Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

AntiSpywareExpert, un cauchemar [résolu]

laurier

Par laurier
dans Analyses et éradication malwares

 Partager

Messages recommandés

laurier Member

laurier

Posté(e)
  • Auteur
Posté(e)

Voilà. :P

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:01:41, on 08/08/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\vVX1000.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Orange\Systray\SystrayApp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\AntiSpywareExpert\ase_fr.exe

C:\Program Files\PCPrivacyCleaner\pcpc.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase_fr.exe

O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.orange.fr

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

 

--

End of file - 7255 bytes

 

 

J'ai hérité d'un PCPrivacycleaner entre temps, c'est chouette toutes ces nouveautés sur mon PC. :P

 

Bordel, quelle saloperie ce truc, j'en reviens pas...

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

On va aussi lui faire la peau, mais ces trucs ne se choppent pas tous seuls...

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

laurier Member

laurier

Posté(e)
  • Auteur
Posté(e)

Euhhu... J'ai tléchargé et exécuté comme tu m'as dit. Je n'avais pas fermé internet mais lui l'a fait.

 

je n'ai pas eu de message de garantie, mon pare-feu est resté muet et je ne ferme rien (pas fou)

par contre une fenêtre s'est ouverte qui dit :

 

"combofix has detected the presence of rookit activity and needs to reboot the machine"

 

je fais quoi, je dis OK ?

 

petite précision, je viens de changer d'ordi pour poser cette question, j'hésite à essayer de me rebrancher sur internet (je ne sais pas si c'est possible d'ailleurs avec combofix ouvert.

 

Merci

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Dis lui OK, suis ses instructions s'il en donne. Je pense savoir ce que tu as (le truc caché).

 

Il faut laisser ComboFix finir son truc, ne touche à rien d'autre en attendant sur la machine en question.

laurier Member

laurier

Posté(e)
  • Auteur
Posté(e)

ça semble bon.

 

Voilà.

 

 

 

ComboFix 08-08-08.02 - cyrille 2008-08-08 18:16:35.1 - NTFSx86

Microsoft® Windows Vista Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.1157 [GMT 2:00]

Endroit: C:\Users\cyrille\Desktop\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\AntiSpywareExpert

C:\Program Files\AntiSpywareExpert\ase_fr.exe

C:\Program Files\PCHealthCenter

C:\Program Files\PCHealthCenter\0.exe

C:\Program Files\PCHealthCenter\0.gif

C:\Program Files\PCHealthCenter\1.gif

C:\Program Files\PCHealthCenter\2.gif

C:\Program Files\PCHealthCenter\3.exe

C:\Program Files\PCHealthCenter\3.gif

C:\Program Files\PCHealthCenter\5.exe

C:\Program Files\PCHealthCenter\sc.html

C:\Program Files\PCHealthCenter\sex1.ico

C:\Program Files\PCHealthCenter\sex2.ico

C:\Program Files\PCPrivacyCleaner

C:\Program Files\PCPrivacyCleaner\pcpc.exe

C:\Program Files\VAV

C:\Program Files\VAV\vav.cpl

C:\Program Files\VAV\vav.ooo

C:\Program Files\VAV\vav0.dat

C:\Program Files\VAV\vav1.dat

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCPrivacyCleaner

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCPrivacyCleaner\PCPrivacyCleaner.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk

C:\Users\cyrille\AppData\Roaming\inst.exe

C:\Users\cyrille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk

C:\Users\cyrille\Desktop\PCPrivacyCleaner.lnk

C:\Windows\epgk.exe

C:\Windows\system32\tdssl.dll

C:\Windows\system32\tdsslog.dll

C:\Windows\system32\tdssmain.dll

C:\Windows\system32\tdssservers.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TDSSSERV

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-08 15:38 . 2008-08-08 15:38 <REP> d-------- C:\_OTMoveIt

2008-08-08 09:34 . 2008-08-08 09:34 691 --a------ C:\Users\cyrille\AppData\Roaming\GetValue.vbs

2008-08-08 09:34 . 2008-08-08 09:34 35 --a------ C:\Users\cyrille\AppData\Roaming\SetValue.bat

2008-08-08 09:13 . 2008-08-08 09:34 4,406 --a------ C:\Windows\System32\tmp.reg

2008-08-08 09:12 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-08-08 09:12 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-08-08 09:12 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-08-08 09:12 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-08-08 09:12 . 2008-07-02 13:33 82,432 --a------ C:\Windows\System32\IEDFix.C.exe

