Aller au contenu

pascal 28

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    14

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Male
  • Localisation
    eure et loir

pascal 28's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. pascal 28
    Bonsoir Effectivement je n'ai plus de fenêtres de pub. C'est un fichier exe que je n'ai jamais ouvert. Il est dans un pack que j'ai eu dans un mail publicitaire... Esce que je dois l'effacer ? Tu me disais qu'Avast et Spybot n'étaient plus très efficaces mais à l'heure actuelle qelle est la meilleure protection (gratuite de préférence) ? Merci de ton aide et de ta patience.
  2. pascal 28
    Bonjour Ca va mieux après tout ça : plus de fenêtres mais je vois qu'il en reste toujours ! Merci de ton aide KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, April 7, 2009 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, April 06, 2009 11:58:52 Records in database: 2017642 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ H:\ I:\ J:\ K:\ L:\ M:\ N:\ Scan statistics: Files scanned: 396109 Threat name: 1 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 05:48:00 File name / Threat name / Threats count C:\Users\pascal\Pack120 games\MatchBlox v.1.06.exe Infected: not-a-virus:AdWare.Win32.Cydoor 3 The selected area was scanned.
  3. pascal 28
    ComboFix 09-04-03.01 - pascal 2009-04-06 12:34:46.3 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2131 [GMT 2:00] Lancé depuis: c:\users\pascal\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\pascal\Desktop\CFscript.txt AV: avast! antivirus 4.8.1229 [VPS 081226-0] *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\users\pascal\AppData\Roaming\cmstp.exe c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe c:\windows\esentutl.exe c:\windows\system\ieudinit.exe c:\windows\system\mstinit.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\pascal\AppData\Roaming\cmstp.exe c:\windows\esentutl.exe c:\windows\system\ieudinit.exe c:\windows\system\mqtgsvc.exe c:\windows\system\mstinit.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-06 au 2009-04-06 )))))))))))))))))))))))))))))))))))) . 2009-04-06 12:33 . 2006-03-03 00:42 73,728 --a--c--- C:\pv.exe 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\pascal\AppData\Roaming\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\All Users\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\programdata\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-04 14:48 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-04-04 14:48 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-04-03 17:25 . 2009-04-03 17:34 <REP> d-------- c:\windows\BDOSCAN8 2009-03-29 15:50 . 2009-03-30 05:57 <REP> d----c--- C:\Downloads 2009-03-28 11:55 . 2009-03-28 11:55 <REP> d-------- c:\users\pascal\AppData\Roaming\Anuman Interactive 2009-03-25 16:29 . 2009-03-25 16:29 <REP> d-------- c:\users\anthony\AppData\Roaming\Apple Computer 2009-03-21 22:12 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-03-21 22:11 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-03-21 22:11 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-03-21 22:11 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-03-21 22:11 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-03-21 22:11 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-03-21 22:11 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-03-21 22:11 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-03-21 22:03 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-03-21 22:03 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-03-21 22:03 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-03-21 22:03 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-03-21 22:03 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-03-21 21:48 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll 2009-03-21 21:48 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2009-03-21 21:48 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe 2009-03-21 21:41 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-21 21:40 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-21 21:40 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe 2009-03-21 21:40 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-21 21:40 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-03-21 21:40 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-20 13:25 . 2009-03-20 13:25 <REP> d-------- c:\program files\AxBx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-05 14:29 --------- d-----w c:\program files\Ricochet Infinity 2009-04-05 12:11 --------- d-----w c:\programdata\Google Updater 2009-04-04 10:33 --------- d-----w c:\programdata\Lavasoft 2009-04-04 10:33 --------- d-----w c:\program files\Lavasoft 2009-04-04 10:31 --------- d-----w c:\program files\Ashampoo 2009-04-04 09:33 --------- d-----w c:\program files\Navilog1 2009-04-03 05:09 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-04-01 05:01 --------- d-----w c:\program files\Auran 2009-03-28 09:55 --------- d-----w c:\program files\Anuman Interactive 2009-03-27 17:01 --------- d-----w c:\program files\Virtual Sailor 2009-03-22 07:18 --------- d-----w c:\program files\Windows Mail 2009-03-21 18:21 --------- d-----w c:\program files\Windows Live 2009-03-21 07:17 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-16 06:26 --------- d---a-w c:\programdata\TEMP 2009-03-14 09:36 --------- d-----w c:\program files\Microsoft Games 2009-03-14 08:53 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-13 17:53 --------- d-----w c:\program files\GameSpy Arcade 2009-03-11 07:27 --------- d-----w c:\program files\Off Road 2009-03-03 17:45 --------- d-----w c:\program files\Simulateur de conduite 3D 2009-02-28 13:05 --------- d-----w c:\users\pascal\AppData\Roaming\FUJIFILM 2009-02-28 12:28 --------- d-----w c:\program files\FinePixViewerS 2009-02-28 12:26 --------- d-----w c:\users\pascal\AppData\Roaming\InstallShield 2009-02-22 17:34 --------- d-----w c:\program files\THQ 2009-02-21 13:47 --------- d-----w c:\program files\FSX Google Earth Tracker 2009-02-20 15:31 --------- d-----w c:\users\pascal\AppData\Roaming\Samsung 2009-02-20 07:02 --------- d-----w c:\program files\Samsung 2009-02-14 12:25 --------- d-----w c:\users\pascal\AppData\Roaming\OpenOffice.org 2009-02-14 11:49 --------- d-----w c:\program files\OpenOffice.org 3 2009-02-14 11:49 --------- d-----w c:\program files\JRE 2009-02-13 17:13 --------- d-----w c:\program files\Google 2009-02-06 11:47 --------- d-----w c:\program files\Wilco Publishing 2009-02-06 06:16 --------- d-----w c:\program files\IncrediMail 2009-02-06 04:11 --------- d-----w c:\users\pascal\AppData\Roaming\dvdcss 2009-01-07 17:15 737,280 ----a-w c:\windows\iun6002.exe 2008-05-25 12:44 348 ----a-w c:\users\pascal\AppData\Roaming\wklnhst.dat 2008-04-15 08:17 35,840 ----a-w c:\users\pascal\AppData\Roaming\smvss.exe 2008-03-21 07:47 174 --sha-w c:\program files\desktop.ini 2008-03-02 14:21 61 --sh--w c:\windows\cnerolf.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-04_17.44.04.56 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-02 14:40:57 2,604,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-04-06 06:23:36 2,604,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-04-04 15:37:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-04-06 10:46:23 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-04-06 10:46:23 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-04-04 15:37:34 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-04-06 10:46:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-04-06 10:46:23 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-04-04 15:37:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-04-06 10:46:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-04-04 15:37:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-04-06 10:46:29 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-04-04 15:37:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-04-06 10:46:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-04-04 15:23:14 116,946 ----a-w c:\windows\System32\perfc009.dat + 2009-04-06 07:09:19 116,946 ----a-w c:\windows\System32\perfc009.dat - 2009-04-04 15:23:14 143,336 ----a-w c:\windows\System32\perfc00C.dat + 2009-04-06 07:09:19 143,336 ----a-w c:\windows\System32\perfc00C.dat - 2009-04-04 15:23:14 625,384 ----a-w c:\windows\System32\perfh009.dat + 2009-04-06 07:09:19 625,384 ----a-w c:\windows\System32\perfh009.dat - 2009-04-04 15:23:14 713,304 ----a-w c:\windows\System32\perfh00C.dat + 2009-04-06 07:09:19 713,304 ----a-w c:\windows\System32\perfh00C.dat - 2009-04-04 15:39:24 39,550 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3060022653-299176910-589471387-1000_UserData.bin + 2009-04-06 10:31:40 39,582 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3060022653-299176910-589471387-1000_UserData.bin - 2009-04-02 14:32:55 6,304 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3060022653-299176910-589471387-1003_UserData.bin + 2009-04-06 06:16:12 6,312 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3060022653-299176910-589471387-1003_UserData.bin - 2009-04-04 15:39:23 106,726 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-04-06 10:31:40 107,104 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-04-04 15:36:03 2,898 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat + 2009-04-05 17:49:53 2,898 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat - 2009-04-04 13:37:21 129,290 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-04-06 10:31:39 129,838 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] c:\users\anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - c:\users\pascal\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKLM\~\startupfolder\C:^Users^pascal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk] backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1000] "EnableNotificationsRef"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1003] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{25CDB8F3-E2B8-4BAD-8E6F-D1E3B14CE3F5}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{95722A4F-7F2D-4344-93AD-E0981155169D}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "TCP Query User{D8CC3956-F24B-4F14-8737-72A8581E8DC1}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs "UDP Query User{33E992E7-62FA-4D3F-ABD0-E01D2AA7BB2D}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs "{8B7B0E70-5AD2-4480-95FD-26C395FE42BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{0044E646-9791-47E2-B21F-0B1FABA89483}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{AE9F178A-A5AC-4A63-B0DE-2E9F9606FEF8}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "{E6CC5E54-7143-428D-B7C2-E0B8F1B6D8C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{64A18A16-228B-4478-AFF9-9654BF92E955}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{2480DEDD-417A-4CCD-884A-B0255A57ECE6}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "TCP Query User{FF5B8F74-1224-45AE-AB1E-46F6CEDDD5AE}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= UDP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web "UDP Query User{415F4CE3-220E-47FE-A077-63E4285BAC5B}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= TCP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web "TCP Query User{E26A9E8F-D610-4970-A399-2ED5550918F9}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "UDP Query User{CB99A6A7-CCBA-4048-9271-883D8F9F6613}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "TCP Query User{CBC84072-0290-44E1-9DD3-244033C8A991}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E43DB3CB-BE52-49EE-A2F1-D2E1B6A2CEFA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{2273E4E3-195F-46DC-BF23-D25E997A2E81}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{75FF6B84-41DD-4922-8BB9-ABE7AE62DF0C}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner "{E46AB29E-8995-4020-BC48-8B0B24DD1C63}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F950D2ED-B02C-448D-9EB1-88FAA74C84B0}"= UDP:4662:etcp "{5019AAC5-FC99-4B48-865C-5F3A43CBBF6C}"= TCP:4672:eudp "TCP Query User{2391DA91-3F26-4FC8-9C3B-E0FC25DE6ECA}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{7620246F-C0A6-41BE-8261-27525F921F4B}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "TCP Query User{F59872B2-4519-41E1-98DB-0939BF85266F}c:\\program files\\babelgum\\babelgum.exe"= Disabled:UDP:c:\program files\babelgum\babelgum.exe:Babelgum Beta "UDP Query User{6C3BADDD-9967-47D3-8AD2-427F8E56A81D}c:\\program files\\babelgum\\babelgum.exe"= Disabled:TCP:c:\program files\babelgum\babelgum.exe:Babelgum Beta "TCP Query User{D6796039-ADBA-418A-BCB4-5D842C79E230}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader "UDP Query User{63D8EF4B-09C2-43E4-AE30-BC342966D42E}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader "TCP Query User{A0D3E68E-EE4B-4137-8A78-DDB271085FCF}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe: "UDP Query User{5717797D-DB7C-4CF3-A302-DCA76E88929E}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe: "TCP Query User{334B22FE-37E8-40AB-9462-D58A2D7424E0}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= UDP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application "UDP Query User{5E11266F-9D29-4226-8827-A6ECD651E0E7}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= TCP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application "{7A76BCF6-DD6A-42F8-AC52-4EE9FA19D6D1}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail "{8954047F-6FE6-4560-B89D-0F4A6174D74C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail "TCP Query User{2BAD5D77-1E3F-46A3-AD33-2F6109785C31}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed "UDP Query User{2BD303C0-7B22-4E10-9457-B85D1BF2A6C3}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed "TCP Query User{D5C2A98C-0723-4705-B8B1-0C1B1A839D47}c:\\program files\\motogp2\\motogp2.exe"= UDP:c:\program files\motogp2\motogp2.exe:motogp2 "UDP Query User{2C774430-BA7D-4A2C-917B-BBDBA82F608B}c:\\program files\\motogp2\\motogp2.exe"= TCP:c:\program files\motogp2\motogp2.exe:motogp2 "TCP Query User{0237D624-AB8C-4C94-95CD-B2A527CB6D3F}e:\\fifa08.exe"= UDP:E:\fifa08.exe:FIFA08 "UDP Query User{CA53D216-FE7E-441F-9DDA-107B174E5875}e:\\fifa08.exe"= TCP:E:\fifa08.exe:FIFA08 "{A5EDABEB-30F0-427D-BA5B-83DEBF515705}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{613E4CDD-F7FF-4024-8A93-3BC261742E3B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{8FAD45C5-DD75-4E73-AD88-87C998F8D450}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{9B553B10-78F1-4E60-AA96-150867C9BC87}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{B1F7BA64-8AEB-445F-9EEA-0B60E8CFCCD2}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{C8674ED3-5F0B-4C21-A705-2E5E8B671948}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{5ACCCA36-2006-4D21-A8B3-80D1B1A3ECDA}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{9394D0E8-643C-440F-AF3E-DB41D754CEB9}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{39A6E75F-32B5-4023-9311-1A29000DA741}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{52AAA965-59F8-496F-8E25-6656A6B9F350}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{1657C653-FD2C-423C-96AA-0E3F07FCDB2A}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{8003D597-511C-4F3A-9A0B-F1C8495393DD}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{FAA7EC41-F640-4456-A059-ACCE68EFC9D5}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{74252FE8-573B-4762-96CA-A5829EB396E6}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-09-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-09-30 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-09-30 51792] R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-05-03 98488] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-03-30 809296] S2 gupdate1c98dfe1b23a066;Service Google Update (gupdate1c98dfe1b23a066);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752] S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [2004-01-23 13824] S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [2004-01-23 27904] S3 rctx;rctx;c:\windows\System32\drivers\rctx.sys [2008-12-27 2560] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-14 356920] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e5f42e5-871e-11dd-b488-001bb9adefb4}] \shell\AutoRun\command - K:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd96318-aee8-11dd-b064-001bb9adefb4}] \shell\AutoRun\command - M:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c33ee94b-c760-11dc-93c4-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe . Contenu du dossier 'Tâches planifiées' 2009-04-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-04-06 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08] 2009-04-06 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 14:40] 2009-04-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 19:11] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ uInternet Settings,ProxyOverride = *.local IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{47055D63-DFCD-11d3-8406-00500445A7D0} - c:\program files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-06 12:46:36 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3104) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\System32\conime.