Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Problème disparition et de réapparition de la barre d' outil et de

théo51

Par théo51
dans Analyses et éradication malwares

 Partager

Messages recommandés

théo51 Junior Member

théo51

Posté(e)
  • Auteur
Posté(e)

Le Pc Marche nikel c' est super voici les rapports dans l' ordre

 

 

 

pushd "C:\327882R2FWJFW\"

 

=============================================

 

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Mattanoll\AppData\Roaming

cfldr=327882R2FWJFW

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=PC-DE-MATTANOLL

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Mattanoll

kmd=CF6257.exe

LOCALAPPDATA=C:\Users\Mattanoll\AppData\Local

LOGONSERVER=\\PC-DE-MATTANOLL

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\327882R2FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\iZotope\Runtimes;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem

PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0604

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

SESSIONNAME=Console

sfxname=C:\Users\Mattanoll\Downloads\ComboFix.exe

system=C:\Windows\system32

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\MATTAN~1\AppData\Local\Temp

TMP=C:\Users\MATTAN~1\AppData\Local\Temp

USERDOMAIN=PC-de-MattAnoll

USERNAME=Mattanoll

USERPROFILE=C:\Users\Mattanoll

windir=C:\Windows

 

=============================================

 

 

if not defined sfxname goto END

 

Nircmd win close ititle "ComboFix"

 

If [C:\Users\Mattanoll\Downloads\CFScript.txt] == [] Set "SfxCmd="

 

if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort

 

if exist "C:\Users\MATTAN~1\AppData\Local\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\Users\MATTAN~1\AppData\Local\Temp\327882R2FWJFW327882R2FWJFW.log"

SteelWerX Extended Configuration Access Control Lists

Written by Bobbi Flekman 2006 ©

Ownerchange for "C:\Windows\system32\cmd.exe" to Administrators group was successful

 

copy /y "C:\Windows\system32\cmd.exe" "C:\Windows\system32\CF6257.exe"

1 fichier(s) copi‚(s).

 

if not exist "C:\Windows\system32\CF6257.exe" catchme -l nul -c "C:\Windows\system32\cmd.exe" "C:\Windows\system32\CF6257.exe"

 

For /F "tokens=*" %g in ("C:\Users\Mattanoll\Downloads\ComboFix.exe") do @(

set "FileName=%~ng"

set "FilePath=%~dpg"

)

 

Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || (

nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""

goto END

)

 

DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00

 

FindStr.exe -LIXC:"ComboFix" dirname00 1>nul && call :NameChk

 

If exist dirname0? del /Q dirname0?

 

If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (

rd /s/q "\ComboFix"

If exist "\ComboFix" (

PV -kf findstr.exe *.cfexe

rd /s/q "\ComboFix"

)

If exist "\ComboFix" (

handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00

for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h

del /q temp00

rd /s/q "\ComboFix"

)

)

 

If exist "\ComboFix" rd /s/q "\ComboFix"

 

If exist "\ComboFix" goto :eof

 

VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) ||

Microsoft Windows [version 6.0.6001]

 

type nul 1>Vista.mac

 

swxcacls "C:\Windows\system32\cmd.exe" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /ga:x /gs:x /gp:x /gu:x /q

 

swxcacls "C:\Windows\system32\cmd.exe" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /q

 

swreg query "hkcu\control panel\international" /v localename | SED "/.*\t/!d;s///" 1>MUI00

 

swreg query "hku\.default\control panel\international" /v localename | SED "/.*\t/!d;s///" 1>>MUI00

 

SED -r "$!N; /^(.*)\n\1$/!P; D" MUI00 1>MUI01

 

For /F "tokens=*" %g in (MUI01) do @if exist "C:\Windows\system32\%~g\cmd.exe.mui" (

swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /oa /q

swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /p /ga:f /gs:f /gp:x /gu:x /q

Copy /y "C:\Windows\system32\%~g\cmd.exe.mui" "C:\Windows\system32\en-us\CF6257.exe.mui"

swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /ga:x /gs:x /gp:x /gu:x /q

swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /q

)

SteelWerX Extended Configuration Access Control Lists

Written by Bobbi Flekman 2006 ©

Ownerchange for "C:\Windows\system32\fr-FR\cmd.exe.mui" to Administrators group was successful

1 fichier(s) copi‚(s).

 

GREP -sq . MUI01 && (

del /q MUI0? 2>nul

goto :eof

)

 

CD ..

 

Set "comspec=C:\Windows\system32\CF6257.exe"

 

(

echo.md "\ComboFix"

echo.Move /y "\327882R2FWJFW\*" "\ComboFix"

echo.RD /S/Q "\327882R2FWJFW"

echo.Start "." /d"C:\ComboFix" "C:\Windows\system32\CF6257.exe" /k c.bat

echo.pv -kf cmd.exe

) 1>Start_.cmd

 

NirCmd exec hide "C:\Windows\system32\CF6257.exe" /f:off /d /c call Start_.cmd

 

NirCmd execmd del "\327882R2FWJFW\prep.cmd"

 

EXIT

 

 

 

 

Et L' autre

 

ComboFix 08-05-15.3 - Mattanoll 2008-05-19 18:38:34.1 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.242 [GMT 2:00]

Endroit: C:\Users\Mattanoll\Downloads\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\System32\834668\834668.dll