2008-08-08 09:12 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe

2008-08-08 09:12 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe

2008-08-08 09:12 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-08-08 09:12 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-08-08 07:56 . 2008-08-08 07:56 <REP> d-------- C:\Deckard

2008-08-07 21:59 . 2008-08-07 21:59 <REP> d-------- C:\Program Files\Trend Micro

2008-08-07 17:38 . 2008-08-07 11:30 86,016 --a------ C:\Windows\lnvegaow.exe

2008-08-03 16:14 . 2008-08-03 16:22 <REP> d-------- C:\Users\cyrille\AppData\Roaming\FileZilla

2008-07-31 20:02 . 2008-08-08 12:40 <REP> d-------- C:\ProgramData\FLEXnet

2008-07-31 19:05 . 2008-07-31 19:05 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-07-31 16:43 . 2008-07-31 18:15 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine

2008-07-31 16:43 . 2008-04-01 13:23 43,528 --------- C:\Windows\System32\drivers\PxHelp20.sys

2008-07-31 16:43 . 2008-04-01 13:23 9,464 --------- C:\Windows\System32\drivers\cdralw2k.sys

2008-07-31 16:43 . 2008-04-01 13:23 9,336 --------- C:\Windows\System32\drivers\cdr4_xp.sys

2008-07-12 16:36 . 2008-07-12 16:36 <REP> d-------- C:\Program Files\Xvid

2008-07-12 16:36 . 2006-11-01 14:52 765,952 --a------ C:\Windows\System32\xvidcore.dll

2008-07-12 16:36 . 2006-11-01 14:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll

2008-07-12 16:36 . 2006-11-01 15:26 77,824 --a------ C:\Windows\System32\xvid.ax

2008-07-09 08:30 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-09 08:30 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-09 08:30 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 20:00 --------- d-----w C:\Program Files\eMule

2008-07-31 17:35 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-22 06:06 --------- d-----w C:\Program Files\Java

2008-07-17 10:30 47,360 ----a-w C:\Users\cyrille\AppData\Roaming\pcouffin.sys

2008-07-17 10:30 --------- d-----w C:\Users\cyrille\AppData\Roaming\Vso

2008-07-17 10:30 --------- d-----w C:\Program Files\VSO

2008-07-12 14:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-09 06:03 --------- d-----w C:\Program Files\Windows Mail

2008-07-01 17:08 --------- d-----w C:\Program Files\Common Files\Java

2008-06-27 15:18 --------- d-----w C:\Program Files\The KMPlayer FR

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll

2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll

2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll

2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll

2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll

2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe

2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe

2008-03-23 10:07 174 --sha-w C:\Program Files\desktop.ini

2007-09-05 14:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-09-05 14:23 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-09-05 14:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-18 17:33 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 11:00 18944]

"VX1000"="C:\Windows\vVX1000.exe" [2006-12-06 01:38 707360]

"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-08 14:00 622592]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 19:50 266497]

"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]

"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 11:15:56 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{EBDA6A73-29EA-47D1-975A-1947D3B00E20}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL

"{51035A10-D549-4004-AC4D-98BCEC0B5E15}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL

"TCP Query User{4017AC59-17F1-4495-8D65-54F54742F05E}C:\\program files\\securitoo\\av_fw\\backweb\\1044199\\program\\backweb-1044199.exe"= UDP:C:\program files\securitoo\av_fw\backweb\1044199\program\backweb-1044199.exe:backWeb-1044199

"UDP Query User{A63B6DBA-9829-48ED-9A92-E0759530BB79}C:\\program files\\securitoo\\av_fw\\backweb\\1044199\\program\\backweb-1044199.exe"= TCP:C:\program files\securitoo\av_fw\backweb\1044199\program\backweb-1044199.exe:backWeb-1044199

"{E672BFD7-98E8-41F9-8712-F08C1F80CEE1}"= Disabled:UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL

"{F7175B31-3470-484F-AF97-7FB84A2F0243}"= Disabled:TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL

"{C9BB73EE-54EC-4947-BC13-59214062C5E3}"= Disabled:UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect

"{5807BCB5-6095-4718-B7A5-9DE83A041528}"= Disabled:TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect

"{100D95A5-4ABF-4F26-AE53-E39FFED9F782}"= Disabled:UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader

"{6349E532-C43C-401C-8382-BF2B7AF9BBE3}"= Disabled:TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader

"{2DC623EB-E154-4DC2-AC14-5704CD18CA00}"= Disabled:UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information

"{A41D185E-6B22-4079-AA7F-8A5AAAE510DF}"= Disabled:TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information

"{B61A761D-DA48-41FE-8DBE-18DC4B632AAB}"= Disabled:UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed

"{CC941433-DF5B-4585-BE6A-52FAEB64D589}"= Disabled:TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed

"{1412C926-5167-43E5-9D71-59E731927DD0}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{A99D4E11-30EC-4B02-807B-E4B818F20C2C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{52152515-67F1-464C-9679-9AC0DC91DD42}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{2547E453-FF0D-4693-8533-A7EC5AD721E7}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"{F06BA3C4-3479-4DEE-947E-86CB131FD50B}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{F43808CC-A250-4F5A-BEEF-3C5719505C6B}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{431D1723-A2BF-4353-A94B-4FE6F94DF9F8}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{35813648-F6B1-42D8-AFFD-F16C33D7F89C}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{910A06C4-C3FE-4F2C-A4D2-78F23F5931E4}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{98D00057-113B-4E88-B379-040A45CBB3E4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{66E93BE5-7DFE-49BB-8E57-618A2967473B}D:\\autorun.exe"= UDP:D:\autorun.exe:CD navigator

"UDP Query User{CD297043-22CA-4565-B4C5-552A9DF7CB50}D:\\autorun.exe"= TCP:D:\autorun.exe:CD navigator

"{D193C816-A1B7-4E11-A438-DCC2788373CC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{066CEACA-982F-4C22-BA96-62B6F3B8FD89}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{84BB79D8-168F-442F-BC29-7B57333F2BFD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{DC6D5C0D-87EB-4581-8DA2-825EC66D0260}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{357648EF-4832-4C07-B123-E290A6D094DF}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{2D62B5AA-4FA5-44BB-A8EE-0AFC9E89D0C2}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{29583C3F-38E6-4020-89CA-372E6724C3B0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{EC8E7A10-6A91-4ADA-85B9-BE0E3DD215E9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS

 

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 00:13]

R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]

R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-06 01:39]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

 

2008-08-08 C:\Windows\Tasks\Extension de garantie.job

- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe []

 

2007-08-07 C:\Windows\Tasks\HDReg.job

- C:\Program Files\HDReg\HDRegRem.exe [2003-07-15 10:14]

 

2008-08-08 C:\Windows\Tasks\Recovery DVD Creator.job

- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe []

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-AntiSpywareExpert - C:\Program Files\AntiSpywareExpert\ase_fr.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\qnlbxhzu.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.rennes.maville.com/accueil.php

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-08 18:26:11

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\brss01a.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-08-08 18:38:52 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-08 16:38:42

 

Pre-Run: 49,997,885,440 octets libres

Post-Run: 50,929,213,440 octets libres

 

245 --- E O F --- 2008-07-31 05:23:30

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

C'est ce que je pensais. Impeccable.

 

Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

  • Désactive ton antivirus, il peut gêner.
  • Ouvre le bloc notes. Copie colle ceci dedans :

 

Killall::

 

File::

C:\Windows\lnvegaow.exe

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=-

 

 

  • Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
     
  • Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

CFScript.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là, et réactive ton antivirus.

laurier Member

laurier

Posté(e)
  • Auteur
Posté(e)

première étape :P

 

 

ComboFix 08-08-08.02 - cyrille 2008-08-08 21:09:08.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.1242 [GMT 2:00]

Endroit: C:\Users\cyrille\Desktop\ComboFix.exe

Command switches used :: C:\Users\cyrille\Desktop\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE ::

C:\Windows\lnvegaow.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\lnvegaow.exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-08 19:42 . 2008-08-08 19:42 <REP> d-------- C:\Users\Default\Roaming

2008-08-08 19:42 . 2008-08-08 19:42 <REP> d-------- C:\Users\cyrille\Roaming

2008-08-08 19:42 . 2008-08-08 19:42 <REP> d-------- C:\Users\cyrille\AppData\Roaming\MySpace

2008-08-08 19:42 . 2008-08-08 20:11 <REP> d-------- C:\Program Files\MySpace

2008-08-08 18:36 . 2008-08-08 18:36 <REP> d-------- C:\ProgramData\WindowsSearch

2008-08-08 15:38 . 2008-08-08 15:38 <REP> d-------- C:\_OTMoveIt

2008-08-08 09:34 . 2008-08-08 09:34 691 --a------ C:\Users\cyrille\AppData\Roaming\GetValue.vbs

2008-08-08 09:34 . 2008-08-08 09:34 35 --a------ C:\Users\cyrille\AppData\Roaming\SetValue.bat