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\drivers\CDAC11BA.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\WUDFHost.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\combofix\hidec.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\combofix\Catchme.tmp c:\windows\System32\dllhost.exe c:\combofix\Catchme.tmp . ************************************************************************** . Heure de fin: 2009-04-06 12:57:42 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-06 10:56:19 ComboFix2.txt 2009-04-04 18:43:33 ComboFix3.txt 2009-04-04 15:47:50 Avant-CF: 18 508 496 896 octets libres Après-CF: 17,609,330,688 octets libres 311 --- E O F --- 2009-03-21 20:28:24 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:13, on 06/04/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\Explorer.exe C:\Users\pascal\Desktop\HiJackThis.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerCon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher (file missing) O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE O23 - Service: Service Google Update (gupdate1c98dfe1b23a066) (gupdate1c98dfe1b23a066) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6323 bytes
  4. pascal 28
    Désolé mais je n'avais pas vu ta dernière réponse ! je te joins la bonne analyse Merci beaucoup de ton aide Fichier ieudinit.exe reçu le 2009.04.05 10:00:54 (CET)Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.04.05 Worm.Rbot!IK AhnLab-V3 5.0.0.2 2009.04.04 - AntiVir 7.9.0.129 2009.04.03 WORM/Rbot.Gen Antiy-AVL 2.0.3.1 2009.04.05 - Authentium 5.1.2.4 2009.04.05 - Avast 4.8.1335.0 2009.04.05 - AVG 8.5.0.285 2009.04.04 - BitDefender 7.2 2009.04.05 - CAT-QuickHeal 10.00 2009.04.04 - ClamAV 0.94.1 2009.04.05 - Comodo 1099 2009.04.04 - DrWeb 4.44.0.09170 2009.04.05 - eSafe 7.0.17.0 2009.04.02 - eTrust-Vet 31.6.6435 2009.04.03 - F-Prot 4.4.4.56 2009.04.05 - F-Secure 8.0.14470.0 2009.04.04 - Fortinet 3.117.0.0 2009.04.05 - GData 19 2009.04.05 - Ikarus T3.1.1.49.0 2009.04.05 Worm.Rbot K7AntiVirus 7.10.692 2009.04.03 - Kaspersky 7.0.0.125 2009.04.05 - McAfee 5574 2009.04.04 - McAfee+Artemis 5574 2009.04.04 - McAfee-GW-Edition 6.7.6 2009.04.03 Worm.Rbot.Gen Microsoft 1.4502 2009.04.05 - NOD32 3988 2009.04.04 - Norman 6.00.06 2009.04.03 - nProtect 2009.1.8.0 2009.04.05 - Panda 10.0.0.14 2009.04.04 Suspicious file PCTools 4.4.2.0 2009.04.04 - Prevx1 V2 2009.04.05 Medium Risk Malware Rising 21.23.41.00 2009.04.03 - Sophos 4.40.0 2009.04.05 Mal/Horst Sunbelt 3.2.1858.2 2009.04.04 - Symantec 1.4.4.12 2009.04.05 - TheHacker 6.3.4.0.302 2009.04.04 - TrendMicro 8.700.0.1004 2009.04.03 - VBA32 3.12.10.2 2009.04.05 suspected of Win32.Trojan.Downloader (http://...'>http://...) ViRobot 2009.4.4.1678 2009.04.04 - VirusBuster 4.6.5.0 2009.04.04 - Information additionnelle File size: 86016 bytes MD5...: f0bd5f4b51d24e52d70ff5037add2642 SHA1..: bfb6566b701b582c63850732218d934116c7fbd0 SHA256: 2131d7ebc86d2c86828598ed157f65bd65888188a0bbe137f09b55e1e3108828 SHA512: e9705c47775ddf61468cc36eea15dc84254b38353bd27341c998eb644e071dc4<BR>f392cab1bd35571365bda42147860b1f331c53be059d6486e6091a33741e977c ssdeep: 1536:dp0sz2hMbPhfGUKUbYi+D+e4HA/OBUbaImxhy8OFxLtXSa+LCDt:dJz2hMb<BR>PhfGUKUbYDD4HgkUb49OF8Yt<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xc0da<BR>timedatestamp.....: 0x49d4e7c3 (Thu Apr 02 16:28:51 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1099a 0x11000 6.22 908c368d447b49e4fdfc2cb98d714ae7<BR>.rdata 0x12000 0x1ebc 0x2000 5.22 291c483af12aa6bc65948ee5d51c93fe<BR>.data 0x14000 0x7db8 0x1000 1.34 1113bbe7084831a75e59b9349790c66d<BR><BR>( 7 imports ) <BR>> USER32.dll: GetSysColorBrush, GetKeyboardType, GetDoubleClickTime, GetMonitorInfoA, GetSysColor, LoadImageA<BR>> ADVAPI32.dll: LookupAccountSidA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegEnumValueA, RegCloseKey, OpenProcessToken, RegOpenKeyExA, RegGetKeySecurity, GetTokenInformation<BR>> PSAPI.DLL: GetModuleInformation<BR>> WS2_32.dll: -, -<BR>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetOpenA, InternetOpenUrlA, InternetCloseHandle<BR>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<BR>> KERNEL32.dll: GetStringTypeW, FlushFileBuffers, GetLocaleInfoA, VirtualProtect, GetSystemInfo, MultiByteToWideChar, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, VirtualAlloc, IsBadCodePtr, IsBadWritePtr, IsBadReadPtr, SetUnhandledExceptionFilter, VirtualQuery, InterlockedExchange, GetFirmwareEnvironmentVariableA, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, GetTickCount, GetSystemDirectoryA, Sleep, GetFileTime, CreateDirectoryA, GetStdHandle, SetErrorMode, GetFileType, GetVersion, GetCommandLineA, GetCurrentProcess, CloseHandle, WriteFile, CreateFileA, ExitProcess, CreateMutexA, OpenMutexA, CreateProcessA, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, SetEnvironmentVariableA, CopyFileA, SetFileAttributesA, GetLastError, CreateThread, GetLocalTime, GetDriveTypeA, GetLogicalDriveStringsA, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, RtlUnwind, GetStartupInfoA, GetVersionExA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, HeapFree, HeapAlloc, HeapReAlloc, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, SetFilePointer, LoadLibraryA<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E''>http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.04.05 Worm.Rbot!IK AhnLab-V3 5.0.0.2 2009.04.04 - AntiVir 7.9.0.129 2009.04.03 WORM/Rbot.Gen Antiy-AVL 2.0.3.1 2009.04.05 - Authentium 5.1.2.4 2009.04.05 - Avast 4.8.1335.0 2009.04.05 - AVG 8.5.0.285 2009.04.04 - BitDefender 7.2 2009.04.05 - CAT-QuickHeal 10.00 2009.04.04 - ClamAV 0.94.1 2009.04.05 - Comodo 1099 2009.04.04 - DrWeb 4.44.0.09170 2009.04.05 - eSafe 7.0.17.0 2009.04.02 - eTrust-Vet 31.6.6435 2009.04.03 - F-Prot 4.4.4.56 2009.04.05 - F-Secure 8.0.14470.0 2009.04.04 - Fortinet 3.117.0.0 2009.04.05 - GData 19 2009.04.05 - Ikarus T3.1.1.49.0 2009.04.05 Worm.Rbot K7AntiVirus 7.10.692 2009.04.03 - Kaspersky 7.0.0.125 2009.04.05 - McAfee 5574 2009.04.04 - McAfee+Artemis 5574 2009.04.04 - McAfee-GW-Edition 6.7.6 2009.04.03 Worm.Rbot.Gen Microsoft 1.4502 2009.04.05 - NOD32 3988 2009.04.04 - Norman 6.00.06 2009.04.03 - nProtect 2009.1.8.0 2009.04.05 - Panda 10.0.0.14 2009.04.04 Suspicious file PCTools 4.4.2.0 2009.04.04 - Prevx1 V2 2009.04.05 Medium Risk Malware Rising 21.23.41.00 2009.04.03 - Sophos 4.40.0 2009.04.05 Mal/Horst Sunbelt 3.2.1858.2 2009.04.04 - Symantec 1.4.4.12 2009.04.05 - TheHacker 6.3.4.0.302 2009.04.04 - TrendMicro 8.700.0.1004 2009.04.03 - VBA32 3.12.10.2 2009.04.05 suspected of Win32.Trojan.Downloader (http://...) ViRobot 2009.4.4.1678 2009.04.04 - VirusBuster 4.6.5.0 2009.04.04 - Information additionnelle File size: 86016 bytes MD5...: f0bd5f4b51d24e52d70ff5037add2642 SHA1..: bfb6566b701b582c63850732218d934116c7fbd0 SHA256: 2131d7ebc86d2c86828598ed157f65bd65888188a0bbe137f09b55e1e3108828 SHA512: e9705c47775ddf61468cc36eea15dc84254b38353bd27341c998eb644e071dc4<BR>f392cab1bd35571365bda42147860b1f331c53be059d6486e6091a33741e977c ssdeep: 1536:dp0sz2hMbPhfGUKUbYi+D+e4HA/OBUbaImxhy8OFxLtXSa+LCDt:dJz2hMb<BR>PhfGUKUbYDD4HgkUb49OF8Yt<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xc0da<BR>timedatestamp.....: 0x49d4e7c3 (Thu Apr 02 16:28:51 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1099a 0x11000 6.22 908c368d447b49e4fdfc2cb98d714ae7<BR>.rdata 0x12000 0x1ebc 0x2000 5.22 291c483af12aa6bc65948ee5d51c93fe<BR>.data 0x14000 0x7db8 0x1000 1.34 1113bbe7084831a75e59b9349790c66d<BR><BR>( 7 imports ) <BR>> USER32.dll: GetSysColorBrush, GetKeyboardType, GetDoubleClickTime, GetMonitorInfoA, GetSysColor, LoadImageA<BR>> ADVAPI32.dll: LookupAccountSidA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegEnumValueA, RegCloseKey, OpenProcessToken, RegOpenKeyExA, RegGetKeySecurity, GetTokenInformation<BR>> PSAPI.DLL: GetModuleInformation<BR>> WS2_32.dll: -, -<BR>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetOpenA, InternetOpenUrlA, InternetCloseHandle<BR>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<BR>> KERNEL32.dll: GetStringTypeW, FlushFileBuffers, GetLocaleInfoA, VirtualProtect, GetSystemInfo, MultiByteToWideChar, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, VirtualAlloc, IsBadCodePtr, IsBadWritePtr, IsBadReadPtr, SetUnhandledExceptionFilter, VirtualQuery, InterlockedExchange, GetFirmwareEnvironmentVariableA, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, GetTickCount, GetSystemDirectoryA, Sleep, GetFileTime, CreateDirectoryA, GetStdHandle, SetErrorMode, GetFileType, GetVersion, GetCommandLineA, GetCurrentProcess, CloseHandle, WriteFile, CreateFileA, ExitProcess, CreateMutexA, OpenMutexA, CreateProcessA, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, SetEnvironmentVariableA, CopyFileA, SetFileAttributesA, GetLastError, CreateThread, GetLocalTime, GetDriveTypeA, GetLogicalDriveStringsA, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, RtlUnwind, GetStartupInfoA, GetVersionExA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, HeapFree, HeapAlloc, HeapReAlloc, HeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, SetFilePointer, LoadLibraryA<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0C56052E00CA3DE850C50150FC2B8A008E85DE6E</a>
