Aller au contenu

Jeetos

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    11

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Jeetos

  1. Jeetos
    Bonjour! j'ai chercher sur votre site si il y avait un autre sujet comme le mien mais votre "search engine" ramene a google et ne trouvve pas ce que je recherche et j'ai poster une question une question hier et un modérateur ma dit que le sujet était fermé en voulant dire quil y avait déja quelqu'un qui avait poser la meme question que moi mais ce modérateur ne ma pas plus aider... j'avais chercher avant en lisant quelques titres mais la il y a 14000 sujet et je ne crois pas utiliser la bonne méthode de recherche ou p-e cest les mots clés que j'utilise qui ne sont pas correct mais je ne trouve rien en ce qui a trait a ce que je cherche.. s'il vous plait je veut juste savoir si il existe quelque chose que je peut payer pour augmenter ma limite de download sans que sa fasse augmenter ma facture de vidétron... Merci Beaucoup
  2. Jeetos
    Bonjour !! j'ai internet haute vitesse de Videotron et je suis limité a 20gig de download par mois et j'aimerais savoir si c'est possible d'acheter des quantité en "gig" de download sans que ça parraisse sur ma facture de videotron.. Je crois avoir déja vue ça quelque part mais je n'ai pas été capable den trouver récemment.. Merci d'avance!!!!!!!
  3. Jeetos
    Ouais cest cool toute est nickel merci beaucoup !! excellent travail!!!
  4. Jeetos
    ok héhéhé Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:42:25, on 2008-09-22 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\hp\kbd\kbd.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldfr-ca.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9060 bytes
  5. Jeetos
    Merci encore de l'aide en passant!!
  6. Jeetos
    Désolé j'ai été un peu lent cette fin de semaine je travaillais mon 40hrs en 3 jours.. Voici le résultat ComboFix avec mon antivirus désactivé: ComboFix 08-09-20.05 - Admin 2008-09-22 8:39:49.3 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1179 [GMT -4:00] Lancé depuis: C:\Users\Admin\Desktop\ComboFix.exe Commutateurs utilisés :: C:\Users\Admin\Desktop\CFScript.txt FILE :: C:\Windows\system32\rlservice.exe C:\Windows\System32\rlvknlg.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\cvmbctav C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\ProgramData\MonEn C:\ProgramData\syshlp C:\Windows\system32\rlservice.exe ----- BITS: Il y a peut-être des sites infectés ----- http://www.radioenergie.com . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_RelevantKnowledge ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 )))))))))))))))))))))))))))))))))))) . 2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Users\All Users\Malwarebytes 2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Users\Admin\AppData\Roaming\Malwarebytes 2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\ProgramData\Malwarebytes 2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-19 12:49 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-19 12:49 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-19 01:59 . 2008-09-19 01:59 <REP> d-------- C:\Program Files\Trend Micro 2008-09-19 01:37 . 2008-09-19 17:43 <REP> d-------- C:\Users\Admin\AppData\Roaming\DivX 2008-09-19 00:29 . 2008-09-19 00:29 <REP> d-------- C:\Program Files\DivX 2008-09-15 17:57 . 2008-09-15 17:57 <REP> d-------- C:\N360_BACKUP 2008-09-15 15:12 . 2008-07-30 17:42 23,888 --a------ C:\Windows\System32\drivers\COH_Mon.sys 2008-09-15 15:12 . 2008-07-30 17:28 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat 2008-09-15 15:12 . 2008-07-30 17:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf 2008-09-15 08:19 . 2008-09-15 08:19 16 --a------ C:\Windows\System32\coh.cache 2008-09-15 08:01 . 2008-09-15 14:51 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS 2008-09-15 08:01 . 2008-09-15 14:51 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT 2008-09-15 08:01 . 2008-09-15 14:51 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF 2008-09-15 07:59 . 2008-09-15 14:51 <REP> d-------- C:\Program Files\Symantec 2008-09-09 19:19 . 2008-09-09 19:19 <REP> d----c--- C:\Windows\System32\DRVSTORE 2008-09-09 19:19 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2008-09-09 19:19 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\Program Files\iTunes 2008-09-09 19:18 . 