C:\Windows\system32\ahanknol.ini

C:\Windows\system32\aluyjmgu.ini

C:\Windows\system32\cvvrimvu.ini

C:\Windows\system32\ltdevccf.ini

C:\Windows\system32\mcrh.tmp

C:\Windows\system32\msvcsv60.dll

C:\Windows\system32\x64

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-19 18:46 . 2008-05-19 18:46 294 ---hs---- C:\Windows\System32\ltdevccf.ini

2008-05-19 11:45 . 2008-05-19 11:45 <REP> d-------- C:\Deckard

2008-05-19 11:06 . 2008-05-19 11:06 <REP> d-------- C:\Program Files\Trend Micro

2008-05-18 16:13 . 2008-05-18 16:13 <REP> d-------- C:\Program Files\IObit

2008-05-18 12:23 . 2008-05-18 12:25 <REP> d-------- C:\Users\All Users\Lavasoft

2008-05-18 12:23 . 2008-05-18 12:25 <REP> d-------- C:\ProgramData\Lavasoft

2008-05-17 12:42 . 2008-05-17 12:42 <REP> d-------- C:\Program Files\Riva

2008-05-16 06:53 . 2008-05-16 06:53 91,264 --a------ C:\Windows\System32\fccvedtl.dll

2008-05-13 01:05 . 2008-05-13 01:05 91,264 --------- C:\Windows\System32\ugmjyula.dll

2008-05-13 01:03 . 2008-05-16 06:48 159,221,886 --a------ C:\Windows\MEMORY.DMP

2008-05-12 13:04 . 2008-05-12 13:04 91,264 --------- C:\Windows\System32\uvmirvvc.dll

2008-05-12 12:58 . 2008-05-12 12:58 1 --a------ C:\Windows\System32\kr_done1de

2008-05-12 12:50 . 2008-05-19 18:42 <REP> d-------- C:\Windows\System32\834668

2008-05-11 01:35 . 2008-05-14 14:18 <REP> d-------- C:\Program Files\UnHackMe

2008-05-11 01:35 . C:\Windows\(2) C:\ComboFix\winstart.bat

2008-05-11 01:31 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll

2008-05-11 01:31 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll

2008-05-09 09:36 . 2008-05-09 10:11 <REP> d-------- C:\Program Files\Audacity

2008-05-02 19:01 . 2008-05-02 19:01 <REP> d-------- C:\Program Files\Apple Software Update

2008-04-28 21:34 . 2008-04-28 21:34 <REP> d-------- C:\Program Files\Hercules

2008-04-28 21:33 . 2007-01-31 17:01 256,000 --a------ C:\Windows\System32\drivers\netr73.sys

2008-04-27 12:54 . 2008-05-12 16:09 <REP> d-------- C:\Program Files\a-squared Free

2008-04-26 16:22 . 2008-04-26 16:22 <REP> d-------- C:\Users\All Users\WindowsSearch

2008-04-26 16:22 . 2008-04-26 16:22 <REP> d-------- C:\ProgramData\WindowsSearch

2008-04-26 13:01 . 2008-04-26 13:01 <REP> d-------- C:\Windows\BDOSCAN8

2008-04-20 15:24 . 2008-04-20 15:24 <REP> d-------- C:\Program Files\M-Audio

2008-04-20 15:24 . 2006-08-16 10:23 86,016 --a------ C:\Windows\System32\MA_CMIDN.DLL

2008-04-20 15:24 . 2006-08-16 10:24 82,944 --a------ C:\Windows\System32\USBMN1X1.DLL

2008-04-20 15:24 . 2006-08-16 10:24 22,208 --a------ C:\Windows\System32\drivers\USBMN1X1.SYS

2008-04-20 15:24 . 2006-08-16 10:23 21,888 --a------ C:\Windows\System32\drivers\MA_CMIDI.SYS

2008-04-20 15:24 . 2006-08-16 10:24 13,504 --a------ C:\Windows\System32\drivers\USB11LDR.SYS

2008-04-19 23:39 . 2008-04-19 23:39 <REP> d-------- C:\Program Files\Evolution

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 10:15 --------- d-----w C:\ProgramData\eMule

2008-05-19 10:15 --------- d-----w C:\Program Files\eMule

2008-05-18 10:23 --------- d-----w C:\Program Files\Lavasoft

2008-05-18 10:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-17 10:42 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-05-15 20:27 --------- d-----w C:\Program Files\VirtualDJ

2008-05-15 20:27 --------- d-----w C:\Program Files\CCleaner

2008-05-14 21:52 --------- d-----w C:\Program Files\Windows Mail

2008-05-12 15:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-05-12 14:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-02 17:04 --------- d-----w C:\Program Files\Safari

2008-04-28 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-27 17:25 --------- d-----w C:\Program Files\Neuf

2008-04-26 11:49 --------- d-----w C:\Program Files\Pack Securite

2008-04-26 11:45 --------- d-----w C:\ProgramData\fssg

2008-04-26 10:37 --------- d---a-w C:\Program Files\Propellerhead

2008-04-26 09:57 --------- d-----w C:\Program Files\Roxio

2008-04-26 09:57 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-04-26 09:56 --------- d-----w C:\ProgramData\Roxio

2008-04-26 09:56 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-04-26 08:49 --------- d-----w C:\Program Files\Line6

