2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Calendar . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "MSServer"="C:\Users\Julien\AppData\Local\Temp\fccyXPIa.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 22:37 174872] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440] "CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:12 17920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-23 07:35 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-23 07:35 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-23 07:35 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{626F6EE3-1D13-4764-8DAA-FDB074E205FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{4EA1E534-89A9-425C-B608-727F6A706FD6}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{30C89949-8DC5-48D7-922F-B93015BCE0F8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "{B5B60F39-50E5-4C64-A6FE-1F0AB563F405}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F53990A6-6EF5-433E-8D99-1B259585E1BC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{D3613F09-B485-423E-99A1-933F7925D4E3}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{568FEB82-ABBF-4461-8983-0AB4DC2A0D26}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 19:14] R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-18 23:33] R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-18 23:33] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 12:44] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 08:41] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91609ae-16d4-11dd-b9a1-001bfcd92a36}] \shell\AutoRun\command - H:\MLLaunch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fecc668f-14d6-11dd-9b8d-806e6f6e6963}] \shell\AutoRun\command - F:\AutoRun.exe TMM50PRO TMM50 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-09 21:06:44 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\wlanext.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe C:\Program Files\ASUS\Net4Switch\Net4Switch.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Windows\System32\conime.exe C:\Program Files\ATK Hotkey\HControl.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.bin C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-09 21:10:00 - machine was rebooted [Julien] ComboFix-quarantined-files.txt 2008-05-09 19:09:43 Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Post-Run: 21,514,588,160 octets libres 266 --- E O F --- 2008-05-09 05:16:30 Merci pour ton aide, j'envoie le log de Hijack tres bientôt

ah et j'ai du nouveau, j'ai viré un keylogger,le malware virtumonde grâce à Spybot en attendant

s'il vous plait...... les pros, aidez moi

merci, j'attendrai alors

Bonjour à tous, Mon PC tourne sous Vista SP1, Asus F3SV avec AVAST, Spybot. Il y a quelques jours m'est apparu un trojan par Avast, puis un malware eradiqué (normalement) avec Spybot. Après mon analyse avec Avast aujourd'hui, je n'ai plus de message disant que mon pc est infecté. Néanmoins je sollicite votre aide pour en être sûr, car mon navigateur (IE7) persiste à ouvrir des pop-ups... Ah oui etaussi Spybot veut toujours modifier des .dll (CMDS rundll32.exe) que je refuse car je préfère avoir vote avis avant. eme demande même s je n'ai pas un keylogger parce que mon clavier oublie des lettres (galère d'écrire ce message) J'ai cru comprendre que le premier pas est defaire une analyse avec HiJackThis en mode sans échec, voici le log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:38:22, on 09/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Julien\AppData\Local\Temp\wvUmkiHY.dll,#1 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: APSHook.dll O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe -- End of file - 8106 bytes Voilà pour le moment, j'espère que vous pourrez m'aider, merci d'avance