2008-09-09 19:18 <REP> d-------- C:\Program Files\iPod 2008-09-09 19:15 . 2008-09-09 19:16 <REP> d-------- C:\Program Files\QuickTime 2008-09-09 18:13 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 18:13 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-09 18:12 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-09 18:12 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-09 18:12 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 18:12 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-09 18:12 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-09 18:12 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-09 18:12 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-09-04 15:45 . 2007-11-08 05:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex 2008-08-22 10:38 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-22 10:38 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-22 10:38 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-22 10:38 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-22 10:37 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-22 10:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-22 10:37 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-22 10:37 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-22 10:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-20 11:24 --------- d-----w C:\Users\Admin\AppData\Roaming\uTorrent 2008-09-19 04:31 --------- d-----w C:\ProgramData\Symantec 2008-09-19 04:29 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-09-16 16:44 --------- d-----w C:\Program Files\Norton 360 2008-09-15 23:21 --------- d-----w C:\Program Files\Nero 2008-09-15 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-15 18:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-10 07:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-10 07:02 --------- d-----w C:\Program Files\Microsoft Works 2008-09-09 23:15 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-09 00:34 --------- d-----w C:\Users\Admin\AppData\Roaming\Vso 2008-09-06 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-25 19:10 --------- d-----w C:\Program Files\HP 2008-08-20 21:21 --------- d-----w C:\Program Files\Apple Software Update 2008-08-20 16:15 --------- d-----w C:\Users\Admin\AppData\Roaming\LimeWire 2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-18 19:35 --------- d-----w C:\ProgramData\NVIDIA 2008-08-14 07:18 --------- d-----w C:\Program Files\Windows Mail 2008-08-07 20:59 --------- d-----w C:\Program Files\PokerStars 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w C:\Windows\System32\PxAFS.DLL 2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-14 00:56 92,064 ----a-w C:\Users\Admin\mqdmmdm.sys 2008-06-14 00:56 9,232 ----a-w C:\Users\Admin\mqdmmdfl.sys 2008-06-14 00:56 79,328 ----a-w C:\Users\Admin\mqdmserd.sys 2008-06-14 00:56 66,656 ----a-w C:\Users\Admin\mqdmbus.sys 2008-06-14 00:56 6,208 ----a-w C:\Users\Admin\mqdmcmnt.sys 2008-06-14 00:56 5,936 ----a-w C:\Users\Admin\mqdmwhnt.sys 2008-06-14 00:56 4,048 ----a-w C:\Users\Admin\mqdmcr.sys 2008-06-14 00:56 25,600 ----a-w C:\Users\Admin\usbsermptxp.sys 2008-06-14 00:56 22,768 ----a-w C:\Users\Admin\usbsermpt.sys 2008-04-20 20:58 174 --sha-w C:\Program Files\desktop.ini 2008-02-29 05:09 47,360 ----a-w C:\Users\Admin\AppData\Roaming\pcouffin.sys 2007-11-06 02:22 1,164,456 ----a-w C:\Users\Admin\install_flash_player.exe . ((((((((((((((((((((((((((((( snapshot_2008-09-20_ 7.33.08.54 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 00:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE - 2008-09-19 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-22 12:46:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-09-19 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-09-22 12:46:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-09-19 17:02:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-09-22 12:47:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-09-20 11:31:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-09-22 12:47:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-09-22 12:47:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-09-20 11:24:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-22 12:25:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-20 11:24:45 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-22 12:25:22 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-20 