2008-04-21 21:27 --------- d-----w C:\Program Files\SendBlaster

2008-04-21 21:22 --------- d-----w C:\Program Files\Samsung

2008-04-21 21:12 --------- d-----w C:\Program Files\Image-Line

2008-04-10 13:27 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys

2008-04-10 11:59 --------- d-----w C:\ProgramData\F-Secure

2008-04-10 11:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-04-10 11:54 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-04-07 14:55 --------- d-----w C:\Program Files\BonkEnc

2008-04-07 13:55 --------- d-----w C:\ProgramData\Apple Computer

2008-04-05 09:38 --------- d-----w C:\Program Files\TextAloud

2008-04-05 09:27 --------- d-----w C:\Program Files\Google

2008-04-05 09:19 --------- d-----w C:\Program Files\Flash Demo Builder 1.2

2008-04-05 09:17 --------- d-----w C:\ProgramData\Ciel

2008-04-04 20:38 --------- d-----w C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\OFFICE One v7

2008-04-04 17:02 --------- d-----w C:\Program Files\iTunes

2008-04-04 17:02 --------- d-----w C:\Program Files\iPod

2008-04-04 17:00 --------- d-----w C:\Program Files\QuickTime

2008-04-03 12:06 --------- d-----w C:\Program Files\MSN Messenger

2008-04-03 12:06 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-04-01 11:12 691,545 ----a-w C:\Windows\unins000.exe

2008-03-28 20:43 --------- d-----w C:\ProgramData\Adobe Systems

2008-03-28 20:31 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-28 20:30 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared

2008-03-23 17:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-03-19 23:03 174 --sha-w C:\Program Files\desktop.ini

2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Sidebar

2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Journal

2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Defender

2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Collaboration

2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Calendar

2008-03-19 22:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-03-19 22:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-03-19 21:22 47,560 ----a-w C:\Windows\System32\SPReview.exe

2008-03-19 21:22 152,576 ----a-w C:\Windows\System32\SPWizUI.dll

2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe

2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll

2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-01-26 16:13 480,848 ----a-w C:\Users\All Users\pswi_preloaded.exe

2008-01-26 16:13 480,848 ----a-w C:\ProgramData\pswi_preloaded.exe

2007-09-29 10:28 4,310,776 ----a-w C:\Program Files\MobilePre_V32_5.10.00.5099.exe

2007-07-24 16:29 2,863 ----a-w C:\Program Files\RegisterReaktor.html

2007-07-19 23:41 4,301,387 ----a-w C:\Program Files\Shareaza_2.2.5.0.exe

2007-07-19 21:25 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe

2007-07-19 17:06 270,305,943 ----a-w C:\Program Files\Wolfestein.exe

2007-07-19 15:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

2008-02-05 19:45 168 --sh--r C:\Windows\System32\6136618B3C.sys

2008-02-05 19:45 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A}]

C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-19 11:22 171448]

"0845b171"="C:\Windows\system32\fccvedtl.dll" [2008-05-16 06:53 91264]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]

"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12 183208]

"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]

"removecpl"="RemoveCpl.exe" []

"0845b171"="C:\Windows\system32\fccvedtl.dll" [2008-05-16 06:53 91264]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

MOTU Pedal Handler.lnk - C:\Windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-26 16:36:31 10134]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"= ma_cmidn.dll

"midi2"= ma_cmidn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{C8B1A925-EBEA-4FAC-87E5-C100ED2EFAA8}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"UDP Query User{AFBF5393-4EC4-447A-8BCC-A1E3ED68972B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"TCP Query User{56342156-ADD0-43BD-8F38-C1F08E7D661E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{D6E2071B-1989-4AC3-97BE-85EF2440FEBA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{1B8152DF-70FD-4F5E-8E8C-28E7DEEE7E50}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"UDP Query User{3537FE1E-C34F-417B-98B4-286477BDA53B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"TCP Query User{945B3F98-6199-4DA5-BCD5-BB9071E9D08C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{4D14A297-B495-4CB7-9A9C-2C82BDB807FD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{1B2AAAA2-B220-46F8-BEA1-B5A73E949C9D}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{87E2715D-F3EB-41D0-891D-3C513CADC131}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{098BD692-FDF0-4EF7-A059-26E8264915F2}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{5A20CA79-9254-4990-8F8A-78CE7D773AB9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{8F88BF62-4B95-4004-89B3-928053736D8E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{F466810E-055D-46BB-895B-5A56DCF80082}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 1 (0x1)

 

R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-04-10 15:27]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]

R3 mfwagsif;MOTU Audio GSIF;C:\Windows\system32\drivers\mfwagsif.sys [2007-01-04 19:06]

R3 mfwamidi;MOTU Audio MIDI;C:\Windows\system32\drivers\mfwamidi.sys [2007-01-04 19:06]

R3 mfwawave;MOTU Audio Wave;C:\Windows\system32\drivers\mfwawave.sys [2007-01-04 19:05]

R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus.sys [2007-01-04 19:06]

R3 MotuFWA;MotuFWA;C:\Windows\system32\drivers\motufwa.sys [2007-01-04 19:06]

R3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01]

S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

S3 MA_CMIDI;M-Audio USB Driver;C:\Windows\system32\drivers\ma_cmidi.sys [2006-08-16 10:23]

S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynasUSB.sys [2006-11-23 18:20]

S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cc9fdc-6918-11dc-85bd-001617ee374b}]

\shell\AutoRun\command - K:\Autorun.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-18 19:31:22 C:\Windows\Tasks\User_Feed_Synchronization-{CF198DCE-5B92-49F7-AD74-887FEFAFA03C}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-19 18:46:35