2008-08-08 09:13 . 2008-08-08 09:34 4,406 --a------ C:\Windows\System32\tmp.reg

2008-08-08 09:12 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-08-08 09:12 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-08-08 09:12 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-08-08 09:12 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-08-08 09:12 . 2008-07-02 13:33 82,432 --a------ C:\Windows\System32\IEDFix.C.exe

2008-08-08 09:12 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe

2008-08-08 09:12 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe

2008-08-08 09:12 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-08-08 09:12 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-08-08 07:56 . 2008-08-08 07:56 <REP> d-------- C:\Deckard

2008-08-07 21:59 . 2008-08-07 21:59 <REP> d-------- C:\Program Files\Trend Micro

2008-08-03 16:14 . 2008-08-03 16:22 <REP> d-------- C:\Users\cyrille\AppData\Roaming\FileZilla

2008-07-31 20:02 . 2008-08-08 12:40 <REP> d-------- C:\ProgramData\FLEXnet

2008-07-31 19:05 . 2008-07-31 19:05 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-07-31 16:43 . 2008-07-31 18:15 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine

2008-07-31 16:43 . 2008-04-01 13:23 43,528 --------- C:\Windows\System32\drivers\PxHelp20.sys

2008-07-31 16:43 . 2008-04-01 13:23 9,464 --------- C:\Windows\System32\drivers\cdralw2k.sys

2008-07-31 16:43 . 2008-04-01 13:23 9,336 --------- C:\Windows\System32\drivers\cdr4_xp.sys

2008-07-12 16:36 . 2008-07-12 16:36 <REP> d-------- C:\Program Files\Xvid

2008-07-12 16:36 . 2006-11-01 14:52 765,952 --a------ C:\Windows\System32\xvidcore.dll

2008-07-12 16:36 . 2006-11-01 14:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll

2008-07-12 16:36 . 2006-11-01 15:26 77,824 --a------ C:\Windows\System32\xvid.ax

2008-07-09 08:30 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-09 08:30 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-09 08:30 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 20:00 --------- d-----w C:\Program Files\eMule

2008-07-31 17:35 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-22 06:06 --------- d-----w C:\Program Files\Java

2008-07-17 10:30 47,360 ----a-w C:\Users\cyrille\AppData\Roaming\pcouffin.sys

2008-07-17 10:30 --------- d-----w C:\Users\cyrille\AppData\Roaming\Vso

2008-07-17 10:30 --------- d-----w C:\Program Files\VSO

2008-07-12 14:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-09 06:03 --------- d-----w C:\Program Files\Windows Mail

2008-07-01 17:08 --------- d-----w C:\Program Files\Common Files\Java

2008-06-27 15:18 --------- d-----w C:\Program Files\The KMPlayer FR

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll

2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll

2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll

2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll

2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll

2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe

2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe

2008-03-23 10:07 174 --sha-w C:\Program Files\desktop.ini

2007-09-05 14:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-09-05 14:23 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-09-05 14:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-08_18.37.29.01 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-08 16:25:54 1,310,720 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-08-08 19:13:07 1,310,720 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-08-08 16:25:54 1,310,720 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-08-08 19:13:02 1,310,720 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-08-08 16:19:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-08-08 18:57:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-08-08 16:19:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-08-08 18:57:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-08-08 16:19:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-08-08 18:57:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-08-08 16:19:39 102,462 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-08-08 16:33:17 105,956 ----a-w C:\Windows\System32\perfc009.dat

- 2008-08-08 16:19:39 129,012 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-08-08 16:33:17 129,012 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-08-08 16:19:39 594,430 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-08-08 16:33:17 597,924 ----a-w C:\Windows\System32\perfh009.dat

- 2008-08-08 16:19:39 681,334 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-08-08 16:33:18 681,334 ----a-w C:\Windows\System32\perfh00C.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-18 17:33 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 11:00 18944]

"VX1000"="C:\Windows\vVX1000.exe" [2006-12-06 01:38 707360]

"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-08 14:00 622592]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 19:50 266497]

"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]

"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 11:15:56 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{EBDA6A73-29EA-47D1-975A-1947D3B00E20}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL

"{51035A10-D549-4004-AC4D-98BCEC0B5E15}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL

"TCP Query User{4017AC59-17F1-4495-8D65-54F54742F05E}C:\\program files\\securitoo\\av_fw\\backweb\\1044199\\program\\backweb-1044199.exe"= UDP:C:\program files\securitoo\av_fw\backweb\1044199\program\backweb-1044199.exe:backWeb-1044199