11:24:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-22 12:25:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-20 11:28:20 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-22 12:38:02 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-22 12:38:02 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-09-19 17:07:37 101,052 ----a-w C:\Windows\System32\perfc009.dat + 2008-09-21 18:18:12 101,052 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-19 17:07:37 123,350 ----a-w C:\Windows\System32\perfc00C.dat + 2008-09-21 18:18:12 123,350 ----a-w C:\Windows\System32\perfc00C.dat - 2008-09-19 17:07:37 586,980 ----a-w C:\Windows\System32\perfh009.dat + 2008-09-21 18:18:12 586,980 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-19 17:07:37 669,328 ----a-w C:\Windows\System32\perfh00C.dat + 2008-09-21 18:18:12 669,328 ----a-w C:\Windows\System32\perfh00C.dat - 2008-09-19 17:02:57 10,156 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208395152-1236647788-2440741126-1000_UserData.bin + 2008-09-22 12:36:31 10,164 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208395152-1236647788-2440741126-1000_UserData.bin - 2008-09-19 17:02:56 83,820 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-22 12:36:30 83,944 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-19 17:02:50 47,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-09-22 12:36:28 47,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-22 13539872] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-22 92704] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{17B2A58A-B4D2-4C22-844B-0E616A22AB33}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{00547B28-2C78-4CF8-BA38-C6057C65DAB1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{31277309-9E02-4A44-8A34-E60B4BC14F06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F6BD2B90-951E-4E1A-8681-DB570771F98D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{A77BC339-93BF-4686-A9AA-4F11A8C4EBED}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{647EB620-34F9-41D3-B344-AC0C7951C738}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{F8EBFD3B-C26B-4597-905C-6431B5E2F781}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C7CB0428-2FB0-4F24-BBD6-E3295E94AACE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{92A16732-D6A6-4BD5-800D-E01550AFA039}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{E28524E5-1D6B-4AD7-A373-2519D73D8D44}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{B7748A2E-6111-41F5-8D5F-A32BE28545AC}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "{B87F175B-6A1D-4527-9451-EF1D2D13160E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{EE19C775-3239-4230-A3DD-0E452F29F9EF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080917.004\IDSvix86.sys [2008-09-12 270384] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 38200] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5437466-67e8-11dd-ac54-001bfcd1362c}] \shell\AutoRun\command - InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f268b72d-783f-11dc-9ce4-001bfcd1362c}] \shell\AutoRun\command - J:\SETUP.EXE *Newly Created Service* - COMHOST . Contenu du dossier 'Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 08:47:32 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\Windows\Explorer.exe -> ?:\Windows\system32\iertutil.dll . ------------------------ Autres processus actifs ------------------------ . C:\Windows\System32\nvvsvc.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\drivers\XAudio.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\hp\KBD\kbd.exe C:\Windows\System32\wbem\WMIADAP.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2008-09-22 8:54:24 - La machine a redémarré [Admin] ComboFix-quarantined-files.txt 2008-09-22 12:54:14 ComboFix2.txt 2008-09-20 11:34:21 ComboFix3.txt 2008-09-15 18:26:58 Avant-CF: 111ÿ983ÿ267ÿ840 octets libres Après-CF: 113,550,635,008 octets libres 261 --- E O F --- 2008-09-18 18:35:45 Et maintenant le HiJackThis avec encore une fois mon antivirus désactivé Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:59:52, on 2008-09-19 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\ProgramData\syshlp\udwvoruv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\hp\kbd\kbd.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MonEn] C:\ProgramData\MonEn\gjshgryd.exe O4 - HKCU\..\Run: [hmy19iZXM5] C:\ProgramData\cvmbctav\onojavwf.exe O4 - HKCU\..\Run: [syshlp] C:\ProgramData\syshlp\udwvoruv.exe O4 - HKCU\..\Run: [lphcccaj0eaa7] C:\Windows\system32\lphcccaj0eaa7.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O13 - Gopher Prefix: O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldfr-ca.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9854 bytes