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

 

folder error: C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Windows\system32\fccvedtl.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

C:\Windows\System32\audiodg.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\MOTU\Audio\MFWAKeys.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe

C:\Program Files\Pack Securite\Common\FSMA32.EXE

C:\Program Files\Pack Securite\Anti-Virus\fsgk32.exe

C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe

C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe

C:\Program Files\Pack Securite\Common\FSMB32.EXE

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\Program Files\Pack Securite\Common\FCH32.EXE

C:\Program Files\Pack Securite\Common\FAMEH32.EXE

C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe

C:\Program Files\Pack Securite\FSPC\fspc.exe

C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe

C:\Program Files\Pack Securite\FWES\program\fsdfwd.exe

C:\Program Files\Pack Securite\FSAUA\program\fsus.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\Pack Securite\FSGUI\fsguidll.exe

C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-19 18:52:46 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-19 16:52:36

 

Pre-Run: 25,427,009,536 octets libres

Post-Run: 25,162,919,936 octets libres

 

262 --- E O F --- 2008-05-17 08:29:55

 

Et aussi celui la

 

 

 

ComboFix-quarantined-files.txt

 

 

2004-04-30 18:01 53 --a------ C:\Qoobox\Quarantine\D\autorun.inf.vir

2008-04-01 21:04 16 --a------ C:\Qoobox\Quarantine\C\Windows\System32\msvcsv60.dll.vir

2008-05-12 12:50 13824 --a------ C:\Qoobox\Quarantine\C\Windows\System32\834668\834668.dll.vir

2008-05-12 13:58 1505043 --a------ C:\Qoobox\Quarantine\C\Windows\System32\cvvrimvu.ini.vir

2008-05-14 14:24 143 --a------ C:\Qoobox\Quarantine\C\Windows\System32\mcrh.tmp.vir

2008-05-15 06:52 2866676 --a------ C:\Qoobox\Quarantine\C\Windows\System32\aluyjmgu.ini.vir

2008-05-15 19:27 2608294 --a------ C:\Qoobox\Quarantine\C\Windows\System32\ahanknol.ini.vir

2008-05-19 18:38 1448539 --a------ C:\Qoobox\Quarantine\C\Windows\System32\ltdevccf.ini.vir

2008-05-19 18:42 54 --a------ C:\Qoobox\Quarantine\catchme.log

 

 

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

ok! alors je vais te demander de relancer Deckard's System Scanner (DSS) comme précédemment.

Le but étant de voir si ComboFix a bien réussi à éliminer les fichiers infectés .

Normalement ComboFix aurait dû créer un second rapport (ComboFix2.txt), mais étant donné qu'un écran bleu (BSOD) est apparu, il est possible que l'outil ne soit pas parvenu à aller jusqu'au bout de son nettoyage. Le nouveau rapport Deckard's System Scanner (DSS) va me permettre de voir si les fichiers ne sont plus là :P

théo51 Junior Member

théo51

Posté(e)
  • Auteur
Posté(e)

Ayez c' est fait:)

 

Deckard's System Scanner v20071014.68

Run by Mattanoll on 2008-05-19 22:05:27

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

Total Physical Memory: 1015 MiB (1024 MiB recommended).

 

 

-- HijackThis (run as Mattanoll.exe) -------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:05, on 2008-05-19

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Pack Securite\Common\FSM32.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\MOTU\Audio\MFWAKeys.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conime.exe

C:\Program Files\Pack Securite\FSGUI\fsguidll.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Mattanoll\Desktop\dss.exe

C:\PROGRA~1\Trend Micro\HijackThis\Mattanoll.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A} - C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe

O4 - HKLM\..\Run: [0845b171] rundll32.exe "C:\Windows\system32\fccvedtl.dll",b

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: MOTU Pedal Handler.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: *.line6.net

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)

O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

 

--

End of file - 9036 bytes

 

-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

 

2008-05-19 20:04:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-19 19:51:22 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-05-19 18:37:08 68096 --a------ C:\Windows\zip.exe

2008-05-19 18:37:08 49152 --a------ C:\Windows\VFind.exe

2008-05-19 18:37:08 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-05-19 18:37:08 98816 --a------ C:\Windows\sed.exe

2008-05-19 18:37:08 80412 --a------ C:\Windows\grep.exe

2008-05-19 18:37:08 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-05-19 18:36:51 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-05-19 11:06:35 0 d-------- C:\Program Files\Trend Micro

2008-05-18 16:13:04 0 d-------- C:\Program Files\IObit

2008-05-17 12:42:36 0 d-------- C:\Program Files\Riva

2008-05-13 01:05:34 91264 -----n--- C:\Windows\system32\ugmjyula.dll

2008-05-12 13:04:31 91264 -----n--- C:\Windows\system32\uvmirvvc.dll

2008-05-12 12:58:07 1 --a------ C:\Windows\system32\kr_done1de

2008-05-11 01:35:31 2 -rahs-o-t C:\Windows\winstart.bat

2008-05-11 01:31:15 153088 --a------ C:\Windows\system32\UNRAR3.dll

2008-05-11 01:31:15 75264 --a------ C:\Windows\system32\unacev2.dll

2008-05-09 09:36:59 0 d-------- C:\Program Files\Audacity

2008-05-02 19:01:40 0 d-------- C:\Program Files\Apple Software Update

2008-04-28 21:34:20 0 d-------- C:\Program Files\Hercules

2008-04-27 12:54:21 0 d-------- C:\Program Files\a-squared Free

2008-04-26 13:01:07 0 d-------- C:\Windows\BDOSCAN8

2008-04-20 15:24:34 86016 --a------ C:\Windows\system32\MA_CMIDN.DLL <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>

