Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojan HBO et malware virtumonde. HELP


Messages recommandés

Bonjour à tous,

 

Mon PC tourne sous Vista SP1, Asus F3SV avec AVAST, Spybot.

Il y a quelques jours m'est apparu un trojan par Avast, puis un malware eradiqué (normalement) avec Spybot. Après mon analyse avec Avast aujourd'hui, je n'ai plus de message disant que mon pc est infecté. Néanmoins je sollicite votre aide pour en être sûr, car mon navigateur (IE7) persiste à ouvrir des pop-ups... Ah oui etaussi Spybot veut toujours modifier des .dll (CMDS rundll32.exe) que je refuse car je préfère avoir vote avis avant. eme demande même s je n'ai pas un keylogger parce que mon clavier oublie des lettres (galère d'écrire ce message)

J'ai cru comprendre que le premier pas est defaire une analyse avec HiJackThis en mode sans échec, voici le log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:38:22, on 09/05/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Safe mode

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Julien\AppData\Local\Temp\wvUmkiHY.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: APSHook.dll

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

 

--

End of file - 8106 bytes

 

Voilà pour le moment, j'espère que vous pourrez m'aider,

merci d'avance :P

Lien vers le commentaire
Partager sur d’autres sites

Bonjour,

 

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Julien\AppData\Local\Temp\wvUmkiHY.dll,#1

 

= infection Combo

 

je ne fais que relever l'infection.

 

attend qu'un membre sécurité t'indique la marche à suivre pour la désinfection, n'effectue rien de ta propre initiative.

 

Salut

Lien vers le commentaire
Partager sur d’autres sites

Bonjour à vous 2

 

Télécharge ComboFix (créé par sUBs) sur ton Bureau

 

Démarre en mode sans échec

 

 

[*] Double clique combofix.exe.

[*] Tape sur la touche Y (Yes) pour démarrer le scan.

[*] ComboFix redémarrera ton PC

[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Lien vers le commentaire
Partager sur d’autres sites

voila le log combofix:

ComboFix 08-05-08.1 - Julien 2008-05-09 20:56:14.1 - NTFSx86 MINIMAL

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1680 [GMT 2:00]

Endroit: C:\Users\Julien\Desktop\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\xbaqktfv.exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-09 20:55 . 2008-05-09 20:55 <REP> d-------- C:\327882R2FWJFW

2008-05-08 22:36 . 2008-05-08 22:36 <REP> d-------- C:\Program Files\Trend Micro

2008-05-08 18:13 . 2008-05-08 18:25 <REP> d-------- C:\Users\Julien\AppData\Roaming\gtk-2.0

2008-05-08 18:12 . 2008-05-08 18:12 <REP> d-------- C:\Users\Julien\.thumbnails

2008-05-08 18:10 . 2008-05-08 18:25 <REP> d-------- C:\Users\Julien\.gimp-2.4

2008-05-08 18:09 . 2008-05-08 18:09 <REP> d-------- C:\Program Files\GIMP-2.0

2008-05-08 17:31 . 2008-05-08 17:31 <REP> d-------- C:\VundoFix Backups

2008-05-08 17:31 . 2008-05-08 17:31 147,456 --a------ C:\VundoFix.exe

2008-05-02 12:16 . 2008-05-02 12:13 691,545 --a------ C:\Windows\unins000.exe

2008-05-02 12:16 . 2008-05-02 12:16 2,545 --a------ C:\Windows\unins000.dat

2008-05-02 11:47 . 2008-05-02 11:47 <REP> d-------- C:\Windows\BDOSCAN8

2008-05-02 00:53 . 2008-05-02 00:53 <REP> d-------- C:\Users\All Users\kjyfapuj

2008-05-02 00:53 . 2008-05-02 00:53 <REP> d-------- C:\Users\All Users\hvxqczpg

2008-05-02 00:53 . 2008-05-02 00:53 <REP> d-------- C:\PROGRA~2\kjyfapuj

2008-05-02 00:53 . 2008-05-02 00:53 <REP> d-------- C:\PROGRA~2\hvxqczpg

2008-04-30 19:03 . 2008-04-30 19:03 98,304 --a------ C:\Windows\System32\CmdLineExt.dll