  7. Jeetos
    Je sais pas ou tu as appris tout ce que tu connais mais je te lève mon chapeau! Voici le rapport combofix: ComboFix 08-09-19.09 - Admin 2008-09-20 7:28:33.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.876 [GMT -4:00] Lancé depuis: C:\Users\Admin\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Il y a peut-être des sites infectés ----- http://www.radioenergie.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 )))))))))))))))))))))))))))))))))))) . 2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Users\All Users\Malwarebytes 2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Users\Admin\AppData\Roaming\Malwarebytes 2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\ProgramData\Malwarebytes 2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-19 12:49 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-19 12:49 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-19 01:59 . 2008-09-19 01:59 <REP> d-------- C:\Program Files\Trend Micro 2008-09-19 01:37 . 2008-09-19 17:43 <REP> d-------- C:\Users\Admin\AppData\Roaming\DivX 2008-09-19 00:29 . 2008-09-19 00:29 <REP> d-------- C:\Program Files\DivX 2008-09-15 17:57 . 2008-09-15 17:57 <REP> d-------- C:\N360_BACKUP 2008-09-15 15:12 . 2008-07-30 17:42 23,888 --a------ C:\Windows\System32\drivers\COH_Mon.sys 2008-09-15 15:12 . 2008-07-30 17:28 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat 2008-09-15 15:12 . 2008-07-30 17:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf 2008-09-15 14:57 . 2008-09-19 12:56 <REP> d-------- C:\Users\All Users\syshlp 2008-09-15 14:57 . 2008-09-19 12:56 <REP> d-------- C:\ProgramData\syshlp 2008-09-15 08:19 . 2008-09-15 08:19 16 --a------ C:\Windows\System32\coh.cache 2008-09-15 08:01 . 2008-09-15 14:51 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS 2008-09-15 08:01 . 2008-09-15 14:51 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT 2008-09-15 08:01 . 2008-09-15 14:51 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF 2008-09-15 07:59 . 2008-09-15 14:51 <REP> d-------- C:\Program Files\Symantec 2008-09-15 07:40 . 2008-09-19 13:08 <REP> d-------- C:\Users\All Users\MonEn 2008-09-15 07:40 . 2008-09-19 13:00 <REP> d-------- C:\Users\All Users\cvmbctav 2008-09-15 07:40 . 2008-09-19 13:08 <REP> d-------- C:\ProgramData\MonEn 2008-09-15 07:40 . 2008-09-19 13:00 <REP> d-------- C:\ProgramData\cvmbctav 2008-09-09 19:19 . 2008-09-09 19:19 <REP> d----c--- C:\Windows\System32\DRVSTORE 2008-09-09 19:19 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2008-09-09 19:19 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\Program Files\iTunes 2008-09-09 19:18 . 2008-09-09 19:18 <REP> d-------- C:\Program Files\iPod 2008-09-09 19:15 . 2008-09-09 19:16 <REP> d-------- C:\Program Files\QuickTime 2008-09-09 18:13 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 18:13 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-09 18:12 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-09 18:12 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-09 18:12 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 18:12 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-09 18:12 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-09 18:12 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-09 18:12 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-09-04 15:45 . 2007-11-08 05:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex 2008-08-22 10:38 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-22 10:38 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-22 10:38 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-22 10:38 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-22 10:37 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-22 10:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-22 10:37 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-22 10:37 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-22 10:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-20 17:21 . 