2008-04-20 15:24:32 21888 --a------ C:\Windows\system32\drivers\MA_CMIDI.SYS <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>

2008-04-20 15:24:29 22208 --a------ C:\Windows\system32\drivers\USBMN1X1.SYS <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface>

2008-04-20 15:24:28 82944 --a------ C:\Windows\system32\USBMN1X1.DLL <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface>

2008-04-20 15:24:27 13504 --a------ C:\Windows\system32\drivers\USB11LDR.SYS <Not Verified; MIDIMAN; Midiman USB MidiSport 1x1 Loader>

2008-04-20 15:24:27 0 d-------- C:\Program Files\M-Audio

2008-04-19 23:39:38 0 d-------- C:\Program Files\Evolution

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-05-19 12:25:00 685420 --a------ C:\Windows\system32\perfh00C.dat

2008-05-19 12:25:00 130782 --a------ C:\Windows\system32\perfc00C.dat

2008-05-19 12:15:36 0 d-------- C:\Program Files\eMule

2008-05-18 12:23:44 0 d-------- C:\Program Files\Lavasoft

2008-05-18 12:20:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-05-17 12:42:47 0 d-------- C:\Program Files\Common Files\SWF Studio

2008-05-15 22:27:39 0 d-------- C:\Program Files\VirtualDJ

2008-05-15 22:27:39 0 d-------- C:\Program Files\CCleaner

2008-05-14 23:52:02 0 d-------- C:\Program Files\Windows Mail

2008-05-02 19:04:28 0 d-------- C:\Program Files\Safari

2008-04-28 21:34:17 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-04-27 19:25:04 0 d-------- C:\Program Files\Neuf

2008-04-27 16:57:13 8224 --a------ C:\Windows\system32\GDIPFONTCACHEV1.DAT

2008-04-26 13:49:45 0 d-------- C:\Program Files\Pack Securite

2008-04-26 12:37:22 0 d-a------ C:\Program Files\Propellerhead

2008-04-26 11:57:39 0 d-------- C:\Program Files\Roxio

2008-04-26 11:57:39 0 d-------- C:\Program Files\Common Files\Sonic Shared

2008-04-26 11:57:38 0 d-------- C:\Program Files\Common Files

2008-04-26 11:56:37 0 d-------- C:\Program Files\Common Files\Roxio Shared

2008-04-26 10:49:16 0 d-------- C:\Program Files\Line6

2008-04-21 23:27:01 0 d-------- C:\Program Files\SendBlaster

2008-04-21 23:22:14 0 d-------- C:\Program Files\Samsung

2008-04-21 23:12:24 0 d-------- C:\Program Files\Image-Line

2008-04-10 13:55:07 0 d-------- C:\Program Files\Common Files\PX Storage Engine

2008-04-10 13:54:21 0 d-------- C:\Program Files\Windows Live Safety Center

2008-04-07 16:55:13 0 d-------- C:\Program Files\BonkEnc

2008-04-05 11:38:59 0 d-------- C:\Program Files\TextAloud

2008-04-05 11:27:00 0 d-------- C:\Program Files\Google

2008-04-05 11:19:42 0 d-------- C:\Program Files\Flash Demo Builder 1.2

2008-04-04 22:38:21 0 d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\OFFICE One v7

2008-04-04 19:02:28 0 d-------- C:\Program Files\iTunes

2008-04-04 19:02:19 0 d-------- C:\Program Files\iPod

2008-04-04 19:00:31 0 d-------- C:\Program Files\QuickTime

2008-04-03 14:06:03 0 d-------- C:\Program Files\MSN Messenger

2008-04-03 14:06:02 0 d-------- C:\Program Files\Messenger Plus! Live

2008-04-01 21:04:36 16 --a------ C:\Windows\msocreg32.dat

2008-04-01 13:21:37 2551 --a------ C:\Windows\unins000.dat

2008-04-01 13:12:39 691545 --a------ C:\Windows\unins000.exe

2008-03-28 22:31:07 0 d-------- C:\Program Files\Common Files\Adobe

2008-03-28 22:30:21 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared

2008-03-20 01:03:07 174 --ahs---- C:\Program Files\desktop.ini

2008-03-20 00:49:26 0 d-------- C:\Program Files\Windows Sidebar

2008-03-20 00:49:26 0 d-------- C:\Program Files\Windows Calendar

2008-03-20 00:49:26 0 d-------- C:\Program Files\Movie Maker

2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Photo Gallery

2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Journal

2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Collaboration

2008-03-20 00:49:24 0 d-------- C:\Program Files\Windows Defender

2008-03-19 23:22:02 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>

2008-03-04 00:11:45 66 --a------ C:\Windows\system32\IPPROTIDE.SYS

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A}]

C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38]

"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12]

"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10]

"removecpl"="RemoveCpl.exe" []

"0845b171"="C:\Windows\system32\fccvedtl.dll" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-19 11:22]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16]

MOTU Pedal Handler.lnk - C:\Windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-26 16:36:31]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableLUA"=0 (0x0)

"EnableUIADesktopToggle"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

"disableregistrytools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cc9fdc-6918-11dc-85bd-001617ee374b}]

AutoRun\command- K:\Autorun.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- End of Deckard's System Scanner: finished at 2008-05-19 22:06:11 ------------

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

ok: il reste des fichiers à supprimer.