2008-04-30 18:49 . 2008-04-30 19:00 <REP> d-------- C:\GTR2

2008-04-30 18:47 . 2008-04-30 18:47 <REP> d-------- C:\Program Files\DAEMON Tools Lite

2008-04-30 18:44 . 2008-04-30 18:44 <REP> d-------- C:\Users\Julien\AppData\Roaming\DAEMON Tools

2008-04-30 18:44 . 2008-04-30 18:44 717,296 --a------ C:\Windows\System32\drivers\sptd.sys

2008-04-29 21:47 . 2008-04-29 21:47 <REP> d-------- C:\Users\Julien\AppData\Roaming\Nero

2008-04-29 21:28 . 2008-04-29 21:28 <REP> d-------- C:\Users\All Users\Nero

2008-04-29 21:28 . 2008-04-29 21:29 <REP> d-------- C:\Program Files\Nero

2008-04-29 21:28 . 2008-04-29 21:29 <REP> d-------- C:\Program Files\Common Files\Nero

2008-04-29 21:28 . 2008-04-29 21:28 <REP> d-------- C:\PROGRA~2\Nero

2008-04-29 21:28 . 2006-03-17 11:45 1,757,184 --a------ C:\Windows\System32\imagX7.dll

2008-04-29 21:28 . 2006-03-17 11:45 802,816 --a------ C:\Windows\System32\imagXRA7.dll

2008-04-29 21:28 . 2006-03-17 11:45 497,296 --a------ C:\Windows\System32\imagXpr7.dll

2008-04-29 21:28 . 2006-03-17 14:49 368,640 --a------ C:\Windows\System32\TwnLib4.dll

2008-04-29 21:28 . 2006-03-17 11:45 258,048 --a------ C:\Windows\System32\imagXR7.dll

2008-04-29 14:49 . 2008-04-29 14:50 <REP> d-------- C:\Users\All Users\Adobe

2008-04-29 14:49 . 2008-04-29 14:49 <REP> d-------- C:\Program Files\Common Files\Adobe

2008-04-29 07:18 . 2008-04-29 07:26 <REP> d-------- C:\Users\All Users\Yahoo!

2008-04-29 07:18 . 2008-04-29 07:26 <REP> d-------- C:\PROGRA~2\Yahoo!

2008-04-29 07:17 . 2008-04-29 07:17 <REP> d-------- C:\Users\Julien\AppData\Roaming\Yahoo!

2008-04-29 07:17 . 2008-04-29 07:17 <REP> d-------- C:\Program Files\Yahoo!

2008-04-28 23:55 . 2008-04-28 23:55 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-04-28 21:02 . 2008-05-09 20:45 <REP> d-------- C:\Users\Julien\AppData\Roaming\OpenOffice.org2

2008-04-28 16:24 . 2008-04-28 23:56 <REP> d-------- C:\Downloads

2008-04-28 16:04 . 2008-05-08 18:04 <REP> d-------- C:\Users\Julien\AppData\Roaming\foobar2000

2008-04-28 16:04 . 2008-04-28 16:04 <REP> d-------- C:\Program Files\foobar2000

2008-04-28 12:37 . 2008-04-28 12:37 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-04-28 06:55 . 2007-04-19 14:13 15 --a------ C:\F3SC_F3SV_VISTA.10

2008-04-28 06:55 . 2007-03-13 05:02 12 --a------ C:\RECOVERY.DAT

2008-04-28 06:53 . 2006-03-09 04:58 1,060,424 --a------ C:\Windows\System32\WdfCoInstaller01000.dll

2008-04-28 06:53 . 2007-03-01 14:30 196,608 --a------ C:\Windows\System32\SynCtrl.dll

