Aller au contenu

maximeper74

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    5

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par maximeper74

  1. maximeper74
    Non, j'ai l'impression que le problème est réglé ! Merci pour tout !
  2. maximeper74
    Bonjour, Voici le rapport obtenu avec MBAM : Malwarebytes' Anti-Malware 1.12 Version de la base de données: 756 Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 233395 Temps écoulé: 2 hour(s), 21 minute(s), 41 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM99109545 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\gbufgwtn.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\khfCsqrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  3. maximeper74
    Merci pour vos conseils. Voici donc le rapport (PS: l'adresse était en fait C:\ComboFix\ComboFix.txt ) ComboFix 08-05-15.2 - Max 2008-05-16 20:04:44.3 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.956 [GMT 2:00] Endroit: C:\Users\Max\Desktop\ComboFix.exe Command switches used :: C:\Users\Max\Desktop\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\Windows\System32\aexpdqlw.dll C:\Windows\system32\awtuuVMd.dll C:\Windows\System32\byXQHbYS.dll C:\Windows\System32\fjkaoolo.dll C:\Windows\system32\iiffGWNh.dll C:\Windows\System32\ljlfsdks.exe C:\Windows\system32\mljGWQKd.dll C:\Windows\System32\pmnnOFuv.dll C:\Windows\System32\qqboctwt.dll C:\Windows\System32\sfbuucfg.dll C:\Windows\System32\tuvVOFYS.dll G:\LaunchU3.exe -a G:\ReadMe.exe H:\LaunchU3.exe -a . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\aexpdqlw.dll C:\Windows\System32\fjkaoolo.dll C:\Windows\System32\hNWGffii.ini C:\Windows\System32\hNWGffii.ini2 C:\Windows\system32\iiffGWNh.dll C:\Windows\System32\ljlfsdks.exe C:\Windows\System32\pmnnOFuv.dll C:\Windows\System32\qqboctwt.dll C:\Windows\System32\sfbuucfg.dll . ---- Previous Run ------- . C:\Windows\system\update.exe C:\Windows\system32\bphctxgt.ini C:\Windows\System32\dKQWGjlm.ini C:\Windows\System32\dKQWGjlm.ini2 C:\Windows\System32\hNWGffii.ini C:\Windows\System32\hNWGffii.ini2 C:\Windows\system32\loeqklwk.ini C:\Windows\system32\mcrh.tmp C:\Windows\system32\ndxcmofe.ini C:\Windows\system32\olooakjf.ini C:\Windows\System32\vuFOnnmp.ini C:\Windows\System32\vuFOnnmp.ini2 C:\Windows\system32\wlqdpxea.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))))))) . 2008-05-16 19:57 . 2008-05-16 19:57 125,952 --a------ C:\Windows\System32\gbufgwtn.dll 2008-05-16 19:54 . 2008-05-16 19:54 125,952 --a------ C:\Windows\System32\nlcxeqor.dll 2008-05-16 18:58 . 2008-05-15 21:40 59,392 --a------ C:\Windows\System32\khfCsqrr.dll 2008-05-16 11:53 . 2008-05-16 11:53 135,680 --a------ C:\Windows\System32\aliwyddd.dll 2008-05-16 11:45 . 2008-05-16 11:45 125,952 --a------ C:\Windows\System32\tjmxwyuu.dll 2008-05-16 11:08 . 2008-05-16 20:05 594 ---hs---- C:\Windows\System32\wlqdpxea.ini 2008-05-16 10:43 . 2004-05-13 14:15 108,336 --a------ C:\Windows\System32\MSWINSCK.OCX 2008-05-15 23:29 . 2008-05-15 23:29 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-05-15 23:29 . 2008-05-15 23:29 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-05-15 23:29 . 2008-05-15 23:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-15 23:11 . 2008-05-16 20:12 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-15 23:11 . 2008-05-15 23:11 1,409 --a------ C:\Windows\QTFont.for 2008-05-15 22:29 . 2008-05-15 22:29 <REP> d-------- C:\Users\All Users\ALM 2008-05-15 22:29 . 2008-05-15 22:29 <REP> d-------- C:\ProgramData\ALM 2008-05-15 20:38 . 2008-05-16 07:41 <REP> d-a------ C:\Users\All Users\TEMP 2008-05-15 20:38 . 2008-05-16 07:41 <REP> d-a------ C:\ProgramData\TEMP 2008-05-15 20:21 . 2008-05-15 20:21 <REP> d-------- C:\Program Files\Common Files\Control Panels 2008-04-28 07:14 . 2008-05-16 20:12 69 --a------ C:\Windows\NeroDigital.ini 2008-04-22 23:16 . 2008-04-22 23:16 <REP> d-------- C:\Windows\SUYIN NB Cam 2008-04-22 23:16 . 2008-04-22 23:16 <REP> d-------- C:\Program Files\Common Files\snp2uvc 2008-04-22 23:16 . 