2008-08-20 17:21 <REP> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-20 11:24 --------- d-----w C:\Users\Admin\AppData\Roaming\uTorrent 2008-09-19 04:31 --------- d-----w C:\ProgramData\Symantec 2008-09-19 04:29 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-09-16 16:44 --------- d-----w C:\Program Files\Norton 360 2008-09-15 23:21 --------- d-----w C:\Program Files\Nero 2008-09-15 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-15 18:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-10 07:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-10 07:02 --------- d-----w C:\Program Files\Microsoft Works 2008-09-09 23:15 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-09 00:34 --------- d-----w C:\Users\Admin\AppData\Roaming\Vso 2008-09-06 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-25 19:10 --------- d-----w C:\Program Files\HP 2008-08-20 16:15 --------- d-----w C:\Users\Admin\AppData\Roaming\LimeWire 2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-18 19:35 --------- d-----w C:\ProgramData\NVIDIA 2008-08-14 07:18 --------- d-----w C:\Program Files\Windows Mail 2008-08-07 20:59 --------- d-----w C:\Program Files\PokerStars 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w C:\Windows\System32\PxAFS.DLL 2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-07-21 19:43 --------- d-----w C:\Program Files\Java 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-14 00:56 92,064 ----a-w C:\Users\Admin\mqdmmdm.sys 2008-06-14 00:56 9,232 ----a-w C:\Users\Admin\mqdmmdfl.sys 2008-06-14 00:56 79,328 ----a-w C:\Users\Admin\mqdmserd.sys 2008-06-14 00:56 66,656 ----a-w C:\Users\Admin\mqdmbus.sys 2008-06-14 00:56 6,208 ----a-w C:\Users\Admin\mqdmcmnt.sys 2008-06-14 00:56 5,936 ----a-w C:\Users\Admin\mqdmwhnt.sys 2008-06-14 00:56 4,048 ----a-w C:\Users\Admin\mqdmcr.sys 2008-06-14 00:56 25,600 ----a-w C:\Users\Admin\usbsermptxp.sys 2008-06-14 00:56 22,768 ----a-w C:\Users\Admin\usbsermpt.sys 2008-04-20 20:58 174 --sha-w C:\Program Files\desktop.ini 2008-02-29 05:09 47,360 ----a-w C:\Users\Admin\AppData\Roaming\pcouffin.sys 2007-11-06 02:22 1,164,456 ----a-w C:\Users\Admin\install_flash_player.exe . ((((((((((((((((((((((((((((( snapshot@2008-09-15_14.25.45.94 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-15 18:09:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-19 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-09-15 18:09:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-09-19 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-09-15 18:11:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-09-19 17:02:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-09-19 17:02:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-09-15 18:24:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-09-20 11:31:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-09-20 11:31:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-09-15 18:17:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-20 11:24:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-15 18:17:30 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-20 11:24:45 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-15 18:17:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-20 11:24:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-15 18:21:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-20 11:28:20 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat - 2008-03-31 21:25:46 682,496 ----a-w C:\Windows\System32\divx.dll + 2008-07-25 08:34:36 683,520 ----a-w C:\Windows\System32\DivX.dll + 2008-07-25 08:34:42 823,296 ----a-w C:\Windows\System32\divx_xx07.dll + 2008-07-25 08:34:40 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll + 2008-07-25 08:34:40 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll + 2008-07-25 08:34:40 802,816 ----a-w C:\Windows\System32\divx_xx11.dll + 2008-07-25 08:34:30 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe - 2008-03-21 20:28:54 81,920 ----a-w C:\Windows\System32\dpl100.dll + 2008-07-25 08:34:54 81,920 ----a-w C:\Windows\System32\dpl100.dll + 2008-07-25 08:34:46 294,912 ----a-w C:\Windows\System32\dpu10.dll + 2008-07-25 08:34:46 294,912 ----a-w C:\Windows\System32\dpu11.dll + 2008-07-25 08:34:50 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll + 2008-07-25 08:34:46 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll + 2008-07-25 08:34:46 344,064 ----a-w C:\Windows\System32\dpus11.dll + 