2008-04-28 06:53 . 2007-03-01 15:24 182,456 --a------ C:\Windows\System32\drivers\SynTP.sys

2008-04-28 06:53 . 2007-03-01 14:29 163,840 --a------ C:\Windows\System32\SynCOM.dll

2008-04-28 06:53 . 2007-03-01 14:37 143,360 --a------ C:\Windows\System32\SynTPAPI.dll

2008-04-28 06:53 . 2007-03-01 15:22 110,592 --a------ C:\Windows\System32\SynTPCo4.dll

2008-04-28 06:51 . 2007-01-11 11:04 12,367,616 --a------ C:\Windows\System32\drivers\StkCPipe.sys

2008-04-28 06:51 . 2007-02-13 06:41 1,245,056 --a------ C:\Windows\System32\drivers\StkCMini.sys

2008-04-28 06:51 . 2005-12-26 19:11 172,032 --a------ C:\Windows\VideoView.exe

2008-04-28 06:51 . 2007-02-07 12:32 106,496 --a------ C:\Windows\StkC112X.exe

2008-04-28 06:51 . 2007-02-07 13:21 77,824 --a------ C:\Windows\System32\StkCProp.ax

2008-04-28 06:51 . 2007-02-07 12:51 69,632 --a------ C:\Windows\System32\StkCWIA.dll

2008-04-28 06:51 . 2007-02-12 08:59 61,440 --a------ C:\Windows\StkUnist.exe

2008-04-28 06:51 . 2006-12-10 18:33 49,152 --a------ C:\Windows\System32\StkSSrv.dll

2008-04-28 06:51 . 2007-02-07 12:44 24,576 --a------ C:\Windows\System32\StkCSrv.exe

2008-04-28 06:32 . 2008-04-28 06:32 <REP> d-------- C:\Program Files\BitComet

2008-04-28 06:32 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-04-28 06:31 . 2008-04-28 06:31 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-28 06:30 . 2008-04-28 06:30 <REP> d-------- C:\Windows\PCHEALTH

2008-04-28 06:28 . 2008-04-28 06:28 <REP> d-------- C:\Users\All Users\WLInstaller

2008-04-28 06:28 . 2008-04-28 12:37 <REP> d-------- C:\Program Files\Windows Live

2008-04-28 06:28 . 2008-04-28 06:30 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-28 06:28 . 2008-04-28 06:28 <REP> d-------- C:\PROGRA~2\WLInstaller

2008-04-28 06:14 . 2008-04-28 06:15 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

2008-04-28 06:13 . 2008-04-28 16:05 <REP> d-------- C:\Program Files\Java

2008-04-28 06:13 . 2008-04-28 06:13 <REP> d-------- C:\Program Files\Common Files\Java

2008-04-28 06:07 . 2008-04-28 06:07 <REP> d-------- C:\Windows\System32\Attansic

2008-04-28 01:59 . 2008-04-28 01:59 <REP> d-------- C:\PerfLogs

2008-04-28 01:44 . 2008-04-28 01:23 152,576 --a------ C:\Windows\System32\SPWizUI.dll

2008-04-28 01:44 . 2008-04-28 01:23 47,560 --a------ C:\Windows\System32\SPReview.exe

2008-04-28 01:24 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe

2008-04-28 01:23 . 2008-04-28 01:45 196,608 --a------ C:\Windows\SPInstall.etl

2008-04-28 01:12 . 2008-04-28 01:12 <REP> d-------- C:\Users\Julien\AppData\Roaming\ma-config.com

2008-04-28 01:12 . 2008-04-28 01:12 <REP> d-------- C:\Program Files\ma-config.com

2008-04-28 00:52 . 2008-04-28 00:52 <REP> d-------- C:\Users\Julien\AppData\Roaming\vlc

2008-04-28 00:37 . 2008-05-03 09:13 27,430 --a------ C:\Users\Julien\AppData\Roaming\nvModes.dat

