Dadishome

Membres

Afficher le profil Afficher son activité

Compteur de contenus
11
Inscription
le 12 juin 2008
Dernière visite
le 21 juin 2008

Dadishome's Achievements

Junior Member (3/12)

Réputation sur la communauté

Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

Non tout va bien pour le moment, en fait, depuis que j'ai fait le premier scan avec ComboFix en fin de matinée tout mes problemes ont disparus.
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

ok, merci beaucoup pour ton aide en tout cas.
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

l'archive fait 5,27Mo
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

c'est fait, elles n'apparaissent plus.
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

bah j'ai collé le rapport qui s'affichait lorsque l'analyse s'est terminé...voici le dernier rapport d'Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:34:32, on 14/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ASScrPro.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\MSC\mcregist.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe C:\PROGRA~1\EASYPH~1.0B1\MySql\bin\mysqld.exe C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Program Files\BitComet Turbo\BitComet Turbo.exe C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\user\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [bM23e97a39] Rundll32.exe "C:\Windows\system32\xluatstu.dll",s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 8596 bytes
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

en fait quand je fais glisser le fichier texte dans combofix.exe (les deux sont sur le bureau) ça me lance combofix.exe...et ca recommence l'analyse
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

Voici le rapport : ComboFix 08-06-12.2 - user 2008-06-14 21:13:05.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.921 [GMT 2:00] Endroit: G:\ComboFix.exe Command switches used :: C:\Users\user\Desktop\CFScript.txt * Resident AV is active . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier créé dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-14 19:11 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-06-14 19:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-14 15:02 --------- d-----w C:\ProgramData\Google Updater 2008-06-14 09:16 --------- d---a-w C:\ProgramData\TEMP 2008-06-13 13:32 --------- d-----w C:\Program Files\McAfee 2008-06-13 08:52 --------- d-----w C:\Program Files\Enigma Software Group 2008-06-13 07:46 --------- d-----w C:\Users\user\AppData\Roaming\SiteAdvisor 2008-06-13 06:30 --------- d-----w C:\Program Files\Trojan Remover 2008-06-13 06:29 --------- d-----w C:\Users\user\AppData\Roaming\Simply Super Software 2008-06-13 06:29 --------- d-----w C:\ProgramData\Simply Super Software 2008-06-12 20:21 --------- d-----w C:\Users\user\AppData\Roaming\Grisoft 2008-06-12 20:21 --------- d-----w C:\ProgramData\Grisoft 2008-06-12 18:58 --------- d-----w C:\Program Files\WinamaxPoker 2008-06-12 15:45 --------- d-----w C:\ProgramData\SiteAdvisor 2008-06-12 15:45 --------- d-----w C:\ProgramData\McAfee 2008-06-12 15:45 --------- d-----w C:\Program Files\SiteAdvisor 2008-06-12 15:43 --------- d-----w C:\Program Files\Common Files\McAfee 2008-06-12 15:42 --------- d-----w C:\Program Files\McAfee.com 2008-06-12 15:37 --------- d-----w C:\Users\user\AppData\Roaming\BitComet Turbo 2008-06-10 07:40 --------- d-----w C:\ProgramData\Avira 2008-06-09 16:36 94,208 ----a-w C:\Windows\eobp.exe 2008-06-08 15:43 --------- d-----w C:\Program Files\PokerStars.NET 2008-06-04 15:37 --------- d-----w C:\Users\user\AppData\Roaming\DBDesigner4 2008-06-03 08:02 --------- d-----w C:\Program Files\fabFORCE 2008-06-03 07:50 --------- d-----w C:\Program Files\Common Files\fabFORCE 2008-06-02 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-29 09:26 --------- d-----w C:\Program Files\UltraVNC 2008-05-20 19:41 --------- d-----w C:\Program Files\BitComet Turbo 2008-05-20 14:49 --------- d-----w C:\Program Files\Common Files\ESRI 2008-05-20 14:47 --------- d-----w C:\Program Files\Common Files\SAP Shared 2008-05-20 14:45 --------- d-----w C:\Program Files\SAP 2008-05-20 14:29 --------- d-----w C:\Program Files\Common Files\Deterministic Networks 2008-05-20 14:29 --------- d-----w C:\Program Files\Cisco Systems 2008-05-16 14:50 --------- d-----w C:\Program Files\EasyPHP 2.0b1 2008-05-16 14:48 --------- d-----w C:\Program Files\EasyPHP1-8 2008-05-15 13:07 0 ----a-w C:\Users\user\hsqlprefs.dat 2008-05-15 07:43 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-15 07:43 --------- d-----w C:\Program Files\Windows Mail 2008-04-30 12:31 --------- d-----w C:\Program Files\glassfish-v2ur2 2008-04-30 12:28 --------- d-----w C:\Program Files\NetBeans 6.1 2008-04-30 12:24 --------- d-----w C:\Program Files\Sun 2008-04-30 12:24 --------- d-----w C:\Program Files\Java 2008-04-30 10:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-19 16:47 --------- d-----w C:\Program Files\TVAnts 2008-04-19 07:40 174 --sha-w C:\Program Files\desktop.ini 2008-04-19 07:38 --------- d-----w C:\Program Files\Windows Calendar 2008-04-18 18:10 --------- d-----w C:\Program Files\Google 2008-04-18 14:54 --------- d-----w C:\Program Files\VideoLAN 2008-04-18 14:49 --------- d-----w C:\Program Files\Neuf 2008-04-18 12:26 --------- d-----w C:\ProgramData\EPSON . ((((((((((((((((((((((((((((( snapshot@2008-06-14_12.00.22.12 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-14 09:53:35 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-14 17:41:59 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-14 19:12:48 6,119,424 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT - 2008-06-14 09:53:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-14 12:04:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-06-14 09:53:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-06-14 12:04:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-13 