On va refaire la manipultion avec le script mais en mode sans échec cette fois ci.

 

Patiente quelques minutes stp le temps que je te fasse un nouveau script;)

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

1) Rend toi sur cette page afin de télécharger le fichier CFScript sur le Bureau > http://www.sendspace.com/file/0p4rm3

pour cela, clique sur le lien en bas de page > pointright.gifDownload Link: CFScript

 

2) Redémarre le PC, impérativement en mode sans échec.

  • Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement.
  • Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
  • Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].
  • Choisis ton compte usuel, et non Administrateur.
  • >> En images ici<<

3) Utilisation du script >>

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
    CFScript.gif
  • Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

4) Redémarre le pc normalement si ComboFix ne l'a pas fait et poste le rapport demandé stp. ( C:\ComboFix.txt)

théo51 Junior Member

théo51

Posté(e)
  • Auteur
Posté(e)

Désolé pour le retard , je n' avais pas vu la réponse. J' ai fait le mode sans echec et arrivé sur le bureau quand j' ai glissé déposé le CFScript sur Combofix, il a commencé l' analyse et mon ordi c' est éteint. Je l' ai quand même fait mais sans le glissé déposé de CFScript

 

 

Voici le rapport

 

ComboFix 08-05-15.3 - Mattanoll 2008-05-20 21:05:24.2 - NTFSx86 MINIMAL

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.643 [GMT 2:00]

Endroit: C:\Users\Mattanoll\Downloads\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\system32\ltdevccf.ini

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier créé dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 18:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-05-19 18:04 --------- d-----w C:\ProgramData\Malwarebytes

2008-05-19 10:15 --------- d-----w C:\ProgramData\eMule

2008-05-19 10:15 --------- d-----w C:\Program Files\eMule

2008-05-19 09:06 --------- d-----w C:\Program Files\Trend Micro

2008-05-18 14:13 --------- d-----w C:\Program Files\IObit

2008-05-18 10:25 --------- d-----w C:\ProgramData\Lavasoft

2008-05-18 10:23 --------- d-----w C:\Program Files\Lavasoft

2008-05-18 10:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-17 10:42 --------- d-----w C:\Program Files\Riva

2008-05-17 10:42 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-05-15 20:27 --------- d-----w C:\Program Files\VirtualDJ

2008-05-15 20:27 --------- d-----w C:\Program Files\CCleaner

2008-05-14 21:52 --------- d-----w C:\Program Files\Windows Mail

2008-05-14 12:18 --------- d-----w C:\Program Files\UnHackMe

2008-05-12 23:05 91,264 ------w C:\Windows\System32\ugmjyula.dll

2008-05-12 15:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-05-12 14:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-12 14:09 --------- d-----w C:\Program Files\a-squared Free

2008-05-12 11:04 91,264 ------w C:\Windows\System32\uvmirvvc.dll

2008-05-09 08:11 --------- d-----w C:\Program Files\Audacity

2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys

2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-05-02 17:04 --------- d-----w C:\Program Files\Safari

2008-05-02 17:01 --------- d-----w C:\Program Files\Apple Software Update

2008-04-28 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-28 19:34 --------- d-----w C:\Program Files\Hercules

2008-04-27 17:25 --------- d-----w C:\Program Files\Neuf

2008-04-26 14:22 --------- d-----w C:\ProgramData\WindowsSearch

2008-04-26 11:49 --------- d-----w C:\Program Files\Pack Securite

2008-04-26 11:45 --------- d-----w C:\ProgramData\fssg

2008-04-26 10:37 --------- d---a-w C:\Program Files\Propellerhead

2008-04-26 09:57 --------- d-----w C:\Program Files\Roxio

2008-04-26 09:57 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-04-26 09:56 --------- d-----w C:\ProgramData\Roxio

2008-04-26 09:56 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-04-26 08:49 --------- d-----w C:\Program Files\Line6

2008-04-21 21:27 --------- d-----w C:\Program Files\SendBlaster

2008-04-21 21:22 --------- d-----w C:\Program Files\Samsung

2008-04-21 21:12 --------- d-----w C:\Program Files\Image-Line

2008-04-20 13:24 --------- d-----w C:\Program Files\M-Audio

2008-04-19 21:39 --------- d-----w C:\Program Files\Evolution

2008-04-10 13:27 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys

2008-04-10 11:59 --------- d-----w C:\ProgramData\F-Secure

2008-04-10 11:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-04-10 11:54 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-04-07 14:55 --------- d-----w C:\Program Files\BonkEnc

2008-04-07 13:55 --------- d-----w C:\ProgramData\Apple Computer

2008-04-05 09:38 --------- d-----w C:\Program Files\TextAloud

2008-04-05 09:27 --------- d-----w C:\Program Files\Google

2008-04-05 09:19 --------- d-----w C:\Program Files\Flash Demo Builder 1.2

2008-04-05 09:17 --------- d-----w C:\ProgramData\Ciel

2008-04-04 20:38 --------- d-----w C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\OFFICE One v7

