Onglet intepestifs

[Nizar89]

Bonjour,

Désolé de vous avoir imposé cette attente, mais j'ai dû m'absenter quelque temps.

Pas de problème ^^.

Voici le rapport Combofix:

ComboFix 08-05-29.1 - Azaiez 2008-06-01 10:25:34.4 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1120 [GMT 2:00]

Endroit: C:\Users\Azaiez\Desktop\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-28 09:17 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-05-28 09:17 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

2008-05-21 14:52 . 2008-05-21 14:52 <REP> d-------- C:\Programme

2008-05-17 22:01 . 2008-05-28 15:54 96,966 --a------ C:\Windows\System32\drivers\klin.dat

2008-05-17 22:01 . 2008-05-29 20:22 88,774 --a------ C:\Windows\System32\drivers\klick.dat

2008-05-17 22:00 . 2008-06-01 09:36 <REP> d-------- C:\Users\All Users\Kaspersky Lab

2008-05-17 22:00 . 2008-06-01 09:36 <REP> d-------- C:\ProgramData\Kaspersky Lab

2008-05-17 22:00 . 2008-05-17 22:00 <REP> d-------- C:\Program Files\Kaspersky Lab

2008-05-17 22:00 . 2008-06-01 10:29 199,463,968 --ahs---- C:\Windows\System32\drivers\fidbox.dat

2008-05-17 22:00 . 2008-06-01 09:21 2,632,040 --ahs---- C:\Windows\System32\drivers\fidbox.idx

2008-05-17 21:34 . 2008-05-17 21:34 <REP> d-------- C:\Windows\4DCA27399D164B55808CE72CD70A5BD3.TMP

2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files

2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files

2008-05-17 20:19 . 2008-05-17 20:19 208 --a------ C:\Windows\System32\MRT.INI

2008-05-17 19:41 . 2008-05-17 19:41 <REP> d-------- C:\ComboFix(2)

2008-05-16 18:24 . 2008-05-16 18:25 <REP> d-------- C:\ComboFix(1)

2008-05-15 13:42 . 2008-05-15 13:42 <REP> d-------- C:\ComboFix(0)

2008-05-12 12:18 . 2008-05-24 09:39 <REP> d-------- C:\Karcher

2008-05-11 20:45 . 2008-05-12 11:20 5,204 --a------ C:\Windows\System32\tmp.reg

2008-05-11 20:45 . 2008-05-12 11:20 0 --a------ C:\Windows\System32\tmp.MSNFix

2008-05-11 20:44 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-05-11 20:44 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-05-11 20:44 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe

2008-05-11 20:44 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-05-11 20:44 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-05-11 15:14 . 2008-05-11 15:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-05-11 13:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll

2008-05-11 13:13 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-05-11 13:12 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll

2008-05-11 13:11 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll

2008-05-11 13:10 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-05-11 13:09 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-05-11 13:07 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-05-11 13:07 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-05-11 13:07 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-05-11 13:06 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-05-11 13:06 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-05-11 13:06 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-05-11 13:06 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-05-11 13:06 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-05-11 13:06 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-05-11 13:05 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll

2008-05-11 09:50 . 2008-05-11 12:16 <REP> d-------- C:\Program Files\a-squared Free

2008-05-10 23:20 . 2008-05-10 23:20 <REP> d-------- C:\Program Files\Common Files\Scanner

2008-05-10 23:20 . 2002-02-21 17:56 24,576 --a------ C:\Windows\System32\msxml3a.dll

2008-05-09 13:43 . 2008-05-21 14:17 <REP> d-------- C:\Program Files\SEGA

2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-05-04 20:08 . 2008-05-08 15:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\MOVAVI

2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\ConvertMovie 5.0

2008-05-01 18:19 . 2008-05-01 18:19 <REP> d-------- C:\Program Files\Yamb

2008-05-01 18:03 . 2008-05-01 18:03 <REP> d-------- C:\videodvdmaker

2008-05-01 17:59 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\Video DVD Maker

2008-05-01 17:23 . 2008-05-03 18:43 <REP> d-------- C:\0e8d4d347a10744117ffacd44f81dd

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-01 07:19 --------- d-----w C:\ProgramData\Google Updater