08:01:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-14 12:08:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-13 08:01:49 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-14 12:08:36 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-13 08:01:49 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-14 12:08:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-06-14 09:54:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-14 12:07:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-14 12:07:33 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-14 09:56:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-14 19:27:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-06-14 08:56:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-14 12:04:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-14 08:56:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-14 12:04:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-14 08:56:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-14 12:04:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-09 21:35:04 16,863,864 ----a-w C:\Windows\System32\mrt.exe + 2008-05-29 23:35:11 17,486,968 ----a-w C:\Windows\System32\mrt.exe - 2008-06-12 20:59:40 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-06-14 12:11:56 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-06-14 09:56:39 7,816 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-109432522-3344556543-3763544848-1000_UserData.bin + 2008-06-14 12:07:53 8,102 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-109432522-3344556543-3763544848-1000_UserData.bin - 2008-06-14 09:56:38 82,064 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-14 12:07:52 82,134 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-14 09:56:33 46,226 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-14 12:07:50 46,448 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-06-12 20:12:16 27,884,300 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-06-14 12:21:40 28,605,917 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthenum.sys + 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthport.sys + 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\BTHUSB.SYS + 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\fsquirt.exe + 2008-04-29 01:35:24 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthenum.sys + 2008-04-29 01:35:25 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthport.sys + 2008-04-29 01:35:23 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\BTHUSB.SYS + 2008-04-29 01:35:24 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\fsquirt.exe + 2008-01-19 05:53:38 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthenum.sys + 2008-04-29 01:42:23 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthport.sys + 2008-04-29 01:42:21 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\BTHUSB.SYS + 2008-04-29 03:54:02 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\fsquirt.exe + 2008-04-29 01:43:50 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthenum.sys + 2008-04-29 01:43:50 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthport.sys + 2008-04-29 01:43:48 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\BTHUSB.SYS + 2008-04-29 01:43:51 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\fsquirt.exe + 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16681_none_a98fa7bdf5e9f5de\advpack.dll + 2008-04-25 04:06:14 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20823_none_aa5c268b0ed51dd7\advpack.dll + 2008-04-26 08:02:05 1,327,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.16681_none_a4347a24f0ff937a\quartz.dll + 2008-04-26 07:41:59 1,327,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.20823_none_a500f8f209eabb73\quartz.dll + 2008-04-26 08:08:15 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.18063_none_a6325936ee141f37\quartz.dll + 2008-04-26 07:57:58 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.22167_none_a6bff72a072e245d\quartz.dll + 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16681_none_eb8ab16d1682dbdd\pngfilt.dll + 2008-04-25 04:09:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20823_none_ec57303a2f6e03d6\pngfilt.dll + 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_b2a75a1fd9e35341\urlmon.dll + 2008-04-25 04:09:51 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_b373d8ecf2ce7b3a\urlmon.dll + 2008-04-25 04:35:19 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_b4a53931d6f7defe\urlmon.dll + 2008-04-25 04:21:54 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_b532d724f011e424\urlmon.dll + 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16681_none_de89e8e87f8c12b0\mstime.dll + 2008-04-25 04:08:10 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20823_none_df5667b598773aa9\mstime.dll + 2008-04-25 04:35:16 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18063_none_e087c7fa7ca09e6d\mstime.dll + 2008-04-25 04:20:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22167_none_e11565ed95baa393\mstime.dll + 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\jsproxy.dll + 2008-04-25 04:23:11 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll + 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\WininetPlugin.dll + 2008-04-25 04:07:19 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\jsproxy.dll + 2008-04-25 04:09:57 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll + 2008-04-25 04:09:57 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\WininetPlugin.dll + 2008-04-25 04:35:13 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\jsproxy.dll + 2008-04-25 04:35:23 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll + 2008-04-25 04:35:24 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\WininetPlugin.dll + 2008-04-25 04:19:00 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\jsproxy.dll + 2008-04-25 04:22:01 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll + 2008-04-25 04:22:01 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\WininetPlugin.dll + 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16681_none_f956589b6ed7f427\ieapfltr.dll + 2008-04-25 04:07:00 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20823_none_fa22d76887c31c20\ieapfltr.dll + 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtmsft.dll + 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtrans.dll + 2008-04-25 04:06:44 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtmsft.dll + 2008-04-25 04:06:44 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtrans.dll + 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16681_none_45ed2bab467e2ce2\mshtmled.dll + 2008-04-25 04:07:54 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20823_none_46b9aa785f6954db\mshtmled.dll + 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16681_none_110754e02542e30a\mshtml.dll + 2008-04-25 04:07:54 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20823_none_11d3d3ad3e2e0b03\mshtml.dll + 2008-04-25 04:35:14 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18063_none_130533f222576ec7\mshtml.dll + 2008-04-25 04:19:50 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22167_none_1392d1e53b7173ed\mshtml.dll + 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16681_none_585fc1aa67576f13\icardie.dll + 2008-04-25 04:06:59 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20823_none_592c40778042970c\icardie.dll + 2008-04-25 04:22:36 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\ieUnatt.exe + 2008-04-25 04:22:36 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe + 2008-04-25 02:03:49 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\ieUnatt.exe + 2008-04-25 02:04:08 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe + 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\ie4uinit.exe + 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iernonce.dll + 2008-04-25 04:23:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iesetup.dll + 2008-04-25 02:03:38 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\ie4uinit.exe + 2008-04-25 04:07:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iernonce.dll + 2008-04-25 04:07:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iesetup.dll + 2008-04-25 04:23:06 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16681_none_29ba0dd8684286b9\iebrshim.dll + 2008-04-25 04:07:00 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20823_none_2a868ca5812daeb2\iebrshim.dll + 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieframe.dll + 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieui.dll + 2008-04-25 04:07:06 6,068,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieframe.dll + 2008-04-25 04:07:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieui.dll + 2008-04-25 04:22:36 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16681_none_e6601b6294bbc56f\ieinstal.exe + 2008-04-25 02:04:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20823_none_e72c9a2fada6ed68\ieinstal.exe + 2008-04-25 04:22:36 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16681_none_0b08507ed7368521\ieuser.exe + 2008-04-25 02:04:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20823_none_0bd4cf4bf021ad1a\ieuser.exe + 2008-05-02 22:21:56 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16688_none_f0535e6e6e8d6c76\OESpamFilter.dat + 2008-05-02 22:17:48 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20833_none_f10e0b498786feff\OESpamFilter.dat + 2008-05-02 22:18:31 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18071_none_f23d6afa6bb23015\OESpamFilter.dat + 2008-05-02 22:17:54 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22178_none_f2ce09cb84c98140\OESpamFilter.dat + 2008-05-10 01:21:06 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys + 2008-05-10 03:30:50 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll + 2008-05-10 01:15:20 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys + 2008-05-10 03:14:30 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll + 2008-05-10 01:33:10 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys + 2008-05-10 01:20:02 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys + 2008-05-10 03:22:18 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @={A8D448F4-0431-45AC-9F5E-E1B434AB2249} [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 03:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-04 14:50 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-18 20:08 68856] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe] "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648] "PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ] "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-02-22 23:53 33136] "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-02-22 23:53 37232] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-04 15:02 1006264] "BM23e97a39"="C:\Windows\system32\xluatstu.dll" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 20:08:03 124400] VPN Client.lnk - C:\Windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-05-20 16:30:32 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3650AB65-A6D1-4DC5-9BE4-DBC503793191}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{F110D963-24A4-4A32-AECB-4D7B92F57578}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "UDP Query User{0593DCFB-547A-44F4-AD8D-575623AAFA1A}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "{83E02905-2596-472E-84B3-9906644AB6B7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{CE1C8D65-D55F-4CAE-A1A2-1F51F3AD3D9D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{011E3821-BF95-4DDE-A19D-B10419DC7029}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{D5854082-714F-4C4C-BDDF-8DECEF86579D}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{2F671D2A-8B07-49C3-8AE8-FDBE7D95D0DA}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{4AD0D25E-F2C1-4274-BD9B-0D104EF0C931}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "UDP