  5. pascal 28
    ComboFix 09-04-03.01 - pascal 2009-04-04 20:36:39.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2150 [GMT 2:00] Lancé depuis: c:\users\pascal\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 081226-0] *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-04 au 2009-04-04 )))))))))))))))))))))))))))))))))))) . 2009-04-04 20:40 . 2009-04-02 18:29 86,016 --a------ c:\windows\system\mstinit.exe 2009-04-04 17:47 . 2009-04-02 18:29 86,016 --a------ c:\users\pascal\AppData\Roaming\cmstp.exe 2009-04-04 17:38 . 2009-04-02 18:29 86,016 --a------ c:\windows\system\ieudinit.exe 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\pascal\AppData\Roaming\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\All Users\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\programdata\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-04 14:48 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-04-04 14:48 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-04-04 08:26 . 2009-04-02 18:29 86,016 --a------ c:\windows\esentutl.exe 2009-04-03 17:25 . 2009-04-03 17:34 <REP> d-------- c:\windows\BDOSCAN8 2009-03-29 15:50 . 2009-03-30 05:57 <REP> d----c--- C:\Downloads 2009-03-28 11:55 . 2009-03-28 11:55 <REP> d-------- c:\users\pascal\AppData\Roaming\Anuman Interactive 2009-03-25 16:29 . 2009-03-25 16:29 <REP> d-------- c:\users\anthony\AppData\Roaming\Apple Computer 2009-03-21 22:12 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-03-21 22:11 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-03-21 22:11 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-03-21 22:11 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-03-21 22:11 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-03-21 22:11 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-03-21 22:11 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-03-21 22:11 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-03-21 22:03 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-03-21 22:03 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-03-21 22:03 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-03-21 22:03 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-03-21 22:03 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-03-21 21:48 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll 2009-03-21 21:48 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2009-03-21 21:48 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe 2009-03-21 21:41 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-21 21:40 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-21 21:40 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe 2009-03-21 21:40 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-21 21:40 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-03-21 21:40 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-20 13:25 . 2009-03-20 13:25 <REP> d-------- c:\program files\AxBx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 12:53 --------- d-----w c:\program files\Ricochet Infinity 2009-04-04 11:10 --------- d-----w c:\programdata\Google Updater 2009-04-04 10:33 --------- d-----w c:\programdata\Lavasoft 2009-04-04 10:33 --------- d-----w c:\program files\Lavasoft 2009-04-04 10:31 --------- d-----w c:\program files\Ashampoo 2009-04-04 09:33 --------- d-----w c:\program files\Navilog1 2009-04-03 05:09 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-04-01 05:01 --------- d-----w c:\program files\Auran 2009-03-28 09:55 --------- d-----w c:\program files\Anuman Interactive 2009-03-27 17:01 --------- d-----w c:\program files\Virtual Sailor 2009-03-22 07:18 --------- d-----w c:\program files\Windows Mail 2009-03-21 18:21 --------- d-----w c:\program files\Windows Live 2009-03-21 07:17 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-16 06:26 --------- d---a-w c:\programdata\TEMP 2009-03-14 09:36 --------- d-----w c:\program files\Microsoft Games 2009-03-14 08:53 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-13 17:53 --------- d-----w c:\program files\GameSpy Arcade 2009-03-11 07:27 --------- d-----w c:\program files\Off Road 2009-03-03 17:45 --------- d-----w c:\program files\Simulateur de conduite 3D 2009-02-28 13:05 --------- d-----w c:\users\pascal\AppData\Roaming\FUJIFILM 2009-02-28 12:28 --------- d-----w c:\program files\FinePixViewerS 2009-02-28 12:26 --------- d-----w c:\users\pascal\AppData\Roaming\InstallShield 2009-02-22 17:34 --------- d-----w c:\program files\THQ 2009-02-21 13:47 --------- d-----w c:\program files\FSX Google Earth Tracker 2009-02-20 15:31 --------- d-----w c:\users\pascal\AppData\Roaming\Samsung 2009-02-20 07:02 --------- d-----w c:\program files\Samsung 2009-02-14 12:25 --------- d-----w c:\users\pascal\AppData\Roaming\OpenOffice.org 2009-02-14 11:49 --------- d-----w c:\program files\OpenOffice.org 3 2009-02-14 11:49 --------- d-----w c:\program files\JRE 2009-02-13 17:13 --------- d-----w c:\program files\Google 2009-02-06 11:47 --------- d-----w c:\program files\Wilco Publishing 2009-02-06 06:16 --------- d-----w c:\program files\IncrediMail 2009-02-06 04:11 --------- d-----w c:\users\pascal\AppData\Roaming\dvdcss 2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2009-01-07 17:15 737,280 ----a-w c:\windows\iun6002.exe 2008-05-25 12:44 348 ----a-w c:\users\pascal\AppData\Roaming\wklnhst.dat 2008-04-15 08:17 35,840 ----a-w c:\users\pascal\AppData\Roaming\smvss.exe 2008-03-21 07:47 174 --sha-w c:\program files\desktop.ini 2008-03-02 14:21 61 --sh--w c:\windows\cnerolf.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-04_17.44.04.56 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-02 14:40:57 2,604,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-04-04 18:30:45 2,604,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-04-04 18:32:03 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-04-04 15:37:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-04-04 18:33:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-04-04 18:33:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-04-04 15:37:34 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-04-04 18:33:30 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-04-04 18:33:30 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-04-04 15:37:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-04-04 18:34:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-04-04 15:37:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-04-04 18:34:15 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-04-04 15:37:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-04-04 18:34:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-04-04 15:23:14 116,946 ----a-w c:\windows\System32\perfc009.dat + 2009-04-04 18:39:32 116,946 ----a-w c:\windows\System32\perfc009.dat - 2009-04-04 15:23:14 143,336 ----a-w c:\windows\System32\perfc00C.dat + 2009-04-04 18:39:32 143,336 ----a-w c:\windows\System32\perfc00C.dat - 2009-04-04 15:23:14 625,384 ----a-w c:\windows\System32\perfh009.dat + 2009-04-04 18:39:32 625,384 ----a-w c:\windows\System32\perfh009.dat - 2009-04-04 15:23:14 713,304 ----a-w c:\windows\System32\perfh00C.dat + 2009-04-04 18:39:32 713,304 ----a-w c:\windows\System32\perfh00C.dat - 2009-04-04 15:39:24 39,550 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3060022653-299176910-589471387-1000_UserData.bin + 2009-04-04 18:33:56 39,566 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3060022653-299176910-589471387-1000_UserData.bin - 2009-04-04 15:39:23 106,726 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-04-04 