2008-05-28 13:54 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys

2008-05-24 07:43 --------- d-----w C:\Program Files\Google

2008-05-22 04:41 --------- d-----w C:\Program Files\SiteAdvisor

2008-05-18 01:00 --------- d-----w C:\Program Files\Windows Mail

2008-05-17 20:04 --------- d-----w C:\ProgramData\McAfee

2008-05-17 20:04 --------- d-----w C:\Program Files\McAfee

2008-05-17 20:04 --------- d-----w C:\Program Files\Common Files\McAfee

2008-05-17 19:54 --------- d---a-w C:\ProgramData\TEMP

2008-05-17 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-17 18:03 --------- d-----w C:\Program Files\Microsoft Games

2008-05-17 18:03 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe

2008-05-15 20:25 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-05-11 12:34 174 --sha-w C:\Program Files\desktop.ini

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Journal

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Defender

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Collaboration

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Calendar

2008-05-11 11:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-05-11 11:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-05-10 21:20 --------- d-----w C:\Program Files\Yahoo!

2008-04-30 11:30 --------- d-----w C:\Program Files\DOOM 3

2008-04-23 09:06 --------- d-----w C:\Program Files\Diablo II

2008-04-23 08:23 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll

2008-04-21 10:54 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-04-21 10:54 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-04-21 10:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-04-12 16:33 --------- d-----w C:\ProgramData\Media Center Programs

2008-04-12 16:25 --------- d-----w C:\Program Files\THQ

2008-04-12 06:52 21,840 ----a-w C:\Windows\System32\SIntfNT.dll

2008-04-12 06:52 17,212 ----a-w C:\Windows\System32\SIntf32.dll

2008-04-12 06:52 12,067 ----a-w C:\Windows\System32\SIntf16.dll

2008-04-12 06:45 2,829 ----a-w C:\Windows\DIIUnin.pif

2008-04-12 06:45 102,400 ----a-w C:\Windows\DIIUnin.exe

2008-04-05 10:29 --------- d-----w C:\Program Files\Hamachi

2008-04-05 10:28 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-03-23 16:14 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe

2008-03-14 15:06 52 ----a-w C:\amp.bat

2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-02-12 12:45 48 ----a-w C:\Users\Azaiez\readme.bat

2007-12-01 15:57 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-01 15:57 32 ----a-w C:\ProgramData\ezsid.dat

2007-11-18 11:17 31 ----a-w C:\Users\Azaiez\RUNME.bat

2005-03-03 20:56 16,753 ----a-w C:\Users\Azaiez\Stalker_v2.0.zip

2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-02 18:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((( snapshot@2008-05-24_ 9.46.58,65 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-24 05:46:38 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-06-01 07:36:11 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-05-24 05:46:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-06-01 07:36:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-05-24 05:46:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-06-01 07:36:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-05-24 05:47:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-06-01 07:37:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-06-01 07:37:22 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-05-24 07:46:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-06-01 08:29:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-06-01 08:29:35 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-05-24 05:52:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-06-01 07:19:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-05-24 05:52:27 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-06-01 07:19:04 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-05-24 05:52:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-06-01 07:19:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-05-24 07:43:11 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-06-01 08:25:26 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-06-01 08:25:26 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-05-24 05:51:18 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-06-01 07:41:33 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-05-24 05:51:18 123,350 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-06-01 07:41:33 123,350 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-05-24 05:51:18 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-06-01 07:41:33 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-05-24 05:51:18 669,340 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-06-01 07:41:33 669,340 ----a-w C:\Windows\System32\perfh00C.dat

- 2008-05-18 01:01:07 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2008-05-29 14:19:23 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

- 2008-05-24 05:48:46 15,304 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2019332051-1211254293-2383463360-1001_UserData.bin

+ 2008-06-01 07:38:19 15,582 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2019332051-1211254293-2383463360-1001_UserData.bin

- 2008-05-24 05:48:46 68,768 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-06-01 07:38:18 68,990 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-05-24 05:48:43 65,784 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-06-01 07:38:16 66,068 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-05-24 03:38:39 76,624 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2008-05-24 20:03:31 103,350 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2008-05-28 07:16:24 1,431,026 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll

+ 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll

+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll

+ 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll

+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll

+ 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll

+ 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll

+ 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll

+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll

+ 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll

+ 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll

+ 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll

+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll

+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll

+ 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll

+ 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll

+ 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll

+ 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll

+ 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll

+ 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll

+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll

+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll

+ 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll

+ 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll

+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll

+ 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll

+ 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll

+ 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}]

C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49 4670968]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 21:10 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk

backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk

backup=C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b]

C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07]