2008-04-28 00:34 . 2008-05-02 12:21 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-04-28 00:34 . 2008-05-02 12:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-28 00:34 . 2008-05-02 12:21 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy

2008-04-28 00:33 . 2008-04-28 00:33 <REP> d-------- C:\Program Files\VideoLAN

2008-04-28 00:32 . 2008-04-28 00:32 <REP> d-------- C:\Program Files\Alwil Software

2008-04-28 00:32 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys

2008-04-28 00:09 . 2008-04-28 00:09 <REP> d-------- C:\Program Files\CCleaner

2008-04-27 23:50 . 2008-04-27 23:50 <REP> dr------- C:\Users\Julien\Searches

2008-04-27 23:50 . 2008-04-29 07:45 <REP> dr------- C:\Users\Julien\Contacts

2008-04-27 23:48 . 2008-04-27 23:50 <REP> dr------- C:\Users\Julien\Videos

2008-04-27 23:48 . 2008-05-03 14:39 <REP> dr------- C:\Users\Julien\Saved Games

2008-04-27 23:48 . 2008-04-27 21:35 <REP> d-------- C:\Users\Julien\Roaming

2008-04-27 23:48 . 2008-04-29 07:18 <REP> dr------- C:\Users\Julien\Pictures

2008-04-27 23:48 . 2008-04-29 07:18 <REP> dr------- C:\Users\Julien\Music

2008-04-27 23:48 . 2008-04-27 23:50 <REP> dr------- C:\Users\Julien\Links

2008-04-27 23:48 . 2008-05-08 01:43 <REP> dr------- C:\Users\Julien\Downloads

2008-04-27 23:48 . 2008-05-03 16:57 <REP> dr------- C:\Users\Julien\Documents

2008-04-27 23:48 . 2006-11-02 14:37 <REP> d-------- C:\Users\Julien\AppData\Roaming\Media Center Programs

2008-04-27 23:48 . 2008-04-27 23:50 <REP> d--h----- C:\Users\Julien\AppData

2008-04-27 23:48 . 2008-05-08 18:25 <REP> d-------- C:\Users\Julien

2008-04-27 23:48 . 2008-04-28 00:20 524,288 --ahs---- C:\Users\Julien\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

2008-04-27 23:48 . 2008-05-09 21:02 524,288 --ahs---- C:\Users\Julien\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

2008-04-27 23:48 . 2008-05-09 21:06 262,144 --ah----- C:\Users\Julien\ntuser.dat.LOG1

2008-04-27 23:48 . 2008-05-09 21:02 65,536 --ahs---- C:\Users\Julien\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

2008-04-27 23:48 . 2008-04-27 23:48 0 --ah----- C:\Users\Julien\ntuser.dat.LOG2

2008-04-27 23:40 . 2008-04-27 23:40 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts

2008-04-27 23:13 . 2007-05-23 09:11 356,352 --a------ C:\Windows\System32\NVUNINST.EXE

2008-04-27 22:46 . 2008-04-27 22:46 1,820 --a------ C:\Windows\System32\rasctrnm.h

2008-04-27 22:33 . 2008-04-27 22:33 988,216 --a------ C:\Windows\System32\winload.exe

2008-04-27 22:33 . 2008-04-27 22:33 927,288 --a------ C:\Windows\System32\winresume.exe

2008-04-27 22:33 . 2008-04-27 22:33 615,992 --a------ C:\Windows\System32\ci.dll

2008-04-27 22:33 . 2008-04-27 22:33 378,368 --a------ C:\Windows\System32\srcore.dll

2008-04-27 22:33 . 2008-04-27 22:33 318,464 --a------ C:\Windows\System32\rstrui.exe

2008-04-27 22:33 . 2008-04-27 22:33 46,592 --a------ C:\Windows\System32\setbcdlocale.dll

2008-04-27 22:33 . 2008-04-27 22:33 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-27 22:33 . 2008-04-27 22:33 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-27 22:33 . 2008-04-27 22:33 14,848 --a------ C:\Windows\System32\srdelayed.exe