2007-02-07 18:35 1,729,152 --a------ C:\Windows\System32\drivers\snp2uvc.sys 2008-04-22 23:16 . 2006-11-07 15:17 286,720 --a------ C:\Windows\System32\vsnp2uvc.dll 2008-04-22 23:16 . 2007-04-02 18:40 172,032 --a------ C:\Windows\System32\rsnp2uvc.dll 2008-04-22 23:16 . 2005-11-23 13:55 53,248 --a------ C:\Windows\System32\csnp2uvc.dll 2008-04-22 23:16 . 2007-04-24 11:49 45,056 --a------ C:\Windows\PLFSet.dll 2008-04-22 23:16 . 2006-12-28 11:21 27,904 --a------ C:\Windows\System32\drivers\sncduvc.sys 2008-04-22 11:00 . 2008-04-22 11:00 <REP> d-------- C:\Program Files\iPod 2008-04-22 10:57 . 2008-04-22 10:58 <REP> d-------- C:\Program Files\QuickTime 2008-04-22 10:48 . 2008-04-22 10:48 <REP> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 20:14 --------- d-----w C:\Users\Max\AppData\Roaming\uTorrent 2008-05-15 18:20 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 05:20 --------- d-----w C:\Program Files\Windows Mail 2008-05-14 05:19 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-24 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-22 14:14 --------- d-----w C:\Users\Max\AppData\Roaming\LimeWire 2008-04-22 09:01 --------- d-----w C:\Program Files\iTunes 2008-04-22 08:50 --------- d-----w C:\Program Files\Safari 2008-04-21 17:44 --------- d-----w C:\Program Files\DivX 2008-04-13 21:40 --------- d-----w C:\ProgramData\FLEXnet 2008-04-13 21:23 --------- d-----w C:\Program Files\Bonjour 2008-04-13 20:59 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-04-13 20:36 --------- d-----w C:\Users\Max\AppData\Roaming\Ahead 2008-04-13 19:49 --------- d-----w C:\Users\Max\AppData\Roaming\Nero 2008-04-13 19:44 --------- d-----w C:\Program Files\Common Files\Nero 2008-04-13 19:37 --------- d-----w C:\ProgramData\Nero 2008-04-13 19:37 --------- d-----w C:\Program Files\Nero 2008-04-13 17:36 --------- d-----w C:\Program Files\MestRe-C 2008-04-13 11:32 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-04-13 11:14 --------- d-----w C:\ProgramData\CambridgeSoft 2008-04-13 10:07 --------- d-----w C:\Program Files\CambridgeSoft 2008-04-05 16:56 --------- d-----w C:\Program Files\coolpro2 2008-04-05 16:44 --------- d-----w C:\Users\Max\AppData\Roaming\Syntrillium 2008-03-31 10:50 --------- d-----w C:\Users\Max\AppData\Roaming\Thinstall 2008-03-24 10:49 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-23 18:57 --------- d-----w C:\ProgramData\Age of Empires 3 2008-03-23 09:45 --------- d-----w C:\Program Files\Microsoft Games 2008-03-22 13:52 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-03-22 13:42 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-03-20 22:45 --------- d-----w C:\Program Files\Common Files\Merge Modules 2008-03-20 22:44 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-03-20 21:25 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-20 21:19 --------- d-----w C:\Program Files\Microsoft Device Emulator 2008-03-20 21:18 --------- d-----w C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2008-03-20 19:46 --------- d-----w C:\Program Files\HTML Help Workshop 2008-03-20 19:33 --------- d-----w C:\Program Files\Common Files\Business Objects 2008-03-20 19:30 --------- d-----w C:\ProgramData\PreEmptive Solutions 2008-03-20 19:30 --------- d-----w C:\Program Files\CE Remote Tools 2008-03-20 19:21 --------- d-----w C:\Users\Max\AppData\Roaming\DAEMON Tools 2008-03-19 21:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-03-19 20:22 --------- d-----w C:\Users\Max\AppData\Roaming\ma-config.com 2008-03-19 20:10 --------- d-----w C:\Program Files\ma-config.com 2008-03-19 20:00 174 --sha-w C:\Program Files\desktop.ini 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Journal 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Defender 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Collaboration 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Calendar . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-16_11.23.38.03 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-16 09:05:03 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-05-16 18:11:33 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-05-16 09:03:39 2,548,432 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2008-05-16 18:10:27 2,548,432 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2008-05-16 18:11:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-05-16 18:11:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-05-16 09:05:36 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-16 18:12:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-16 18:12:08 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-05-16 09:05:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-16 18:14:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-05-16 08:49:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-16 18:03:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-05-16 08:49:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-16 18:03:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-16 08:49:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-16 18:03:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-16 05:38:54 11,374 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3387015132-3920879146-529374769-1000_UserData.bin + 2008-05-16 18:13:54 11,794 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3387015132-3920879146-529374769-1000_UserData.bin - 2008-05-16 05:38:53 80,926 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-16 18:13:53 81,332 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-05-16 05:38:42 57,068 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-05-16 18:13:45 57,476 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-05-15 17:25:41 329,306 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-05-16 16:36:57 330,402 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68111499-eb34-489a-b93b-69d865f03df8}] 2008-05-16 11:53 135680 --a------ C:\Windows\system32\aliwyddd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="TOSCDSPD.EXE" [] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 11:14 4444160 C:\Windows\RtHDVCpl.exe] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272] "NDSTray.exe"="NDSTray.exe" [] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 07:32 898344] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-28 18:05 360448] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 13:05 571024] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [ ] "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [ ] "BM99109545"="C:\Windows\system32\gbufgwtn.dll" [2008-05-16 19:57 125952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify] --a------ 2006-11-06 17:14 34352 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet] --a------ 2007-04-24 11:49 45056 C:\Windows\PLFSet.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{6E1D8ECE-1D69-49B3-A3F9-A3EF474DD012}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{F0B38970-2DD7-4F41-9E5A-3B2B87B32F78}"= UDP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System "{C4A5A88A-ADD4-4D18-B128-8AA9A85DFF75}"= TCP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System "{0DB881DB-4D97-4B68-8C5E-9029C10823F8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{B1307F05-F43F-4D3C-A850-F4EF44E34981}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{C7E2F7BE-232B-493E-B221-82C9EA1D046E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{5DF485B8-DF76-4CE9-AF67-5AEC60F688CE}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{0E3D70A4-4038-47AF-B98A-1968AC49BA5B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{5D39399E-44DD-4125-B3D8-3E2E1EBF9976}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{B2881009-D9A7-4529-B2CF-5D04BA9ECE73}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0B2047AE-D358-4933-80EF-88BA4DE4E96A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{52CC07A8-D838-4F6F-9EF3-45BD0D581B86}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{1426B486-2B0F-413C-BD5F-8AE62CD3F114}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:Last.fm "UDP Query User{B21F93BD-706D-4446-B1F8-EF3D038F8BC2}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:Last.fm "TCP Query User{C0D6311B-21F4-4764-8C36-15412CAAC5E2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{8C06F73E-C5FF-4306-8123-EAD07C746C7E}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{F5FF8108-E626-4543-939E-B57DA40B6398}C:\\users\\max\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\max\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{3023540C-375A-4D17-B8D6-3DA88D45D82C}C:\\users\\max\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\max\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{846C026C-B9BB-4F62-8151-C4ADADAA17F2}C:\\users\\max\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\max\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{52F694F5-5BD4-48A1-AA33-62F3BCD58BD5}C:\\users\\max\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\max\program files\utorrent\utorrent.exe:utorrent.exe "{B85A125F-8485-409A-ACD4-9DDBB78E2E79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D4D5FA18-4C35-4995-B4AE-731126973763}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3 "UDP Query User{DBA15090-3615-414B-9098-D7BDFE1BCBD9}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3 "{9F1CFED5-728F-4CEE-95F3-7A7C5DE087A9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{F294958F-190D-4106-B152-99678A586552}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{C7BA3A0D-4705-4FCE-8549-F12A12BA4D3B}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{D45E784F-DB1A-455C-B78E-A807BCA3F5AF}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25] R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13] R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-05-17 20:12] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 05:30] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 01:16] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50] S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [] S3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-03-12 21:47] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 16:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 16:47] S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5ffa67-f816-11dc-aa60-001b3818be7a}] \shell\AutoRun\command - D:\Setupx.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-16 17:04:26 C:\Windows\Tasks\User_Feed_Synchronization-{DB3815D5-7EBD-4415-BAB5-B21DEC03B7D1}.job" - C:\Windows\system32\msfeedssync.exe "2008-05-16 18:03:04 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
  4. maximeper74
    Merci pour votre réponse, je ne suis pas sur d'avoir fait ce qu'il fallait. Voici néanmoins le rapport obtenu : ComboFix 08-05-15.2 - Max 2008-05-16 10:52:35.1 - NTFSx86 Endroit: C:\Users\Max\Desktop\ComboFix.exe * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system\update.exe C:\Windows\system32\bphctxgt.ini C:\Windows\System32\dKQWGjlm.ini C:\Windows\System32\dKQWGjlm.ini2 C:\Windows\system32\loeqklwk.ini C:\Windows\system32\mcrh.tmp C:\Windows\system32\ndxcmofe.ini C:\Windows\system32\olooakjf.ini C:\Windows\System32\vuFOnnmp.ini C:\Windows\System32\vuFOnnmp.ini2 C:\Windows\system32\wlqdpxea.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))))))) . 2008-05-16 11:08 . 2008-05-16 11:08 233 ---hs---- C:\Windows\System32\wlqdpxea.ini 2008-05-16 11:05 . 2008-05-15 21:40 59,392 --a------ C:\Windows\System32\tuvVOFYS.dll 2008-05-16 10:43 . 2004-05-13 14:15 108,336 --a------ C:\Windows\System32\MSWINSCK.OCX 2008-05-16 10:28 . 2008-05-16 10:28 135,680 --a------ C:\Windows\System32\qqboctwt.dll 2008-05-16 10:28 . 2008-05-16 10:28 116,736 --a------ C:\Windows\System32\aexpdqlw.dll 2008-05-16 10:28 . 2008-05-16 10:28 912 --a------ C:\Windows\System32\ljlfsdks.exe 2008-05-16 10:25 . 2008-05-16 10:25 125,952 --a------ C:\Windows\System32\sfbuucfg.dll 2008-05-16 07:42 . 2008-05-16 07:42 370,176 --a------ C:\Windows\System32\pmnnOFuv.dll 2008-05-15 23:29 . 2008-05-15 23:29 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-05-15 23:29 . 