C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a------ 2006-09-28 15:42 65536 c:\hp\support\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2007-04-19 18:11 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

--a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]

--a------ 2008-05-09 23:35 16863864 C:\Windows\system32\MRT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]

C:\Windows\system32\vphc700.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-10 19:52 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--a------ 2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

--a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

--a------ 2006-12-27 17:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-04-03 11:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-09-13 20:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

--a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]

%windir%\WindowsMobile\wmdSync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{DA8BDA47-26ED-4C80-838E-25ADEB4B0958}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{C1C62C23-E5F3-43BB-83E1-2A3CBD7E3EC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{C8322D34-B73D-43A8-8F4D-76DD8C1A03D4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{93AF1CAD-8DEB-4F11-BE69-673E70E14631}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{43264955-0B3F-4EB9-AD54-92A8D46582C3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{A241423A-F794-4707-952E-7B3FD534A06A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{5F0BEC45-5D2C-49A8-AF8B-A9B29B3C62F8}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{ED41B33F-BAC2-4820-8E98-61E60AECFF70}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{256BA5C8-B3C2-4983-B454-600F5AA8EF44}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F13EBF44-AC10-4297-A3A6-E98E7FF39142}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{949EB903-E835-407E-8458-7DFBAD448F4A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{AF4A4330-02B4-49C0-A57B-A0F8A4EB5F23}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{BDAD8392-DB41-4FE1-AF5C-52336A815283}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{13E444D6-7964-4755-95D5-0E16810C26EC}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{83196E5D-01B0-4BDD-B8B0-8AD4D0CAE330}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{A06AEA53-5BE3-4509-9D10-E9958DAA34FA}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{C601AB94-43E4-47F4-BDE0-3DCD42A61A02}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{7C0C3818-357F-4905-B387-A33165FE3CBD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{B5833123-362D-4854-BB11-BE7023FE159E}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{2B3D521F-A6E0-4842-92BB-95198A03F4EA}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat

"{2A500327-BEB5-4E90-AACE-C2144583C98C}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat

"{5ACF4C4E-B744-4915-94A8-FE551EF4FB4E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{22B3CACF-01A3-4266-8CC4-CAE6FA5EA637}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{2B6E05FA-C8EE-4D94-9842-F04D26407943}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{59C6B8EA-0F55-4E6A-8DC8-9DE740FA1AF2}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{CD3BE5CD-DC83-4A27-932D-4928D9E7C3C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{7A944F5E-2707-4492-9BD0-BD7CDC8019AD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{8F864C4F-AF6E-4B55-9AA5-C069F6A37222}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{F0C1F55C-8761-4E20-B839-336234AD619E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{42C127B6-D7A5-4C19-A38F-6751D6B786D7}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo

"{CC8AD5EA-69A9-44D6-9BD5-0A6E4F34EF26}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo

"{377A1038-5E4A-4209-ABD1-FF869D76D2FE}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe

"{F7BEBBE5-0181-433B-BC68-3C5D606FC42C}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe

"{94C474BD-D001-4CD6-A305-18E702F57D5F}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{1F70259E-0512-4805-9D15-3B2A5340B6B9}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{17F8443B-4CED-459B-848B-F6D43AB4EF2E}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{9282BF41-EC99-4676-8DF7-3A2C61A17DEC}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{546D4843-3B34-4324-AF2E-93EEA1E1D888}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{4F9F1B32-BA6A-4849-B7C1-12260F6808F5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{49AFF427-17E1-4697-988A-D71B331B4BE7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance

"{F8682EBE-6FCB-42C3-87BD-DB92E1853499}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance

"{06C39CC5-E266-485B-B9AB-4A4A90F72CFC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance

"{1111940A-44B6-40C8-88C4-1FD18CECAD57}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance

"{5D5A6AEC-006B-4637-9F24-4FD9F5A304C9}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{EB636B46-D5BD-4223-AD5E-E51B507B5FD3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{39215C1D-0978-461A-A572-E62B5B058808}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{0AC844D3-C5A6-4933-B479-C3F0F4830148}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{6A2977D8-4B21-416A-9A9B-F70715D459B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{EB9DAB2F-8D8E-493C-AFF3-14530287BBAB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{47244DB5-D835-41F6-B836-419EE53447F6}C:\\users\\azaiez\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xjbz7ci0\\zerg_reveal_final_french_xvid.avi-downloader[1].exe"= UDP:C:\users\azaiez\appdata\local\microsoft\windows\temporary internet files\content.ie5\xjbz7ci0\zerg_reveal_final_french_xvid.avi-downloader[1].exe:zerg_reveal_final_french_xvid.avi-downloader[1].exe