Query User{19FA8CDF-1538-4D69-BDFB-2E95D8600CD6}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "TCP Query User{CBF28D7D-DFCF-4402-A908-985547FA5C79}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "UDP Query User{677664CF-46B1-422D-B82F-9108385E457F}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "TCP Query User{6F296CA2-41C4-4AF1-8D12-E9B8271C99C5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{DB254BB1-8B43-4838-ABE4-F3E32F7428D4}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{3B7F721A-80A7-46F3-A6C6-C37958CBF703}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts "UDP Query User{468E9032-FBEC-47E6-AB79-F64579BD7718}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts "TCP Query User{3CCC03D9-1155-48DF-9221-ED727760AB6E}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "UDP Query User{09AB9664-2986-4F55-9D58-3190D403A65A}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "TCP Query User{BDA099A4-DF21-4F41-B405-EDD2F71E2381}C:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\java.exe:Java Platform SE binary "UDP Query User{3E586B84-42EF-4716-8834-F2C127715748}C:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\java.exe:Java Platform SE binary "TCP Query User{A8E1B1F3-1589-46B8-BC41-34D46C361507}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java Platform SE binary "UDP Query User{210AD7BD-E7FF-4FC9-A067-5859176ED567}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java Platform SE binary "TCP Query User{61E54E16-BE82-4C6F-82DD-35645AA7107E}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary "UDP Query User{3540DB27-803B-4F09-A658-4F64E0D56941}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary "TCP Query User{0826FC94-172E-46E2-91B1-2E3A2227F439}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary "UDP Query User{F9FB7A6B-F70F-4EBE-9B04-98C3A17F9D5C}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary "TCP Query User{904330A8-C8B7-41F9-9F3D-7BAFA47B099D}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary "UDP Query User{45E3FB52-0C41-4C7D-BDB5-86CE097A054B}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary "TCP Query User{59781AF4-1D08-441A-80F8-99C5C8DF833F}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary "UDP Query User{0226F0BE-DC1E-4C9C-A823-F9CD791AE0D2}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary "TCP Query User{3786AC85-0F63-4976-BB58-B42642C820DD}D:\\eclipse\\eclipse.exe"= UDP:D:\eclipse\eclipse.exe:eclipse "UDP Query User{3E2DE422-197E-4DB6-84EA-6C13B9EAE37B}D:\\eclipse\\eclipse.exe"= TCP:D:\eclipse\eclipse.exe:eclipse "TCP Query User{46264452-1B1C-4375-9AC2-FD57FCA0062B}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java Platform SE binary "UDP Query User{66AF4D16-CB3B-4026-BC90-D324FACA0349}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java Platform SE binary "TCP Query User{3C4C991F-3255-4A5D-8725-010AD2210EE3}C:\\mysql\\bin\\mysqld.exe"= UDP:C:\mysql\bin\mysqld.exe:mysqld "UDP Query User{A78CA393-57F1-4796-A9F3-629960ADE8AF}C:\\mysql\\bin\\mysqld.exe"= TCP:C:\mysql\bin\mysqld.exe:mysqld "TCP Query User{F8C41D47-F304-4D68-89A9-05446C4D59A5}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= UDP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows "UDP Query User{0C3D2A7E-96AD-44DE-88D8-E8DC2B797591}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= TCP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows "TCP Query User{5CDA859E-B4BA-4ECF-84D0-702A56AE2760}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= UDP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows "UDP Query User{168505D0-67EA-4C58-BFC1-3DB43DD59FA0}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= TCP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows "TCP Query User{18FB9B8B-DCB5-4653-9D01-0B3A81E9E3CB}D:\\eclipse\\eclipse.exe"= UDP:D:\eclipse\eclipse.exe:eclipse "UDP Query User{EAD1218D-0EBD-42B1-B84E-D1C92CCAF563}D:\\eclipse\\eclipse.exe"= TCP:D:\eclipse\eclipse.exe:eclipse "TCP Query User{B8E3D5D2-8284-4107-AF23-631851660F1F}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts "UDP Query User{2153339C-9B55-41A8-8D19-462B1CB1E54A}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts "TCP Query User{3EAEAB78-386C-4E0F-BFC8-2CC70D3DF1CF}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32 "UDP Query User{61850D05-BAB6-4ADB-9516-6103D20855F6}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32 "{7D7C7041-32B1-47FE-9A53-E84F69D169B3}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 09:28] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 04:15] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012adae3-1d95-11dd-a9c0-001d604ea05b}] \shell\Auto\command - cmd /C launch.bat \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eeea8b7-e9ec-11dc-9444-001d604ea05b}] \shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93f8c8ce-0638-11dd-b9eb-001d604ea05b}] \shell\AutoRun\command - explorer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e388286b-eab9-11dc-bc70-001d604ea05b}] \shell\AutoRun\command - I:\autorun.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-12 18:46:32 C:\Windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-06-12 18:46:32 C:\Windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-14 21:27:32 Windows 6.0.6000 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... C:\ADSM_PData_0150 Scan terminé avec succès Les fichiers cachés: 1 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\Windows\explorer.exe -> C:\Program Files\SiteAdvisor\6172\saHook.dll -> :\Windows\system32\SXS.DLL . Temps d'accomplissement: 2008-06-14 21:30:55 ComboFix-quarantined-files.txt 2008-06-14 19:30:38 ComboFix2.txt 2008-06-14 10:01:23 Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. 339 --- E O F --- 2008-06-14 12:16:52
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