18:33:56 106,780 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Cisvc"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe" [2009-04-02 86016] "Logman"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2009-04-02 86016] "Esent Utl"="c:\windows\esentutl.exe" [2009-04-02 86016] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "Logman"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2009-04-02 86016] [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run] "CmSTP"="c:\users\pascal\AppData\Roaming\cmstp.exe" [2009-04-02 86016] c:\users\anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - c:\users\pascal\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=c:\windows\System\mstinit.exe [HKLM\~\startupfolder\C:^Users^pascal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk] backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1000] "EnableNotificationsRef"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1003] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{25CDB8F3-E2B8-4BAD-8E6F-D1E3B14CE3F5}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{95722A4F-7F2D-4344-93AD-E0981155169D}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "TCP Query User{D8CC3956-F24B-4F14-8737-72A8581E8DC1}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs "UDP Query User{33E992E7-62FA-4D3F-ABD0-E01D2AA7BB2D}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs "{8B7B0E70-5AD2-4480-95FD-26C395FE42BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{0044E646-9791-47E2-B21F-0B1FABA89483}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{AE9F178A-A5AC-4A63-B0DE-2E9F9606FEF8}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "{E6CC5E54-7143-428D-B7C2-E0B8F1B6D8C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{64A18A16-228B-4478-AFF9-9654BF92E955}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{2480DEDD-417A-4CCD-884A-B0255A57ECE6}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "TCP Query User{FF5B8F74-1224-45AE-AB1E-46F6CEDDD5AE}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= UDP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web "UDP Query User{415F4CE3-220E-47FE-A077-63E4285BAC5B}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= TCP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web "TCP Query User{E26A9E8F-D610-4970-A399-2ED5550918F9}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "UDP Query User{CB99A6A7-CCBA-4048-9271-883D8F9F6613}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "TCP Query User{CBC84072-0290-44E1-9DD3-244033C8A991}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E43DB3CB-BE52-49EE-A2F1-D2E1B6A2CEFA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{2273E4E3-195F-46DC-BF23-D25E997A2E81}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{75FF6B84-41DD-4922-8BB9-ABE7AE62DF0C}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner "{E46AB29E-8995-4020-BC48-8B0B24DD1C63}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F950D2ED-B02C-448D-9EB1-88FAA74C84B0}"= UDP:4662:etcp "{5019AAC5-FC99-4B48-865C-5F3A43CBBF6C}"= TCP:4672:eudp "TCP Query User{2391DA91-3F26-4FC8-9C3B-E0FC25DE6ECA}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{7620246F-C0A6-41BE-8261-27525F921F4B}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "TCP Query User{F59872B2-4519-41E1-98DB-0939BF85266F}c:\\program files\\babelgum\\babelgum.exe"= Disabled:UDP:c:\program files\babelgum\babelgum.exe:Babelgum Beta "UDP Query User{6C3BADDD-9967-47D3-8AD2-427F8E56A81D}c:\\program files\\babelgum\\babelgum.exe"= Disabled:TCP:c:\program files\babelgum\babelgum.exe:Babelgum Beta "TCP Query User{D6796039-ADBA-418A-BCB4-5D842C79E230}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader "UDP Query User{63D8EF4B-09C2-43E4-AE30-BC342966D42E}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader "TCP Query User{A0D3E68E-EE4B-4137-8A78-DDB271085FCF}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe: "UDP Query User{5717797D-DB7C-4CF3-A302-DCA76E88929E}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe: "TCP Query User{334B22FE-37E8-40AB-9462-D58A2D7424E0}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= UDP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application "UDP Query User{5E11266F-9D29-4226-8827-A6ECD651E0E7}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= TCP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application "{7A76BCF6-DD6A-42F8-AC52-4EE9FA19D6D1}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail "{8954047F-6FE6-4560-B89D-0F4A6174D74C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail "TCP Query User{2BAD5D77-1E3F-46A3-AD33-2F6109785C31}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed "UDP Query User{2BD303C0-7B22-4E10-9457-B85D1BF2A6C3}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed "TCP Query User{D5C2A98C-0723-4705-B8B1-0C1B1A839D47}c:\\program files\\motogp2\\motogp2.exe"= UDP:c:\program files\motogp2\motogp2.exe:motogp2 "UDP Query User{2C774430-BA7D-4A2C-917B-BBDBA82F608B}c:\\program files\\motogp2\\motogp2.exe"= TCP:c:\program files\motogp2\motogp2.exe:motogp2 "TCP Query User{0237D624-AB8C-4C94-95CD-B2A527CB6D3F}e:\\fifa08.exe"= UDP:E:\fifa08.exe:FIFA08 "UDP Query User{CA53D216-FE7E-441F-9DDA-107B174E5875}e:\\fifa08.exe"= TCP:E:\fifa08.exe:FIFA08 "{A5EDABEB-30F0-427D-BA5B-83DEBF515705}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{613E4CDD-F7FF-4024-8A93-3BC261742E3B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{8FAD45C5-DD75-4E73-AD88-87C998F8D450}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{9B553B10-78F1-4E60-AA96-150867C9BC87}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{B1F7BA64-8AEB-445F-9EEA-0B60E8CFCCD2}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{C8674ED3-5F0B-4C21-A705-2E5E8B671948}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{5ACCCA36-2006-4D21-A8B3-80D1B1A3ECDA}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{9394D0E8-643C-440F-AF3E-DB41D754CEB9}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{142ECCBE-CD16-4E47-AA65-EA419107CCA7}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{713EF78F-B8B9-45EB-A121-38B36B8FD35F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{0593FFF5-5D8D-46B7-8776-04091E68A792}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{DEB0379A-33C2-461F-A7C1-48A8125AD602}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-09-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-09-30 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-09-30 51792] R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-05-03 98488] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-03-30 809296] S2 gupdate1c98dfe1b23a066;Service Google Update (gupdate1c98dfe1b23a066);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752] S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [2004-01-23 13824] S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [2004-01-23 27904] S3 rctx;rctx;c:\windows\System32\drivers\rctx.sys [2008-12-27 2560] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-14 356920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e5f42e5-871e-11dd-b488-001bb9adefb4}] \shell\AutoRun\command - K:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd96318-aee8-11dd-b064-001bb9adefb4}] \shell\AutoRun\command - M:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c33ee94b-c760-11dc-93c4-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe . Contenu du dossier 'Tâches planifiées' 2009-04-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-04-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08] 2009-04-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 14:40] 2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 19:11] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ uInternet Settings,ProxyOverride = *.local IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{47055D63-DFCD-11d3-8406-00500445A7D0} - c:\program files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-04 20:40:11 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(2976) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . Heure de fin: 2009-04-04 20:43:32 ComboFix-quarantined-files.txt 2009-04-04 18:43:28 ComboFix2.txt 2009-04-04 15:47:50 Avant-CF: 19 455 098 880 octets libres Après-CF: 19,503,230,976 octets libres 278 --- E O F --- 2009-03-21 20:28:24
  6. pascal 28