"UDP Query User{41459383-2728-4BC6-B662-FBC92320B523}C:\\users\\azaiez\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xjbz7ci0\\zerg_reveal_final_french_xvid.avi-downloader[1].exe"= TCP:C:\users\azaiez\appdata\local\microsoft\windows\temporary internet files\content.ie5\xjbz7ci0\zerg_reveal_final_french_xvid.avi-downloader[1].exe:zerg_reveal_final_french_xvid.avi-downloader[1].exe

 

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32]

R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 23:47]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01]

R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14]

S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13]

S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]

S3 GOGA;GOGA;C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe []

S3 JATLCW;JATLCW;C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe []

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}]

\shell\AutoRun\command - RAVMON.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}]

\shell\AutoRun\command - G:\PMB_P.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}]

\shell\AutoRun\command - RAVMON.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}]

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}]

\shell\AutoRun\command - F:\blank.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-05-13 05:38:46 C:\Windows\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-05-13 05:38:46 C:\Windows\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

"2008-06-01 08:30:01 C:\Windows\Tasks\User_Feed_Synchronization-{48D2F123-9750-4DB6-815B-983FB705A8CB}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-01 10:29:55

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Program Files\SiteAdvisor\6261\saHook.dll

.

Temps d'accomplissement: 2008-06-01 10:32:32

ComboFix-quarantined-files.txt 2008-06-01 08:31:25

ComboFix2.txt 2008-05-24 07:48:43

ComboFix3.txt 2008-05-21 15:14:16

 

Pre-Run: 176,130,273,280 octets libres

Post-Run: 176,094,330,880 octets libres

 

400 --- E O F --- 2008-05-30 13:54:50

 

 

 

Merci

 

 

 

Et voici le rapport hijacthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:36:25, on 01/06/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\System32\mobsync.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Azaiez\AppData\Local\Temp\Rar$EX00.981\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/onglet-intepestifs...15&start=15

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: (no name) - {50442F11-C5CD-4B10-8DE0-06F374A59B66} - C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Statistiques dAnti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: GOGA - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: JATLCW - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 6695 bytes

 

Merci

Modifié le 1 juin 2008 par Nizar89

[pear]

Bonjour,

 

Suivez attentivement cette procédure:

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

file::

C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll

C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll

C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll

C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll

C:\Windows\System32\tmp.reg

C:\Windows\System32\perfc009.dat

C:\Windows\System32\perfc00C.dat

C:\Windows\System32\perfh009.dat

C:\Windows\System32\perfh00C.dat

G:\PMB_P.exe

 

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}]

 

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Ensuite , Nettoyez les fichiers temporaires .

Lancez Hijackthis,

Cochez les lignes contenant File missing puis clic sur Fix checked.

 

Postez le rapport.

 

Désactiver l'antivirus actuel et faire un scan en ligne avec l'un de ces 3 logiciels

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

 

1) Kaspersky

b]Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky[/b]

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

 

2) Scan Panda

 

3)ou ,autre choix,

Nod32 Sous Vista

Cliquer sur le lien suivant > ESET Online Scanner Link

* Cocher la case YES, I accept the Terms Of Use

* Cliquer sur le bouton Start

* Cliquer ensuite sur le bouton Install

* Clique sur Start

* Le scanner va se mettre à jour.

* Ne pas cocher la case Remove found threats

* Clique sur le bouton Scan

* Le scan va se lancer:

* Lorsque le scan s'achève, cliquer sur le menu Details

* Copier/coller le contenu du rapport généré:

il se trouve ici > C:\Program Files\EsetOnlineScanner et se nomme log.txt

 

Poster les rapports

[Nizar89]

Bonjour,

Excusez mon retard, je suis en pleine période d'examens.

 

Impossible de générer un rapport combofix, j'ai toujours le même problème (mon ordinateur redemarre alors que combofix fonctionne toujours).