voila : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:07:09, on 14/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ASScrPro.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\MSC\mcregist.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe C:\Windows\system32\conime.exe C:\PROGRA~1\EASYPH~1.0B1\MySql\bin\mysqld.exe C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinamaxPoker\WinamaxPoker.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\user\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [bM23e97a39] Rundll32.exe "C:\Windows\system32\xluatstu.dll",s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 9624 bytes Depuis que j'ai utilisé Combofix il n'y a plus de probleme donc merci beaucoup Falkra en esperant que ca dure...
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

Voici le rapport de Combofix : ComboFix 08-06-12.2 - user 2008-06-14 11:36:14.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1159 [GMT 2:00] Endroit: C:\Users\user\Desktop\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\p4p C:\Program Files\p4p\P4P.exe C:\Program Files\p4p\RING.WAV C:\Windows\Fonts\CALIBRIB.TTF C:\Windows\nogxfvbllna.dll C:\Windows\system32\alqpfidc.ini C:\Windows\system32\avhcfhtv.ini C:\Windows\system32\bsknvyik.ini C:\Windows\system32\dkrpswrw.ini C:\Windows\system32\dxgesxce.dll C:\Windows\system32\fmmcreqx.ini C:\Windows\system32\hbncnsax.ini C:\Windows\system32\jyoixidx.ini C:\Windows\system32\kidcltfn.ini C:\Windows\system32\lh30645.dll C:\Windows\System32\Lkmllnmp.ini C:\Windows\System32\Lkmllnmp.ini2 C:\Windows\system32\mhcyqrlf.ini C:\Windows\System32\nTDehggh.ini C:\Windows\System32\nTDehggh.ini2 C:\Windows\system32\olafcfrb.ini C:\Windows\System32\oonVxyxx.ini C:\Windows\System32\oonVxyxx.ini2 C:\Windows\system32\qbbvvvwf.ini C:\Windows\system32\qbpcjldr.ini C:\Windows\System32\QsrsDfhk.ini C:\Windows\System32\QsrsDfhk.ini2 C:\Windows\system32\rpscsorn.ini C:\Windows\System32\rrsDNpVw.ini C:\Windows\System32\rrsDNpVw.ini2 C:\Windows\System32\RYISBJjl.ini C:\Windows\System32\RYISBJjl.ini2 C:\Windows\System32\ttwadfhk.ini C:\Windows\System32\ttwadfhk.ini2 C:\Windows\system32\uhtxwosi.ini C:\Windows\System32\VDLUwGgh.ini C:\Windows\System32\VDLUwGgh.ini2 C:\Windows\system32\xekgrruj.ini C:\Windows\system32\xluatstu.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier cr‚‚ dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-14 09:16 --------- d---a-w C:\ProgramData\TEMP 2008-06-13 14:02 --------- d-----w C:\ProgramData\Google Updater 2008-06-13 13:32 --------- d-----w C:\Program Files\McAfee 2008-06-13 08:52 --------- d-----w C:\Program Files\Enigma Software Group 2008-06-13 07:46 --------- d-----w C:\Users\user\AppData\Roaming\SiteAdvisor 2008-06-13 06:30 --------- d-----w C:\Program Files\Trojan Remover 2008-06-13 06:29 --------- d-----w C:\Users\user\AppData\Roaming\Simply Super Software 2008-06-13 06:29 --------- d-----w C:\ProgramData\Simply Super Software 2008-06-12 20:21 --------- d-----w C:\Users\user\AppData\Roaming\Grisoft 2008-06-12 20:21 --------- d-----w C:\ProgramData\Grisoft 2008-06-12 18:58 --------- d-----w C:\Program Files\WinamaxPoker 2008-06-12 18:11 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-06-12 17:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-12 15:45 --------- d-----w C:\ProgramData\SiteAdvisor 2008-06-12 15:45 --------- d-----w C:\ProgramData\McAfee 2008-06-12 15:45 --------- d-----w C:\Program Files\SiteAdvisor 2008-06-12 15:43 --------- d-----w C:\Program Files\Common Files\McAfee 2008-06-12 15:42 --------- d-----w C:\Program Files\McAfee.com 2008-06-12 15:37 --------- d-----w C:\Users\user\AppData\Roaming\BitComet Turbo 2008-06-10 07:40 --------- d-----w C:\ProgramData\Avira 2008-06-09 16:36 94,208 ----a-w C:\Windows\eobp.exe 2008-06-08 15:43 --------- d-----w C:\Program Files\PokerStars.NET 2008-06-04 15:37 --------- d-----w C:\Users\user\AppData\Roaming\DBDesigner4 2008-06-03 08:02 --------- d-----w C:\Program Files\fabFORCE 2008-06-03 07:50 --------- d-----w C:\Program Files\Common Files\fabFORCE 2008-06-02 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-29 09:26 --------- d-----w C:\Program Files\UltraVNC 2008-05-20 19:41 --------- d-----w C:\Program Files\BitComet Turbo 2008-05-20 14:49 --------- d-----w C:\Program Files\Common Files\ESRI 2008-05-20 14:47 --------- d-----w C:\Program Files\Common Files\SAP Shared 2008-05-20 14:45 --------- d-----w C:\Program Files\SAP 2008-05-20 14:29 --------- d-----w C:\Program Files\Common Files\Deterministic Networks 2008-05-20 14:29 --------- d-----w C:\Program Files\Cisco Systems 2008-05-16 14:50 --------- d-----w C:\Program Files\EasyPHP 2.0b1 2008-05-16 14:48 --------- d-----w C:\Program Files\EasyPHP1-8 2008-05-15 13:07 0 ----a-w C:\Users\user\hsqlprefs.dat 2008-05-15 07:43 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-15 07:43 --------- d-----w C:\Program Files\Windows Mail 2008-04-30 12:31 --------- d-----w C:\Program Files\glassfish-v2ur2 2008-04-30 12:28 --------- d-----w C:\Program Files\NetBeans 6.1 2008-04-30 12:24 --------- d-----w C:\Program Files\Sun 2008-04-30 12:24 --------- d-----w C:\Program Files\Java 2008-04-30 10:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-19 16:47 --------- d-----w C:\Program Files\TVAnts 2008-04-19 07:40 174 --sha-w C:\Program Files\desktop.ini 2008-04-19 07:38 --------- d-----w C:\Program Files\Windows Calendar 2008-04-18 18:10 --------- d-----w C:\Program Files\Google 2008-04-18 14:54 --------- d-----w C:\Program Files\VideoLAN 2008-04-18 14:49 --------- d-----w C:\Program Files\Neuf 2008-04-18 12:26 --------- d-----w C:\ProgramData\EPSON . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2587F5F9-BCDF-4076-98EF-AFC65C5BD816}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EF44844-04E6-452E-855F-13E2FA457882}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73F38FF1-5589-4054-8854-D9CC3D41BF98}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF8390-552B-4D55-9F62-00D032032691}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C36625A1-9D20-4D9D-84D9-79505549B922}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E737D12F-5D58-46AE-B23A-2E10B9B59493}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @={A8D448F4-0431-45AC-9F5E-E1B434AB2249} [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 03:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-04 14:50 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-18 20:08 68856] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe] "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648] "PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ] "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-02-22 23:53 33136] "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-02-22 23:53 37232] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-04 15:02 1006264] "BM23e97a39"="C:\Windows\system32\xluatstu.dll" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 20:08:03 124400] VPN Client.lnk - C:\Windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-05-20 16:30:32 