2008-04-27 22:33 . 2008-04-27 22:33 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-27 22:32 . 2008-04-27 22:32 2,032,128 --a------ C:\Windows\System32\win32k.sys

2008-04-27 22:31 . 2008-04-27 22:31 295,936 --a------ C:\Windows\System32\gdi32.dll

2008-04-27 22:24 . 2008-04-27 22:24 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-04-27 22:24 . 2008-04-27 22:24 826,880 --a------ C:\Windows\System32\wininet.dll

2008-04-27 22:10 . 2008-04-27 22:10 0 --a------ C:\Windows\System32\drivers\1043_ASUSTeK_F3Sv.alu

2008-04-27 21:56 . 2008-05-09 21:04 45,056 --a------ C:\Windows\System32\acovcnt.exe

2008-04-27 21:45 . 2008-04-27 21:45 <REP> d-------- C:\Windows\System32\Macromed

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-28 00:09 174 --sha-w C:\Program Files\desktop.ini

2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Mail

2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Journal

2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Defender

2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-28 00:01 --------- d-----w C:\Program Files\Windows Calendar

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

"MSServer"="C:\Users\Julien\AppData\Local\Temp\fccyXPIa.dll" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 22:37 174872]

"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]

"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:12 17920]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-23 07:35 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-23 07:35 8433664]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-23 07:35 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

C:\Users\Julien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ASWLNPkg

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{626F6EE3-1D13-4764-8DAA-FDB074E205FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{4EA1E534-89A9-425C-B608-727F6A706FD6}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{30C89949-8DC5-48D7-922F-B93015BCE0F8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"{B5B60F39-50E5-4C64-A6FE-1F0AB563F405}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F53990A6-6EF5-433E-8D99-1B259585E1BC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{D3613F09-B485-423E-99A1-933F7925D4E3}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{568FEB82-ABBF-4461-8983-0AB4DC2A0D26}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

 

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 19:14]

R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-18 23:33]

R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-18 23:33]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 12:44]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 08:41]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

GPSvcGroup REG_MULTI_SZ GPSvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91609ae-16d4-11dd-b9a1-001bfcd92a36}]

\shell\AutoRun\command - H:\MLLaunch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fecc668f-14d6-11dd-9b8d-806e6f6e6963}]

\shell\AutoRun\command - F:\AutoRun.exe TMM50PRO TMM50

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-09 21:06:44

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\wlanext.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe

C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Windows\System32\conime.exe

C:\Program Files\ATK Hotkey\HControl.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\System32\ACEngSvr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.bin

C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

C:\Windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-09 21:10:00 - machine was rebooted [Julien]

ComboFix-quarantined-files.txt 2008-05-09 19:09:43

 

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Post-Run: 21,514,588,160 octets libres

 

266 --- E O F --- 2008-05-09 05:16:30

 

 

Merci pour ton aide, j'envoie le log de Hijack tres bientôt

Lien vers le commentaire
Partager sur d’autres sites

et le nouveau HiJack log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:18:40, on 09/05/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Safe mode

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll

O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Julien\AppData\Local\Temp\fccyXPIa.dll,#1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: APSHook.dll

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

 

--

End of file - 7770 bytes

 

 

Et voilà, j'espère que ça sera utile.

Lien vers le commentaire
Partager sur d’autres sites

Il subsiste toujours la ligne 04 cité plus haut.

 

je pense que la désinfection n'est pas terminer, attend dans savoir plus par Lien Raq le membre junior-sécurité qui suit ton problème.

 

Salutations

Lien vers le commentaire
Partager sur d’autres sites

Bonjour à vous 2

 

on continu

 

à faire dans l'ordre:

 

a.

Telecharge --> Ccleaner

 

utilise le -->

Tuto

 

b.

Desinstallation de Avast

 

Installation de Avira

 

c.

Lance un scan complet de Avira et post nous le rapport stp :P

Modifié par Lien Rag
Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...