 

Voici le rapport Hijackthis, créer apres avoir supprimé ce que vous demandiez:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:25, on 2008-06-05

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\mobsync.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Users\Azaiez\AppData\Local\Temp\Rar$EX00.560\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/onglet-intepestifs...15&start=15

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: (no name) - {50442F11-C5CD-4B10-8DE0-06F374A59B66} - C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O13 - Gopher Prefix:

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: GOGA - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: JATLCW - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 6635 bytes

 

 

 

 

 

 

 

 

Et le scan, fais à partir de Nod32:

 

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3159 (20080605)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.064 (20070717)

# EOSSerial=003249b6f1f0404eb8a7e7fc1d3a922a

# end=finished

# remove_checked=false

# unwanted_checked=false

# utc_time=2008-06-05 09:22:43

# local_time=2008-06-05 11:22:43 (+0100, Paris, Madrid (heure d'été))

# country="France"

# osver=6.0.6001 NT Service Pack 1

# scanned=382104

# found=1

# scan_time=4452

C:\Users\Azaiez\readme.bat probably a variant of Win32/Agent trojan E46306598C5F687B8AFE6A7F5D153792

 

 

Dois-je supprimer le fichier "C:\Users\Azaiez\readme.bat"?

 

Merci

[pear]

Bonjour,

Dois-je supprimer le fichier "C:\Users\Azaiez\readme.bat"?

 

Oui,.

 

Dans Hijackthis, cochez ces lignes puis clic sur Fix checked:

O2 - BHO: (no name) - {50442F11-C5CD-4B10-8DE0-06F374A59B66} - C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

 

 

Essayez de lancer combofix en mode sans échec.

 

En cas d'impossibilité:

Télécharger OTMoveIt (de Old_Timer) sur leBureau

* Double-cliquer sur OTMoveIt.exe pour le lancer.

(Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

*Vérifier que Unregister Dll's and Ocx's soit coché.

* Copier-coller dans le cadre de gauche de OTMoveIt :

Paste List of Files/Folders to be moved

 

C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll

C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll

C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll

C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll

C:\Windows\System32\tmp.reg

C:\Windows\System32\perfc009.dat

C:\Windows\System32\perfc00C.dat

C:\Windows\System32\perfh009.dat

C:\Windows\System32\perfh00C.dat

G:\PMB_P.exe

 

 

* Cliquer sur MoveIt! pour lancer la suppression.

* Le résultat apparaitra dans le cadre Results. Copier le résultat.

* Cliquer sur Exit pour fermer.

* Coller le résultat dans la prochain réponse.

 

ensuite:

Copier/coller ce qui suit dans le bloc notes,

sans ligne blanche au début.

Enregistrez sur le bureau sous regis.reg.

Cliquez droit sur le fichier ->fusionner

Acceptez la modification du Régistre:

 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}]

[Nizar89]

Bonjour,

 

Désolé pour le retard important, mes examens (et les fête de fin d'exam) viennent juste de finir.

 

Voici le premier rapport OTMoveIt:

 

File/Folder C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll not found.

File/Folder C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll not found.

File/Folder C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll not found.

File/Folder C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll not found.

C:\Windows\System32\tmp.reg moved successfully.

C:\Windows\System32\perfc009.dat moved successfully.

C:\Windows\System32\perfc00C.dat moved successfully.

C:\Windows\System32\perfh009.dat moved successfully.

C:\Windows\System32\perfh00C.dat moved successfully.

File/Folder G:\PMB_P.exe not found.

 

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06242008_121947

 

 

Un problème m'enpêche de fusionner les fichiers, vista affiche un message d'erreur:

 

"Le fichier specifié n'est pas un scrip du registre".

 

Merci

[pear]

Bonjour,

 

J'espère que vos examens se passent bien.

 

"Le fichier specifié n'est pas un scrip du registre"

 

Vous avez fait une erreur en copiant ou en nommant le fichier de régistre.

 

Il ne faut pas de ligne blanche au dessus de Windows Registry Editor Version 5.00

 

Et votre fichier doit s'appeller regis.reg et pas regis.reg.txt ou regis.txt

[Nizar89]

Merci ^^.

 

Vous aviez raison, j'ai oublié une ligne. Cela a corectement fonctionner.

Merci

[pear]

Bonsoir,

 

Comment se comporte le pc ?

Vous reste -t-il des disfonctionnements ?

[Nizar89]

Non, plus aucun, ils on en fait disparut depuis bien longtemps.

 

Es-ce terminé?

[pear]

Bonsoir,

 

ils on en fait disparut depuis bien longtemps.

 

Vous m'en voyez ravi.

 

Es-ce terminé?

 

Presque.

Pour enlever les programmes utilisés pendant la procédure.

Télécharger ToolsCleaner2 de A.Rothstein

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant que Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

L'outil supprimera sans que vous ayez à intervenir.

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.