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3650AB65-A6D1-4DC5-9BE4-DBC503793191}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{F110D963-24A4-4A32-AECB-4D7B92F57578}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "UDP Query User{0593DCFB-547A-44F4-AD8D-575623AAFA1A}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "{83E02905-2596-472E-84B3-9906644AB6B7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{CE1C8D65-D55F-4CAE-A1A2-1F51F3AD3D9D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{011E3821-BF95-4DDE-A19D-B10419DC7029}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{D5854082-714F-4C4C-BDDF-8DECEF86579D}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{2F671D2A-8B07-49C3-8AE8-FDBE7D95D0DA}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{4AD0D25E-F2C1-4274-BD9B-0D104EF0C931}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "UDP Query User{19FA8CDF-1538-4D69-BDFB-2E95D8600CD6}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "TCP Query User{CBF28D7D-DFCF-4402-A908-985547FA5C79}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "UDP Query User{677664CF-46B1-422D-B82F-9108385E457F}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "TCP Query User{6F296CA2-41C4-4AF1-8D12-E9B8271C99C5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{DB254BB1-8B43-4838-ABE4-F3E32F7428D4}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{3B7F721A-80A7-46F3-A6C6-C37958CBF703}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts "UDP Query User{468E9032-FBEC-47E6-AB79-F64579BD7718}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts "TCP Query User{3CCC03D9-1155-48DF-9221-ED727760AB6E}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "UDP Query User{09AB9664-2986-4F55-9D58-3190D403A65A}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "TCP Query User{BDA099A4-DF21-4F41-B405-EDD2F71E2381}C:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\java.exe:Java Platform SE binary "UDP Query User{3E586B84-42EF-4716-8834-F2C127715748}C:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\java.exe:Java Platform SE binary "TCP Query User{A8E1B1F3-1589-46B8-BC41-34D46C361507}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java Platform SE binary "UDP Query User{210AD7BD-E7FF-4FC9-A067-5859176ED567}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java Platform SE binary "TCP Query User{61E54E16-BE82-4C6F-82DD-35645AA7107E}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary "UDP Query User{3540DB27-803B-4F09-A658-4F64E0D56941}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary "TCP Query User{0826FC94-172E-46E2-91B1-2E3A2227F439}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary "UDP Query User{F9FB7A6B-F70F-4EBE-9B04-98C3A17F9D5C}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java Platform SE binary "TCP Query User{904330A8-C8B7-41F9-9F3D-7BAFA47B099D}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary "UDP Query User{45E3FB52-0C41-4C7D-BDB5-86CE097A054B}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary "TCP Query User{59781AF4-1D08-441A-80F8-99C5C8DF833F}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary "UDP Query User{0226F0BE-DC1E-4C9C-A823-F9CD791AE0D2}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java Platform SE binary "TCP Query User{3786AC85-0F63-4976-BB58-B42642C820DD}D:\\eclipse\\eclipse.exe"= UDP:D:\eclipse\eclipse.exe:eclipse "UDP Query User{3E2DE422-197E-4DB6-84EA-6C13B9EAE37B}D:\\eclipse\\eclipse.exe"= TCP:D:\eclipse\eclipse.exe:eclipse "TCP Query User{46264452-1B1C-4375-9AC2-FD57FCA0062B}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java Platform SE binary "UDP Query User{66AF4D16-CB3B-4026-BC90-D324FACA0349}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java Platform SE binary "TCP Query User{3C4C991F-3255-4A5D-8725-010AD2210EE3}C:\\mysql\\bin\\mysqld.exe"= UDP:C:\mysql\bin\mysqld.exe:mysqld "UDP Query User{A78CA393-57F1-4796-A9F3-629960ADE8AF}C:\\mysql\\bin\\mysqld.exe"= TCP:C:\mysql\bin\mysqld.exe:mysqld "TCP Query User{F8C41D47-F304-4D68-89A9-05446C4D59A5}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= UDP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows "UDP Query User{0C3D2A7E-96AD-44DE-88D8-E8DC2B797591}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= TCP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows "TCP Query User{5CDA859E-B4BA-4ECF-84D0-702A56AE2760}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= UDP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows "UDP Query User{168505D0-67EA-4C58-BFC1-3DB43DD59FA0}C:\\program files\\sap\\frontend\\sapgui\\saplogon.exe"= TCP:C:\program files\sap\frontend\sapgui\saplogon.exe:SAP Logon for Windows "TCP Query User{18FB9B8B-DCB5-4653-9D01-0B3A81E9E3CB}D:\\eclipse\\eclipse.exe"= UDP:D:\eclipse\eclipse.exe:eclipse "UDP Query User{EAD1218D-0EBD-42B1-B84E-D1C92CCAF563}D:\\eclipse\\eclipse.exe"= TCP:D:\eclipse\eclipse.exe:eclipse "TCP Query User{B8E3D5D2-8284-4107-AF23-631851660F1F}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts "UDP Query User{2153339C-9B55-41A8-8D19-462B1CB1E54A}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts "TCP Query User{3EAEAB78-386C-4E0F-BFC8-2CC70D3DF1CF}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32 "UDP Query User{61850D05-BAB6-4ADB-9516-6103D20855F6}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32 "{7D7C7041-32B1-47FE-9A53-E84F69D169B3}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 09:28] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 04:15] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012adae3-1d95-11dd-a9c0-001d604ea05b}] \shell\Auto\command - cmd /C launch.bat \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eeea8b7-e9ec-11dc-9444-001d604ea05b}] \shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93f8c8ce-0638-11dd-b9eb-001d604ea05b}] \shell\AutoRun\command - explorer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e388286b-eab9-11dc-bc70-001d604ea05b}] \shell\AutoRun\command - I:\autorun.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-12 18:46:32 C:\Windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-06-12 18:46:32 C:\Windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-14 11:54:26 Windows 6.0.6000 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\ADSM_PData_0150 C:\Users\user\AppData\Local\Temp\Cab779F.tmp 27466 bytes C:\Users\user\AppData\Local\Temp\Tar77A0.tmp 0 bytes Scan termin‚ avec succŠs Les fichiers cach‚s: 3 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\explorer.exe -> C:\Program Files\SiteAdvisor\6172\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ATK Hotkey\HControl.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~1\McAfee\MSC\mcregist.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\Windows\System32\conime.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-14 12:01:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-14 10:01:06 Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application. 297 --- E O F --- 2008-06-06 13:43:00
- le 14 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a répondu à un(e) sujet de Dadishome dans Analyses et éradication malwares