"UDP Query User{A63B6DBA-9829-48ED-9A92-E0759530BB79}C:\\program files\\securitoo\\av_fw\\backweb\\1044199\\program\\backweb-1044199.exe"= TCP:C:\program files\securitoo\av_fw\backweb\1044199\program\backweb-1044199.exe:backWeb-1044199

"{E672BFD7-98E8-41F9-8712-F08C1F80CEE1}"= Disabled:UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL

"{F7175B31-3470-484F-AF97-7FB84A2F0243}"= Disabled:TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL

"{C9BB73EE-54EC-4947-BC13-59214062C5E3}"= Disabled:UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect

"{5807BCB5-6095-4718-B7A5-9DE83A041528}"= Disabled:TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect

"{100D95A5-4ABF-4F26-AE53-E39FFED9F782}"= Disabled:UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader

"{6349E532-C43C-401C-8382-BF2B7AF9BBE3}"= Disabled:TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader

"{2DC623EB-E154-4DC2-AC14-5704CD18CA00}"= Disabled:UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information

"{A41D185E-6B22-4079-AA7F-8A5AAAE510DF}"= Disabled:TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information

"{B61A761D-DA48-41FE-8DBE-18DC4B632AAB}"= Disabled:UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed

"{CC941433-DF5B-4585-BE6A-52FAEB64D589}"= Disabled:TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed

"{1412C926-5167-43E5-9D71-59E731927DD0}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{A99D4E11-30EC-4B02-807B-E4B818F20C2C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{52152515-67F1-464C-9679-9AC0DC91DD42}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{2547E453-FF0D-4693-8533-A7EC5AD721E7}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"{F06BA3C4-3479-4DEE-947E-86CB131FD50B}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{F43808CC-A250-4F5A-BEEF-3C5719505C6B}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{431D1723-A2BF-4353-A94B-4FE6F94DF9F8}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{35813648-F6B1-42D8-AFFD-F16C33D7F89C}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{910A06C4-C3FE-4F2C-A4D2-78F23F5931E4}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{98D00057-113B-4E88-B379-040A45CBB3E4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{66E93BE5-7DFE-49BB-8E57-618A2967473B}D:\\autorun.exe"= UDP:D:\autorun.exe:CD navigator

"UDP Query User{CD297043-22CA-4565-B4C5-552A9DF7CB50}D:\\autorun.exe"= TCP:D:\autorun.exe:CD navigator

"{D193C816-A1B7-4E11-A438-DCC2788373CC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{066CEACA-982F-4C22-BA96-62B6F3B8FD89}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{84BB79D8-168F-442F-BC29-7B57333F2BFD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{DC6D5C0D-87EB-4581-8DA2-825EC66D0260}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{357648EF-4832-4C07-B123-E290A6D094DF}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{2D62B5AA-4FA5-44BB-A8EE-0AFC9E89D0C2}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts

"TCP Query User{29583C3F-38E6-4020-89CA-372E6724C3B0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{EC8E7A10-6A91-4ADA-85B9-BE0E3DD215E9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS

 

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 00:13]

R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]

R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-06 01:39]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

 

2008-08-08 C:\Windows\Tasks\Extension de garantie.job

- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe []

 

2007-08-07 C:\Windows\Tasks\HDReg.job

- C:\Program Files\HDReg\HDRegRem.exe [2003-07-15 10:14]

 

2008-08-08 C:\Windows\Tasks\Recovery DVD Creator.job

- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe []

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-08 21:13:26

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

 

C:\Users\cyrille\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm 472 bytes

C:\Users\cyrille\AppData\Local\Microsoft\Portable Devices\wpdlog03.sqm 472 bytes

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 2

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\brss01a.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\Orange\Deskboard\Deskboard.exe

C:\Program Files\Orange\Connectivity\ConnectivityManager.exe

C:\Program Files\Orange\Connectivity\corecom\CoreCom.exe

C:\Program Files\Orange\Connectivity\corecom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-08-08 21:25:44 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-08 19:25:34

ComboFix2.txt 2008-08-08 16:38:53

 

Pre-Run: 50,694,033,408 octets libres

Post-Run: 50,608,553,984 octets libres

 

236 --- E O F --- 2008-07-31 05:23:30

 

 

seconde étape,

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:36:29, on 08/08/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\vVX1000.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Orange\Systray\SystrayApp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Orange\Deskboard\deskboard.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.orange.fr

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

 

--

End of file - 7225 bytes

 

 

 

 

 

et je scanne le PC.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)
et je scanne le PC.
? Il va te trouver des saletés dans la quarantaine de combofix, ça va bipper de partout...

 

Le dernier rapport est propre. Constates-tu encore des symptômes d'infection ?

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...