2008-04-04 17:02 --------- d-----w C:\Program Files\iTunes

2008-04-04 17:02 --------- d-----w C:\Program Files\iPod

2008-04-04 17:00 --------- d-----w C:\Program Files\QuickTime

2008-04-03 12:06 --------- d-----w C:\Program Files\MSN Messenger

2008-04-03 12:06 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-04-01 11:12 691,545 ----a-w C:\Windows\unins000.exe

2008-03-28 20:43 --------- d-----w C:\ProgramData\Adobe Systems

2008-03-28 20:31 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-28 20:30 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared

2008-03-23 17:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-03-19 23:03 174 --sha-w C:\Program Files\desktop.ini

2008-03-19 22:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-03-19 22:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-03-19 21:22 47,560 ----a-w C:\Windows\System32\SPReview.exe

2008-03-19 21:22 152,576 ----a-w C:\Windows\System32\SPWizUI.dll

2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe

2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll

2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-01-26 16:13 480,848 ----a-w C:\Users\All Users\pswi_preloaded.exe

2008-01-26 16:13 480,848 ----a-w C:\ProgramData\pswi_preloaded.exe

2007-09-29 10:28 4,310,776 ----a-w C:\Program Files\MobilePre_V32_5.10.00.5099.exe

2007-07-24 16:29 2,863 ----a-w C:\Program Files\RegisterReaktor.html

2007-07-19 23:41 4,301,387 ----a-w C:\Program Files\Shareaza_2.2.5.0.exe

2007-07-19 21:25 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe

2007-07-19 17:06 270,305,943 ----a-w C:\Program Files\Wolfestein.exe

2007-07-19 15:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

2008-02-05 19:45 168 --sh--r C:\Windows\System32\6136618B3C.sys

2008-02-05 19:45 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((( snapshot@2008-05-19_18.51.44.76 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-19 16:45:59 67,584 ----a-w C:\Windows\bootstat.dat

+ 2008-05-20 19:04:12 67,584 ----a-w C:\Windows\bootstat.dat

- 2008-05-19 16:46:20 1,572,864 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-05-20 16:22:32 1,572,864 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-05-19 16:46:16 1,572,864 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-05-19 20:53:54 1,572,864 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-05-19 16:46:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-05-19 17:36:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-05-19 16:46:29 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-19 17:36:29 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-05-19 16:46:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-05-19 17:36:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-04-27 14:55:19 539,240 ----a-w C:\Windows\System32\FNTCACHE.DAT

+ 2008-05-19 20:52:15 539,240 ----a-w C:\Windows\System32\FNTCACHE.DAT

- 2008-05-19 16:22:21 12,708 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3041004508-859247823-45256752-1003_UserData.bin

+ 2008-05-19 20:54:48 13,028 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3041004508-859247823-45256752-1003_UserData.bin

- 2008-05-19 16:28:56 95,250 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-05-19 20:54:48 14,612 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-05-19 08:42:32 425,036 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-05-20 05:21:59 425,920 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A}]

C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-19 11:22 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]

"removecpl"="RemoveCpl.exe" []

"0845b171"="C:\Windows\system32\fccvedtl.dll" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" []

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

MOTU Pedal Handler.lnk - C:\Windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-26 16:36:31 10134]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"= ma_cmidn.dll

"midi2"= ma_cmidn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{C8B1A925-EBEA-4FAC-87E5-C100ED2EFAA8}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"UDP Query User{AFBF5393-4EC4-447A-8BCC-A1E3ED68972B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"TCP Query User{56342156-ADD0-43BD-8F38-C1F08E7D661E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{D6E2071B-1989-4AC3-97BE-85EF2440FEBA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{1B8152DF-70FD-4F5E-8E8C-28E7DEEE7E50}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"UDP Query User{3537FE1E-C34F-417B-98B4-286477BDA53B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"TCP Query User{945B3F98-6199-4DA5-BCD5-BB9071E9D08C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{4D14A297-B495-4CB7-9A9C-2C82BDB807FD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{1B2AAAA2-B220-46F8-BEA1-B5A73E949C9D}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{87E2715D-F3EB-41D0-891D-3C513CADC131}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{098BD692-FDF0-4EF7-A059-26E8264915F2}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{5A20CA79-9254-4990-8F8A-78CE7D773AB9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{8F88BF62-4B95-4004-89B3-928053736D8E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{F466810E-055D-46BB-895B-5A56DCF80082}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 1 (0x1)

 

R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08]

R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus.sys [2007-01-04 19:06]

S1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-04-10 15:27]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]

S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]

S3 MA_CMIDI;M-Audio USB Driver;C:\Windows\system32\drivers\ma_cmidi.sys [2006-08-16 10:23]

S3 mfwagsif;MOTU Audio GSIF;C:\Windows\system32\drivers\mfwagsif.sys [2007-01-04 19:06]

S3 mfwamidi;MOTU Audio MIDI;C:\Windows\system32\drivers\mfwamidi.sys [2007-01-04 19:06]

S3 mfwawave;MOTU Audio Wave;C:\Windows\system32\drivers\mfwawave.sys [2007-01-04 19:05]

S3 MotuFWA;MotuFWA;C:\Windows\system32\drivers\motufwa.sys [2007-01-04 19:06]

S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01]

S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynasUSB.sys [2006-11-23 18:20]

S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cc9fdc-6918-11dc-85bd-001617ee374b}]

\shell\AutoRun\command - K:\Autorun.exe

 

*Newly Created Service* - ECACHE

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-05-19 20:12:06 C:\Windows\Tasks\User_Feed_Synchronization-{CF198DCE-5B92-49F7-AD74-887FEFAFA03C}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-20 21:09:17

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

folder error: C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-05-20 21:13:21

ComboFix-quarantined-files.txt 2008-05-20 19:13:19

ComboFix2.txt 2008-05-19 16:52:47

 

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

 

217 --- E O F --- 2008-05-17 08:29:55

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Pas de souci pour le retard :P Un souci avec ComboFix par contre! Il reste quelques fichiers à éliminer et on va utiliser un autre petit programme pour cela (je te rassure, c'est rapide!).