Merci pour ta réponse, voici le rapport complet : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:10:50, on 13/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\P4P\P4P.exe C:\Windows\ASScrPro.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\PROGRA~1\McAfee\MSC\mcregist.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\user\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: (no name) - {2587F5F9-BCDF-4076-98EF-AFC65C5BD816} - (no file) O2 - BHO: (no name) - {2EF44844-04E6-452E-855F-13E2FA457882} - (no file) O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {73F38FF1-5589-4054-8854-D9CC3D41BF98} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Sigma plugin - {7DBF8390-552B-4D55-9F62-00D032032691} - C:\Windows\tosect32.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {C36625A1-9D20-4D9D-84D9-79505549B922} - (no file) O2 - BHO: (no name) - {E737D12F-5D58-46AE-B23A-2E10B9B59493} - (no file) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {CF9BAB30-8E3C-4D10-B8C1-428B16A38D69} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [bM23e97a39] Rundll32.exe "C:\Windows\system32\xluatstu.dll",s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O21 - SSODL: adgpfoxs - {7E08209E-5485-4911-810E-E36D92377DA9} - (no file) O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 10147 bytes j'ai deja testé le rapport sur http://www.hijackthis.de/fr et j'ai viré ce qu'ils m'ont dit de virer mais ça n'a rien changer. merci, bonne aprem
- le 13 juin 2008
- 22 réponses
Rapport hijackthis, comprend pas :(