2008-05-15 23:29 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-05-15 23:29 . 2008-05-15 23:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-15 23:11 . 2008-05-16 11:09 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-15 23:11 . 2008-05-15 23:11 1,409 --a------ C:\Windows\QTFont.for 2008-05-15 22:52 . 2008-05-15 22:52 116,736 --a------ C:\Windows\System32\fjkaoolo.dll 2008-05-15 22:29 . 2008-05-15 22:29 <REP> d-------- C:\Users\All Users\ALM 2008-05-15 22:29 . 2008-05-15 22:29 <REP> d-------- C:\ProgramData\ALM 2008-05-15 20:38 . 2008-05-16 07:41 <REP> d-a------ C:\Users\All Users\TEMP 2008-05-15 20:38 . 2008-05-16 07:41 <REP> d-a------ C:\ProgramData\TEMP 2008-05-15 20:21 . 2008-05-15 20:21 <REP> d-------- C:\Program Files\Common Files\Control Panels 2008-04-28 07:14 . 2008-05-16 11:05 69 --a------ C:\Windows\NeroDigital.ini 2008-04-22 23:16 . 2008-04-22 23:16 <REP> d-------- C:\Windows\SUYIN NB Cam 2008-04-22 23:16 . 2008-04-22 23:16 <REP> d-------- C:\Program Files\Common Files\snp2uvc 2008-04-22 23:16 . 2007-02-07 18:35 1,729,152 --a------ C:\Windows\System32\drivers\snp2uvc.sys 2008-04-22 23:16 . 2006-11-07 15:17 286,720 --a------ C:\Windows\System32\vsnp2uvc.dll 2008-04-22 23:16 . 2007-04-02 18:40 172,032 --a------ C:\Windows\System32\rsnp2uvc.dll 2008-04-22 23:16 . 2005-11-23 13:55 53,248 --a------ C:\Windows\System32\csnp2uvc.dll 2008-04-22 23:16 . 2007-04-24 11:49 45,056 --a------ C:\Windows\PLFSet.dll 2008-04-22 23:16 . 2006-12-28 11:21 27,904 --a------ C:\Windows\System32\drivers\sncduvc.sys 2008-04-22 11:00 . 2008-04-22 11:00 <REP> d-------- C:\Program Files\iPod 2008-04-22 10:57 . 2008-04-22 10:58 <REP> d-------- C:\Program Files\QuickTime 2008-04-22 10:48 . 2008-04-22 10:48 <REP> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 20:14 --------- d-----w C:\Users\Max\AppData\Roaming\uTorrent 2008-05-15 19:40 59,392 ----a-w C:\Windows\System32\byXQHbYS.dll 2008-05-15 18:20 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 05:20 --------- d-----w C:\Program Files\Windows Mail 2008-05-14 05:19 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-24 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-22 14:14 --------- d-----w C:\Users\Max\AppData\Roaming\LimeWire 2008-04-22 09:01 --------- d-----w C:\Program Files\iTunes 2008-04-22 08:50 --------- d-----w C:\Program Files\Safari 2008-04-21 17:44 --------- d-----w C:\Program Files\DivX 2008-04-13 21:40 --------- d-----w C:\ProgramData\FLEXnet 2008-04-13 21:23 --------- d-----w C:\Program Files\Bonjour 2008-04-13 20:59 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-04-13 20:36 --------- d-----w C:\Users\Max\AppData\Roaming\Ahead 2008-04-13 19:49 --------- d-----w C:\Users\Max\AppData\Roaming\Nero 2008-04-13 19:44 --------- d-----w C:\Program Files\Common Files\Nero 2008-04-13 19:37 --------- d-----w C:\ProgramData\Nero 2008-04-13 19:37 --------- d-----w C:\Program Files\Nero 2008-04-13 17:36 --------- d-----w C:\Program Files\MestRe-C 2008-04-13 11:32 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-04-13 11:14 --------- d-----w C:\ProgramData\CambridgeSoft 2008-04-13 10:07 --------- d-----w C:\Program Files\CambridgeSoft 2008-04-05 16:56 --------- d-----w C:\Program Files\coolpro2 2008-04-05 16:44 --------- d-----w C:\Users\Max\AppData\Roaming\Syntrillium 2008-03-31 10:50 --------- d-----w C:\Users\Max\AppData\Roaming\Thinstall 2008-03-24 10:49 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-23 18:57 --------- d-----w C:\ProgramData\Age of Empires 3 2008-03-23 09:45 --------- d-----w C:\Program Files\Microsoft Games 2008-03-22 13:52 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-03-22 13:42 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-03-20 22:45 --------- d-----w C:\Program Files\Common Files\Merge Modules 2008-03-20 22:44 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-03-20 21:25 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-20 21:19 --------- d-----w C:\Program Files\Microsoft Device