2008-07-25 08:34:46 57,344 ----a-w C:\Windows\System32\dpv11.dll - 2007-01-12 02:22:14 247,608 ----a-w C:\Windows\System32\drivers\srtsp.sys + 2007-12-01 03:57:12 279,088 ----a-w C:\Windows\System32\drivers\srtsp.sys - 2007-01-12 02:22:20 276,792 ----a-w C:\Windows\System32\drivers\srtspl.sys + 2007-12-01 03:57:12 317,616 ----a-w C:\Windows\System32\drivers\srtspl.sys - 2007-01-12 02:22:18 25,400 ----a-w C:\Windows\System32\drivers\srtspx.sys + 2007-12-01 03:57:12 43,696 ----a-w C:\Windows\System32\drivers\srtspx.sys + 2008-07-25 08:34:52 196,608 ----a-w C:\Windows\System32\dtu100.dll - 2008-09-15 18:15:36 101,052 ----a-w C:\Windows\System32\perfc009.dat + 2008-09-19 17:07:37 101,052 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-15 18:15:36 123,350 ----a-w C:\Windows\System32\perfc00C.dat + 2008-09-19 17:07:37 123,350 ----a-w C:\Windows\System32\perfc00C.dat - 2008-09-15 18:15:36 586,980 ----a-w C:\Windows\System32\perfh009.dat + 2008-09-19 17:07:37 586,980 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-15 18:15:36 669,328 ----a-w C:\Windows\System32\perfh00C.dat + 2008-09-19 17:07:37 669,328 ----a-w C:\Windows\System32\perfh00C.dat - 2007-02-06 14:03:36 547,576 ------w C:\Windows\System32\Px.dll + 2008-07-23 16:50:46 551,672 ------w C:\Windows\System32\Px.dll - 2007-02-20 23:02:00 514,808 ------w C:\Windows\System32\pxdrv.dll + 2008-07-23 16:50:48 518,904 ------w C:\Windows\System32\pxdrv.dll - 2007-02-06 14:03:46 187,128 ------w C:\Windows\System32\PxMas.dll + 2008-07-23 16:50:50 187,128 ------w C:\Windows\System32\PxMas.dll - 2007-02-06 14:03:54 1,628,920 ------w C:\Windows\System32\PxSFS.DLL + 2008-07-23 16:50:48 1,628,920 ------w C:\Windows\System32\PxSFS.DLL - 2007-02-06 14:03:58 379,640 ------w C:\Windows\System32\PxWave.dll + 2008-07-23 16:50:48 379,640 ------w C:\Windows\System32\PxWave.dll - 2007-02-19 03:23:04 185,496 ----a-r C:\Windows\System32\SymNppWA.dll + 2007-07-12 06:49:26 186,256 ----a-w C:\Windows\System32\SymNPPWA.dll - 2006-10-09 23:00:00 39,672 ------w C:\Windows\System32\VXBLOCK.dll + 2008-07-23 16:50:46 88,824 ------w C:\Windows\System32\VXBLOCK.dll - 2008-09-15 18:11:48 9,948 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208395152-1236647788-2440741126-1000_UserData.bin + 2008-09-19 17:02:57 10,156 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208395152-1236647788-2440741126-1000_UserData.bin - 2008-09-15 18:11:47 82,706 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-19 17:02:56 83,820 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-15 18:11:45 46,876 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-09-19 17:02:50 47,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-22 13539872] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-22 92704] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{17B2A58A-B4D2-4C22-844B-0E616A22AB33}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{00547B28-2C78-4CF8-BA38-C6057C65DAB1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{31277309-9E02-4A44-8A34-E60B4BC14F06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F6BD2B90-951E-4E1A-8681-DB570771F98D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{A77BC339-93BF-4686-A9AA-4F11A8C4EBED}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{647EB620-34F9-41D3-B344-AC0C7951C738}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{F8EBFD3B-C26B-4597-905C-6431B5E2F781}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{32ECB6BB-A587-4EFF-BBDA-2629962ABF58}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe "{B93F7533-93F1-4BC9-8EBB-059486580176}"= TCP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe "{C7CB0428-2FB0-4F24-BBD6-E3295E94AACE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{92A16732-D6A6-4BD5-800D-E01550AFA039}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{E28524E5-1D6B-4AD7-A373-2519D73D8D44}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{B7748A2E-6111-41F5-8D5F-A32BE28545AC}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "{B87F175B-6A1D-4527-9451-EF1D2D13160E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{EE19C775-3239-4230-A3DD-0E452F29F9EF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080917.004\IDSvix86.sys [2008-09-12 270384] R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 86016] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 38200] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5437466-67e8-11dd-ac54-001bfcd1362c}] \shell\AutoRun\command - InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f268b72d-783f-11dc-9ce4-001bfcd1362c}] \shell\AutoRun\command - J:\SETUP.EXE *Newly Created Service* - COMHOST . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pxfao69f.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ca FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-20 07:32:15 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-09-20 7:34:20 ComboFix-quarantined-files.txt 2008-09-20 11:34:15 ComboFix2.txt 2008-09-15 18:26:58 Avant-CF: 112ÿ781ÿ996ÿ032 octets libres Après-CF: 112,755,937,280 octets libres 284 --- E O F --- 2008-09-18 18:35:45
  8. Jeetos
    Cest bon c'est redémarrer et voici le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:59:52, on 2008-09-19 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\ProgramData\syshlp\udwvoruv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\hp\kbd\kbd.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MonEn] C:\ProgramData\MonEn\gjshgryd.exe O4 - HKCU\..\Run: [hmy19iZXM5] C:\ProgramData\cvmbctav\onojavwf.exe O4 - HKCU\..\Run: [syshlp] C:\ProgramData\syshlp\udwvoruv.exe O4 - HKCU\..\Run: [lphcccaj0eaa7] C:\Windows\system32\lphcccaj0eaa7.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O13 - Gopher Prefix: O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldfr-ca.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9854 bytes Merci encore
  9. Jeetos
    Ça fait maintenant 4 heures que j'ai fini l'analyse avec mbam et je n'ai plus de fenetre qui s'ouvre détectant un trojan!! Merci beaucoup vous m'avez vraiment aidé!!!
  10. Jeetos
    Merci de la vitesse de réponse cest grandement apprécié!! Voici le rapport mbam: Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1176 Windows 6.0.6001 Service Pack 1 2008-09-19 12:56:27 mbam-log-2008-09-19 (12-56-27).txt Type de recherche: Examen rapide Eléments examinés: 43927 Temps écoulé: 5 minute(s), 41 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 6 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 4 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hmy19izxm5 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syshlp (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcccaj0eaa7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Users\Admin\AppData\Roaming\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Users\Admin\AppData\Roaming\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Users\Admin\AppData\Roaming\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\MicroAntivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\ProgramData\cvmbctav\onojavwf.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\ProgramData\syshlp\udwvoruv.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\Users\Admin\AppData\Roaming\RegistrySmart\Log\2008 May 26 - 12_34_57 AM_848.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Users\Admin\AppData\Roaming\RegistrySmart\Registry Backups\2008-05-26_00-38-17.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Program Files\MicroAntivirus\microAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MicroAntivirus\microAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MicroAntivirus\microAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. C:\Windows\System32\1.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\System32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
  11. Jeetos
    Bonjour j'ai un probleme avec mon ordinateur et j'ai lu quelques conseils sur des forums comme celui la et je vois que personne n'a le meme processus pour regler le probleme. Voici le rapport HiJackThis: Merci d'avance pour votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:59:52, on 2008-09-19 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\ProgramData\syshlp\udwvoruv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\hp\kbd\kbd.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MonEn] C:\ProgramData\MonEn\gjshgryd.exe O4 - HKCU\..\Run: [hmy19iZXM5] C:\ProgramData\cvmbctav\onojavwf.exe O4 - HKCU\..\Run: [syshlp] C:\ProgramData\syshlp\udwvoruv.exe O4 - HKCU\..\Run: [lphcccaj0eaa7] C:\Windows\system32\lphcccaj0eaa7.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU) O13 - Gopher Prefix: O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldfr-ca.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9854 bytes
×
×
  • Créer...