Dadishome a posté un sujet dans Analyses et éradication malwares

Bonsoir, J'ai un probleme depuis hier, en fait, je ne peux pas charger certains sites comme google par exemple voir meme le localhost qui me permet de gerer mes bases de données. A chaque fois que je lance mozilla ou internet explorer et que je cherche a aller sur ces sites ça charge pendant un bon moment pour ne rien donner... J'ai installé spybot et j'ai viré tous les spywares, j'ai fait une analyse de virus avec mcafee mais il n'y avait rien , j'ai tenté un nettoyage avec Ccleaner mais ça n'a rien changé ,et pour finir j'ai utiliser hijackthis dont voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:19:53, on 12/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\MSC\mcregist.exe C:\Windows\system32\conime.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\P4P\P4P.exe C:\Windows\ASScrPro.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe C:\PROGRA~1\EASYPH~1.0B1\MySql\bin\mysqld.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\user\Desktop\HiJackThis.exe Si quelqu'un pouvait m'aider ce serait sympa... merci.
- le 12 juin 2008
- 22 réponses

Connexion

Dadishome

Compteur de contenus

Inscription

Dernière visite

Dadishome's Achievements

Junior Member (3/12)

Réputation sur la communauté

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Rapport hijackthis, comprend pas :(

Zebulon

Outils en ligne

Naviguer