    Et maintenant le rapport Combofix ! ComboFix 09-04-03.01 - pascal 2009-04-04 17:29:28.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2203 [GMT 2:00] Lancé depuis: c:\users\pascal\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 081226-0] *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\pascal\AppData\Roaming\cisvc.exe c:\users\pascal\AppData\Roaming\dllhst3g.exe c:\users\pascal\AppData\Roaming\logman.exe c:\windows\patch.exe c:\windows\system32\dbfb.dll c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-04 au 2009-04-04 )))))))))))))))))))))))))))))))))))) . 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\pascal\AppData\Roaming\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\users\All Users\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\programdata\Malwarebytes 2009-04-04 14:48 . 2009-04-04 14:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-04 14:48 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-04-04 14:48 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-04-04 08:26 . 2009-04-02 18:29 86,016 --a------ c:\windows\esentutl.exe 2009-04-03 17:25 . 2009-04-03 17:34 <REP> d-------- c:\windows\BDOSCAN8 2009-03-29 15:50 . 2009-03-30 05:57 <REP> d----c--- C:\Downloads 2009-03-28 11:55 . 2009-03-28 11:55 <REP> d-------- c:\users\pascal\AppData\Roaming\Anuman Interactive 2009-03-25 16:29 . 2009-03-25 16:29 <REP> d-------- c:\users\anthony\AppData\Roaming\Apple Computer 2009-03-21 22:12 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-03-21 22:11 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-03-21 22:11 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-03-21 22:11 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-03-21 22:11 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-03-21 22:11 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-03-21 22:11 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-03-21 22:11 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-03-21 22:03 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-03-21 22:03 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-03-21 22:03 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-03-21 22:03 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-03-21 22:03 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-03-21 21:48 . 2008-06-23 03:59 2,868,736 --a------ c:\windows\System32\mf.dll 2009-03-21 21:48 . 2008-06-23 03:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2009-03-21 21:48 . 2008-06-23 03:58 94,720 --a------ c:\windows\System32\logagent.exe 2009-03-21 21:41 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-21 21:40 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-21 21:40 . 2008-10-29 08:29 2,927,104 --a------ c:\windows\explorer.exe 2009-03-21 21:40 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-21 21:40 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-03-21 21:40 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-21 21:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-20 13:25 . 2009-03-20 13:25 <REP> d-------- c:\program files\AxBx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 12:53 --------- d-----w c:\program files\Ricochet Infinity 2009-04-04 11:10 --------- d-----w c:\programdata\Google Updater 2009-04-04 10:33 --------- d-----w c:\programdata\Lavasoft 2009-04-04 10:33 --------- d-----w c:\program files\Lavasoft 2009-04-04 10:31 --------- d-----w c:\program files\Ashampoo 2009-04-04 09:33 --------- d-----w c:\program files\Navilog1 2009-04-03 05:09 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-04-01 05:01 --------- d-----w c:\program files\Auran 2009-03-28 09:55 --------- d-----w c:\program files\Anuman Interactive 2009-03-27 17:01 --------- d-----w c:\program files\Virtual Sailor 2009-03-22 07:18 --------- d-----w c:\program files\Windows Mail 2009-03-21 18:21 --------- d-----w c:\program files\Windows Live 2009-03-21 07:17 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-16 06:26 --------- d---a-w c:\programdata\TEMP 2009-03-14 09:36 --------- d-----w c:\program files\Microsoft Games 2009-03-14 08:53 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-13 17:53 --------- d-----w c:\program files\GameSpy Arcade 2009-03-11 07:27 --------- d-----w c:\program files\Off Road 2009-03-03 17:45 --------- d-----w c:\program files\Simulateur de conduite 3D 2009-02-28 13:05 --------- d-----w c:\users\pascal\AppData\Roaming\FUJIFILM 2009-02-28 12:28 --------- d-----w c:\program files\FinePixViewerS 2009-02-28 12:26 --------- d-----w c:\users\pascal\AppData\Roaming\InstallShield 2009-02-22 17:34 --------- d-----w c:\program files\THQ 2009-02-21 13:47 --------- d-----w c:\program files\FSX Google Earth Tracker 2009-02-20 15:31 --------- d-----w c:\users\pascal\AppData\Roaming\Samsung 2009-02-20 07:02 --------- d-----w c:\program files\Samsung 2009-02-14 12:25 --------- d-----w c:\users\pascal\AppData\Roaming\OpenOffice.org 2009-02-14 11:49 --------- d-----w c:\program files\OpenOffice.org 3 2009-02-14 11:49 --------- d-----w c:\program files\JRE 2009-02-13 17:13 --------- d-----w c:\program files\Google 2009-02-06 11:47 --------- d-----w c:\program files\Wilco Publishing 2009-02-06 06:16 --------- d-----w c:\program files\IncrediMail 2009-02-06 04:11 --------- d-----w c:\users\pascal\AppData\Roaming\dvdcss 2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2009-01-07 17:15 737,280 ----a-w c:\windows\iun6002.exe 2008-05-25 12:44 348 ----a-w c:\users\pascal\AppData\Roaming\wklnhst.dat 2008-04-15 08:17 35,840 ----a-w c:\users\pascal\AppData\Roaming\smvss.exe 2008-03-21 07:47 174 --sha-w c:\program files\desktop.ini 2008-03-02 14:21 61 --sh--w c:\windows\cnerolf.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Cisvc"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe" [2009-04-02 86016] "Logman"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2009-04-02 86016] "Esent Utl"="c:\windows\esentutl.exe" [2009-04-02 86016] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "Logman"="c:\users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2009-04-02 86016] c:\users\anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - c:\users\pascal\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoFileAssociate"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=c:\windows\System\ieudinit.exe [HKLM\~\startupfolder\C:^Users^pascal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk] backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1000] "EnableNotificationsRef"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3060022653-299176910-589471387-1003] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{25CDB8F3-E2B8-4BAD-8E6F-D1E3B14CE3F5}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{95722A4F-7F2D-4344-93AD-E0981155169D}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "TCP Query User{D8CC3956-F24B-4F14-8737-72A8581E8DC1}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs "UDP Query User{33E992E7-62FA-4D3F-ABD0-E01D2AA7BB2D}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs "{8B7B0E70-5AD2-4480-95FD-26C395FE42BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{0044E646-9791-47E2-B21F-0B1FABA89483}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{AE9F178A-A5AC-4A63-B0DE-2E9F9606FEF8}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "{E6CC5E54-7143-428D-B7C2-E0B8F1B6D8C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{64A18A16-228B-4478-AFF9-9654BF92E955}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{2480DEDD-417A-4CCD-884A-B0255A57ECE6}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "TCP Query User{FF5B8F74-1224-45AE-AB1E-46F6CEDDD5AE}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= UDP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web "UDP Query User{415F4CE3-220E-47FE-A077-63E4285BAC5B}c:\\program files\\goto\\memoweb 4 - découverte\\memoweb4.exe"= TCP:c:\program files\goto\memoweb 4 - découverte\memoweb4.exe:Aspirateur de Web "TCP Query User{E26A9E8F-D610-4970-A399-2ED5550918F9}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "UDP Query User{CB99A6A7-CCBA-4048-9271-883D8F9F6613}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "TCP Query User{CBC84072-0290-44E1-9DD3-244033C8A991}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E43DB3CB-BE52-49EE-A2F1-D2E1B6A2CEFA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{2273E4E3-195F-46DC-BF23-D25E997A2E81}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{75FF6B84-41DD-4922-8BB9-ABE7AE62DF0C}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner "{E46AB29E-8995-4020-BC48-8B0B24DD1C63}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F950D2ED-B02C-448D-9EB1-88FAA74C84B0}"= UDP:4662:etcp "{5019AAC5-FC99-4B48-865C-5F3A43CBBF6C}"= TCP:4672:eudp "TCP Query User{2391DA91-3F26-4FC8-9C3B-E0FC25DE6ECA}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{7620246F-C0A6-41BE-8261-27525F921F4B}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "TCP Query User{F59872B2-4519-41E1-98DB-0939BF85266F}c:\\program files\\babelgum\\babelgum.exe"= Disabled:UDP:c:\program files\babelgum\babelgum.exe:Babelgum Beta "UDP Query User{6C3BADDD-9967-47D3-8AD2-427F8E56A81D}c:\\program files\\babelgum\\babelgum.exe"= Disabled:TCP:c:\program files\babelgum\babelgum.exe:Babelgum Beta "TCP Query User{D6796039-ADBA-418A-BCB4-5D842C79E230}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader "UDP Query User{63D8EF4B-09C2-43E4-AE30-BC342966D42E}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= Disabled:TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader "TCP Query User{A0D3E68E-EE4B-4137-8A78-DDB271085FCF}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe: "UDP Query User{5717797D-DB7C-4CF3-A302-DCA76E88929E}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe: "TCP Query User{334B22FE-37E8-40AB-9462-D58A2D7424E0}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= UDP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application "UDP Query User{5E11266F-9D29-4226-8827-A6ECD651E0E7}c:\\program files\\codemasters\\colin mcrae rally 2005\\cmr5.exe"= TCP:c:\program files\codemasters\colin mcrae rally 2005\cmr5.exe:Colin McRae Rally 2005 Application "{7A76BCF6-DD6A-42F8-AC52-4EE9FA19D6D1}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail "{8954047F-6FE6-4560-B89D-0F4A6174D74C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail "TCP Query User{2BAD5D77-1E3F-46A3-AD33-2F6109785C31}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed "UDP Query User{2BD303C0-7B22-4E10-9457-B85D1BF2A6C3}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed "TCP Query User{D5C2A98C-0723-4705-B8B1-0C1B1A839D47}c:\\program files\\motogp2\\motogp2.exe"= UDP:c:\program files\motogp2\motogp2.exe:motogp2 "UDP Query User{2C774430-BA7D-4A2C-917B-BBDBA82F608B}c:\\program files\\motogp2\\motogp2.exe"= TCP:c:\program files\motogp2\motogp2.exe:motogp2 "TCP Query User{0237D624-AB8C-4C94-95CD-B2A527CB6D3F}e:\\fifa08.exe"= UDP:E:\fifa08.exe:FIFA08 "UDP Query User{CA53D216-FE7E-441F-9DDA-107B174E5875}e:\\fifa08.exe"= TCP:E:\fifa08.exe:FIFA08 "{A5EDABEB-30F0-427D-BA5B-83DEBF515705}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{613E4CDD-F7FF-4024-8A93-3BC261742E3B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{8FAD45C5-DD75-4E73-AD88-87C998F8D450}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{9B553B10-78F1-4E60-AA96-150867C9BC87}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{B1F7BA64-8AEB-445F-9EEA-0B60E8CFCCD2}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{C8674ED3-5F0B-4C21-A705-2E5E8B671948}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{5ACCCA36-2006-4D21-A8B3-80D1B1A3ECDA}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{9394D0E8-643C-440F-AF3E-DB41D754CEB9}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{142ECCBE-CD16-4E47-AA65-EA419107CCA7}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{713EF78F-B8B9-45EB-A121-38B36B8FD35F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{0593FFF5-5D8D-46B7-8776-04091E68A792}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{DEB0379A-33C2-461F-A7C1-48A8125AD602}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-09-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-09-30 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-09-30 51792] R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-05-03 98488] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-03-30 809296] S2 gupdate1c98dfe1b23a066;Service Google Update (gupdate1c98dfe1b23a066);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752] S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [2004-01-23 13824] S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [2004-01-23 27904] S3 rctx;rctx;c:\windows\System32\drivers\rctx.sys [2008-12-27 2560] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-14 356920] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e5f42e5-871e-11dd-b488-001bb9adefb4}] \shell\AutoRun\command - K:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd96318-aee8-11dd-b064-001bb9adefb4}] \shell\AutoRun\command - M:\Autorun.exe . Contenu du dossier 'Tâches planifiées' 2009-04-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-04-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08] 2009-04-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 14:40] 2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 19:11] . - - - - ORPHELINS SUPPRIMES - - - - HKU-Default-Explorer_Run-Esent Utl - c:\users\pascal\LOCALS~1\APPLIC~1\esentutl.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ uInternet Settings,ProxyOverride = *.local IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\IEPage.html IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\IELink.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{47055D63-DFCD-11d3-8406-00500445A7D0} - c:\program files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-04 17:38:39 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3916) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\System32\conime.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\drivers\CDAC11BA.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\WUDFHost.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\users\pascal\AppData\Local\MICROS~1\logman.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-04-04 17:47:48 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-04 15:47:42 Avant-CF: 19 460 218 880 octets libres Après-CF: 19,481,587,712 octets libres 282 --- E O F --- 2009-03-21 20:28:24
  7. pascal 28
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:53:46, on 04/04/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Users\pascal\Local Settings\APPLIC~1\MICROS~1\cisvc.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Wallpaper\Wallpaper.exe C:\WINDOWS\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Users\pascal\AppData\Roaming\logman.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Users\pascal\AppData\Local\Temp\~tmp\mdnk52\mdm.exe C:\Users\pascal\AppData\Local\Temp\~temp\hmunmlcn91\svchost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\pascal\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=C:\Users\pascal\AppData\Roaming\logman.exe O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\esentutl.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\Users\pascal\LOCALS~1\APPLIC~1\esentutl.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Esent Utl] C:\Users\pascal\LOCALS~1\APPLIC~1\esentutl.exe /waitservice (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher (file missing) O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE O23 - Service: Service Google Update (gupdate1c98dfe1b23a066) (gupdate1c98dfe1b23a066) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 7483 bytes
  8. pascal 28
    Eh non je n'ai pas fait d'autre scan mai par contre j'ai été obligé de redémarrer l'ordi suite à la demande de Malwarebyte Je refais un rapport Hijackthis et je te le poste
  9. pascal 28
    Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1939 Windows 6.0.6001 Service Pack 1 04/04/2009 15:32:43 mbam-log-2009-04-04 (15-32-43).txt Type de recherche: Examen rapide Eléments examinés: 69366 Temps écoulé: 3 minute(s), 56 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\System32\drivers\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  10. pascal 28