Emulator 2008-03-20 21:18 --------- d-----w C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2008-03-20 19:46 --------- d-----w C:\Program Files\HTML Help Workshop 2008-03-20 19:33 --------- d-----w C:\Program Files\Common Files\Business Objects 2008-03-20 19:30 --------- d-----w C:\ProgramData\PreEmptive Solutions 2008-03-20 19:30 --------- d-----w C:\Program Files\CE Remote Tools 2008-03-20 19:21 --------- d-----w C:\Users\Max\AppData\Roaming\DAEMON Tools 2008-03-19 21:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-03-19 20:22 --------- d-----w C:\Users\Max\AppData\Roaming\ma-config.com 2008-03-19 20:10 --------- d-----w C:\Program Files\ma-config.com 2008-03-19 20:00 174 --sha-w C:\Program Files\desktop.ini 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Journal 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Defender 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Collaboration 2008-03-19 19:47 --------- d-----w C:\Program Files\Windows Calendar 2008-03-19 19:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-03-19 19:17 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-03-19 18:32 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-03-19 18:32 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E09815B-5946-4CE1-9158-C0346E08E793}] C:\Windows\system32\mljGWQKd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD612DF8-ADC2-49C5-85B4-C2DB01A135CF}] 2008-05-16 11:13 370688 --a------ C:\Windows\system32\iiffGWNh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cbe85bfe-fc7c-4739-8c9c-8644410119d0}] 2008-05-16 10:28 135680 --a------ C:\Windows\system32\qqboctwt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="TOSCDSPD.EXE" [] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 11:14 4444160 C:\Windows\RtHDVCpl.exe] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272] "MSServer"="C:\Windows\system32\tuvVOFYS.dll" [2008-05-15 21:40 59392] "NDSTray.exe"="NDSTray.exe" [] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 07:32 898344] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-28 18:05 360448] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 13:05 571024] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [ ] "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [ ] "9a23a6d9"="C:\Windows\system32\aexpdqlw.dll" [2008-05-16 10:28 116736] "BM99109545"="C:\Windows\system32\sfbuucfg.dll" [2008-05-16 10:25 125952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\Windows\system32\tuvVOFYS.dll [2008-05-15 21:40 59392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\iiffGWNh [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9a23a6d9] --a------ 2008-05-15 22:52 116736 C:\Windows\system32\fjkaoolo.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify] --a------ 2006-11-06 17:14 34352 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] C:\Windows\system32\awtuuVMd.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet] --a------ 2007-04-24 11:49 45056 C:\Windows\PLFSet.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{6E1D8ECE-1D69-49B3-A3F9-A3EF474DD012}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{F0B38970-2DD7-4F41-9E5A-3B2B87B32F78}"= UDP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System "{C4A5A88A-ADD4-4D18-B128-8AA9A85DFF75}"= TCP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System "{0DB881DB-4D97-4B68-8C5E-9029C10823F8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{B1307F05-F43F-4D3C-A850-F4EF44E34981}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{C7E2F7BE-232B-493E-B221-82C9EA1D046E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{5DF485B8-DF76-4CE9-AF67-5AEC60F688CE}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{0E3D70A4-4038-47AF-B98A-1968AC49BA5B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{5D39399E-44DD-4125-B3D8-3E2E1EBF9976}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{B2881009-D9A7-4529-B2CF-5D04BA9ECE73}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0B2047AE-D358-4933-80EF-88BA4DE4E96A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{52CC07A8-D838-4F6F-9EF3-45BD0D581B86}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{1426B486-2B0F-413C-BD5F-8AE62CD3F114}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:Last.fm "UDP Query User{B21F93BD-706D-4446-B1F8-EF3D038F8BC2}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:Last.fm "TCP Query User{C0D6311B-21F4-4764-8C36-15412CAAC5E2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{8C06F73E-C5FF-4306-8123-EAD07C746C7E}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{F5FF8108-E626-4543-939E-B57DA40B6398}C:\\users\\max\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\max\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{3023540C-375A-4D17-B8D6-3DA88D45D82C}C:\\users\\max\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\max\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{846C026C-B9BB-4F62-8151-C4ADADAA17F2}C:\\users\\max\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\max\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{52F694F5-5BD4-48A1-AA33-62F3BCD58BD5}C:\\users\\max\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\max\program files\utorrent\utorrent.exe:utorrent.exe "{B85A125F-8485-409A-ACD4-9DDBB78E2E79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D4D5FA18-4C35-4995-B4AE-731126973763}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3 "UDP Query User{DBA15090-3615-414B-9098-D7BDFE1BCBD9}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3 "{9F1CFED5-728F-4CEE-95F3-7A7C5DE087A9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{F294958F-190D-4106-B152-99678A586552}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{C7BA3A0D-4705-4FCE-8549-F12A12BA4D3B}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{D45E784F-DB1A-455C-B78E-A807BCA3F5AF}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 05:30] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 01:16] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 16:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 16:47] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf2a3fa-019c-11dd-9a34-001b3818be7a}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d6d14ab-f6a9-11dc-9109-001b3818be7a}] \shell\AutoRun\command - D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7149eb74-5265-11dc-a0db-001b3818be7a}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74cb28d9-e22e-11dc-bf8a-001b3818be7a}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d5b508c-e3a0-11dc-8ea4-001b3818be7a}] \shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5ffa67-f816-11dc-aa60-001b3818be7a}] \shell\AutoRun\command - D:\Setupx.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-15 15:10:28 C:\Windows\Tasks\User_Feed_Synchronization-{DB3815D5-7EBD-4415-BAB5-B21DEC03B7D1}.job" - C:\Windows\system32\msfeedssync.exe "2008-05-16 09:03:08 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
  5. maximeper74
    Je crois que je me suis fait contaminer en ouvrant un fichier .exe téléchargé un peu douteux... (je sais j'aurais pas dû..) Mon antivirus est Bitdefender (il me signale une infection mais dit quil n'y a aucune action possible). Voila une capture de ce que je vois au démarrage (2 fois le meme message d'erreur + Bit defender). Mon ordinateur est du coup fortement ralenti.. surtout au démarrage. Voici le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:55:55, on 16/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Safari\Safari.exe C:\Windows\system32\rundll32.exe C:\Users\Max\Documents\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E09815B-5946-4CE1-9158-C0346E08E793} - C:\Windows\system32\mljGWQKd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXQHbYS.dll,#1 O4 - HKLM\..\Run: [9a23a6d9] rundll32.exe "C:\Windows\system32\kwlkqeol.dll",b O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing) O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-...1&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 11242 bytes Merci d'avance pour votre aide !
×
×
  • Créer...