 

1°) On supprime ComboFix >>

 

Passe par le Menu Démarrer bycjauke0t.gif > Exécuter > et tape ceci > ComboFix /u (il ya un espace entre x et / )

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

 

2°) Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    [kill explorer]
C:\Windows\System32\ugmjyula.dll
C:\Windows\System32\uvmirvvc.dll
C:\Windows\system32\kr_done1de
C:\Windows\winstart.bat
C:\Windows\System32\fccvedtl.dll
C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll
[start explorer]


  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
  • Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    EmptyTemp


  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) dans le Presse-papiers en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

 

3°) Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

O2 - BHO: (no name) - {FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A} - C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll (file missing)

 

O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe

O4 - HKLM\..\Run: [0845b171] rundll32.exe "C:\Windows\system32\fccvedtl.dll",b

-Ferme tous les programmes et clique sur "Fix Checked"

 

4°) Un petit scan en ligne pour en finir >>

 

Clique sur le lien suivant > ESET Online Scanner Link

  • Coche la case YES, I accept the Terms Of Use
  • Clique sur le bouton Start
  • Clique ensuite sur le bouton Install
  • Clique sur Start
  • Le scanner va se mettre à jour.
  • Ne coche pas la case Remove found threats
  • Clique sur le bouton Scan
  • Le scan va se lancer: soit patient.
  • Lorsque le scan s'achève, clique sur le menu Details
  • Copie/colle le contenu du rapport généré: il se trouve ici > C:\Program Files\EsetOnlineScanner et se nomme log.txt

Petite question: est ce que tu connais ce fichier Wolfestein.exe qui se trouve dans le dossier C:\Program Files ?

 

Poste stp les rapports suivants >>

 

- OtMoveIT2

- un nouveau rapport hijackthis.

- le rapport d' Eset Online Scanner

 

Allez, courage! après ca c'est tout bon :P

théo51 Junior Member

théo51

Posté(e)
  • Auteur
Posté(e)

:P

 

Les 2 premiers rapports déja

 

 

Explorer killed successfully

DllUnregisterServer procedure not found in C:\Windows\System32\ugmjyula.dll

C:\Windows\System32\ugmjyula.dll NOT unregistered.

C:\Windows\System32\ugmjyula.dll moved successfully.

DllUnregisterServer procedure not found in C:\Windows\System32\uvmirvvc.dll

C:\Windows\System32\uvmirvvc.dll NOT unregistered.

C:\Windows\System32\uvmirvvc.dll moved successfully.

C:\Windows\system32\kr_done1de moved successfully.

C:\Windows\winstart.bat moved successfully.

File/Folder C:\Windows\System32\fccvedtl.dll not found.

File/Folder C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll not found.

Explorer started successfully

< EmptyTemp >

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\Acr6EB5.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\Acr6EB7.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFBC4B.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFBC83.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFCFA9.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFCFDF.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFDA64.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFDA6E.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFF212.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFF21C.tmp scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\nvcbin.def.DD0B6467.TMP scheduled to be deleted on reboot.

Temp folders emptied.

IE temp folders emptied.

 

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05212008_131052

 

Files moved on Reboot...

C:\Users\MATTAN~1\AppData\Local\Temp\Acr6EB5.tmp moved successfully.

C:\Users\MATTAN~1\AppData\Local\Temp\Acr6EB7.tmp moved successfully.

File C:\Users\MATTAN~1\AppData\Local\Temp\~DFBC4B.tmp not found!

File C:\Users\MATTAN~1\AppData\Local\Temp\~DFBC83.tmp not found!

File C:\Users\MATTAN~1\AppData\Local\Temp\~DFCFA9.tmp not found!

File C:\Users\MATTAN~1\AppData\Local\Temp\~DFCFDF.tmp not found!

File C:\Users\MATTAN~1\AppData\Local\Temp\~DFDA64.tmp not found!

File C:\Users\MATTAN~1\AppData\Local\Temp\~DFDA6E.tmp not found!

File C:\Users\MATTAN~1\AppData\Local\Temp\~DFF212.tmp not found!

File C:\Users\MATTAN~1\AppData\Local\Temp\~DFF21C.tmp not found!

File move failed. C:\Windows\temp\nvcbin.def.DD0B6467.TMP scheduled to be moved on reboot.

 

L' autre

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:24:35, on 21/05/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\conime.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\MOTU\Audio\MFWAKeys.exe

C:\Windows\ehome\ehmsas.exe

c:\Program Files\Trend Micro\HijackThis\Mattanoll.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: MOTU Pedal Handler.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: *.line6.net

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)

O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

 

--

End of file - 8161 bytes

 

 

 

Voila le dernier rapport arrive bientôt

 

Et pour le fichier Wolfestein.exe, c' est un jeu en résau :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...