    Bonjour Il était si infecté que ça mon PC ? Merci de ton aide Rapport malwarebyte : Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1939 Windows 6.0.6001 Service Pack 1 04/04/2009 14:58:34 mbam-log-2009-04-04 (14-58-15).txt Type de recherche: Examen rapide Eléments examinés: 69244 Temps écoulé: 4 minute(s), 20 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 7 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 11 Processus mémoire infecté(s): C:\WINDOWS\System32\drivers\cmstp.exe (Trojan.Agent) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{65b2fe4d-2fff-4874-8f85-f16ffb5333bc} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{b7963fed-fd53-4581-964b-6f4bd365e44c} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B} (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{9b5a5068-82b1-4ba8-b2ae-08cce500ab81} (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{870e3b1b-d1c6-4b91-864c-90043cf02e56} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3d76b96-30b9-4dcc-9b3d-d12e31280d29} (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{858d0a33-c1e1-48be-af1d-7fc2088651fd} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\bgrqfetx.bdqa (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\ekvgsnw.bsoq (Trojan.FakeAlert) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MstInit (Trojan.Agent) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sessmgr (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xokvrpwg (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tfnslopk (Trojan.FakeAlert) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\windows\system32\drivers\cmstp.exe -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: system32\drivers\cmstp.exe -> No action taken. Dossier(s) infecté(s): C:\Program Files\AntiSpyKit 5.3 (Rogue.AntiSpyKit) -> No action taken. C:\Program Files\AntiSpyKit 5.3\Logs (Rogue.AntiSpyKit) -> No action taken. C:\WINDOWS\System32\drivers\downld (Trojan.Agent) -> No action taken. Fichier(s) infecté(s): C:\WINDOWS\evoq.exe (Trojan.FakeAlert) -> No action taken. C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_02252008-183850.html (Rogue.AntiSpyKit) -> No action taken. C:\Users\pascal\AppData\Roaming\Microsoft\cmstp.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\System32\drivers\mstinit.exe (Trojan.Agent) -> No action taken. C:\Users\pascal\AppData\Roaming\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\System32\drivers\cmstp.exe (Trojan.Agent) -> No action taken. C:\Users\pascal\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken. C:\Users\pascal\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken. C:\Users\pascal\AppData\Roaming\Microsoft\rsvp.exe (Trojan.Agent) -> No action taken. C:\Users\pascal\Local Settings\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\Users\pascal\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
  11. pascal 28
    Bonjour Le rapport de désinfection : Clean Navipromo version 3.7.6 commencé le 04/04/2009 à 11:29:39.32 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4000+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : pascal ( Not Administrator ! ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1229 [VPS 081226-0] 4.8.1229 (Activated) C:\ (Local Disk) - NTFS - Total:225 Go (Free:19 Go) D:\ (Local Disk) - NTFS - Total:7 Go (Free:0 Go) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:76 Go (Free:20 Go) H:\ (USB) I:\ (USB) J:\ (CD or DVD) K:\ (CD or DVD) - UDF - Total:2 Go (Free:0 Go) L:\ (USB) M:\ (CD or DVD) N:\ (USB) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\Windows\System32" * * Suppression dans "C:\Users\pascal\AppData\Local\Microsoft" * * Suppression dans "C:\Users\pascal\AppData\Local\virtualstore\windows\system32" * * Suppression dans "C:\Users\pascal\AppData\Local" * * Suppression dans "C:\Users\anthony\AppData\Local" * *** Suppression dossiers dans "C:\Windows" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Suppression dossiers dans "C:\ProgramData" *** *** Suppression dossiers dans c:\users\pascal\appdata\roaming\micros~1\windows\startm~1\programs *** *** Suppression dossiers dans "C:\Users\anthony\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "C:\Users\pascal\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\pascal\AppData\Local" *** *** Suppression dossiers dans "C:\Users\anthony\AppData\Local" *** *** Suppression dossiers dans "C:\Users\pascal\AppData\Roaming" *** *** Suppression dossiers dans "C:\Users\anthony\appdata\roaming" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\pascal\AppData\Local\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\Windows\system32" * C:\Windows\prefetch\ymakmig*.pf trouvé ! Copie C:\Windows\prefetch\ymakmig*.pf réalisée avec succès ! C:\Windows\prefetch\ymakmig*.pf supprimé ! * Dans "C:\Users\pascal\AppData\Local\Microsoft" * * Dans "C:\Users\pascal\AppData\Local\virtualstore\windows\system32" * * Dans "C:\Users\pascal\AppData\Local" * ymakmig.exe trouvé ! Copie ymakmig.exe réalisée avec succès ! ymakmig.exe supprimé ! ymakmig.dat trouvé ! Copie ymakmig.dat réalisée avec succès ! ymakmig.dat supprimé ! ymakmig_nav.dat trouvé ! Copie ymakmig_nav.dat réalisée avec succès ! ymakmig_nav.dat supprimé ! ymakmig_navps.dat trouvé ! Copie ymakmig_navps.dat réalisée avec succès ! ymakmig_navps.dat supprimé ! * Dans "C:\Users\anthony\AppData\Local" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 04/04/2009 à 11:33:07.09 ***
  12. pascal 28
    Merci pour ta réponse rapide Voici mon analyse (un peu moins rapide) Search Navipromo version 3.7.6 commencé le 03/04/2009 à 18:16:49.26 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4000+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : pascal ( Not Administrator ! ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1229 [VPS 081226-0] 4.8.1229 (Activated) C:\ (Local Disk) - NTFS - Total:225 Go (Free:19 Go) D:\ (Local Disk) - NTFS - Total:7 Go (Free:0 Go) E:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:76 Go (Free:20 Go) H:\ (USB) I:\ (USB) J:\ (CD or DVD) K:\ (CD or DVD) - UDF - Total:2 Go (Free:0 Go) L:\ (USB) M:\ (CD or DVD) N:\ (USB) Recherche executé en mode normal *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\users\pascal\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\pascal\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\pascal\AppData\Local" *** *** Recherche dossiers dans "C:\Users\anthony\AppData\Local" *** *** Recherche dossiers dans "C:\Users\pascal\AppData\Roaming" *** *** Recherche dossiers dans "C:\Users\anthony\appdata\roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\pascal\AppData\Local\Microsoft" * * Recherche dans "C:\Users\pascal\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\pascal\AppData\Local" * * Recherche dans "C:\Users\anthony\AppData\Local" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ymakmig"="\"c:\\users\\pascal\\appdata\\local\\ymakmig.exe\" ymakmig" *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : * Dans "C:\Users\pascal\AppData\Local\Microsoft" : * Dans "C:\Users\pascal\AppData\Local\virtualstore\windows\system32" : * Dans "C:\Users\pascal\AppData\Local" : ymakmig.exe trouvé ! ymakmig.dat trouvé ! ymakmig_nav.dat trouvé ! ymakmig_navps.dat trouvé ! * Dans "C:\Users\anthony\AppData\Local" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 03/04/2009 à 18:47:34.95 ***
  13. pascal 28
    Meci Falkra Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:04:50, on 03/04/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Users\pascal\AppData\Roaming\Microsoft\cmstp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\drivers\cmstp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Wallpaper\Wallpaper.exe C:\WINDOWS\ehome\ehtray.exe C:\Users\pascal\AppData\Local\ymakmig.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\Explorer.exe C:\Users\pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S50B65G3\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=C:\Windows\System32\drivers\cmstp.exe O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ymakmig] "c:\users\pascal\appdata\local\ymakmig.exe" ymakmig O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Users\pascal\AppData\Roaming\MICROS~1\cmstp.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Users\pascal\AppData\Roaming\MICROS~1\rsvp.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\Users\pascal\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [sessMgr] C:\Users\pascal\AppData\Roaming\MICROS~1\sessmgr.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [sessMgr] C:\Users\pascal\AppData\Roaming\MICROS~1\sessmgr.exe /waitservice (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher (file missing) O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4 - Découverte\IEBtn\Launcher (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O21 - SSODL: tfnslopk - {E96BB392-8526-4FEC-8360-ED914717C7F8} - (no file) O21 - SSODL: xokvrpwg - {D30DA24A-591A-439F-B6E4-AA69C235F246} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE O23 - Service: Service Google Update (gupdate1c98dfe1b23a066) (gupdate1c98dfe1b23a066) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8541 bytes
  14. pascal 28
    Bonjour à tous Depuis quelques temps, j'ai des fenêtres de pub qui s'affichent quand je suis sous ie7. Le PC ralenti et se bloque. J'ai fait une analyse avec Spybot mais il n'a rien trouvé. Avast ne trouve rien non plus. Merci de votre aide
×
×
  • Créer...