Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojan Spy HTML

Jeetos

Par Jeetos
dans Analyses et éradication malwares

 Partager

Messages recommandés

Jeetos Junior Member

Jeetos

Posté(e)
Posté(e)

Bonjour j'ai un probleme avec mon ordinateur et j'ai lu quelques conseils sur des forums comme celui la et je vois que personne n'a le meme processus pour regler le probleme. Voici le rapport HiJackThis: Merci d'avance pour votre aide

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:59:52, on 2008-09-19

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\syshlp\udwvoruv.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\conime.exe

C:\hp\kbd\kbd.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MonEn] C:\ProgramData\MonEn\gjshgryd.exe

O4 - HKCU\..\Run: [hmy19iZXM5] C:\ProgramData\cvmbctav\onojavwf.exe

O4 - HKCU\..\Run: [syshlp] C:\ProgramData\syshlp\udwvoruv.exe

O4 - HKCU\..\Run: [lphcccaj0eaa7] C:\Windows\system32\lphcccaj0eaa7.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldfr-ca.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9854 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonjour, et bienvenue. :P

 

Messages : 1

Si jamais tu as besoin de quelques infos :

Comment participer à un forum

Retrouver ses messages

 

 

 

Ta machine est infectée par de faux programmes, et d'autres choses.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Jeetos Junior Member

Jeetos

Posté(e)
  • Auteur
Posté(e)

Merci de la vitesse de réponse cest grandement apprécié!!

Voici le rapport mbam:

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1176

Windows 6.0.6001 Service Pack 1

 

2008-09-19 12:56:27

mbam-log-2008-09-19 (12-56-27).txt

 

Type de recherche: Examen rapide

Eléments examinés: 43927

Temps écoulé: 5 minute(s), 41 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 6

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 4

Fichier(s) infecté(s): 9

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hmy19izxm5 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syshlp (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcccaj0eaa7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Users\Admin\AppData\Roaming\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Users\Admin\AppData\Roaming\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Users\Admin\AppData\Roaming\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Program Files\MicroAntivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\ProgramData\cvmbctav\onojavwf.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\ProgramData\syshlp\udwvoruv.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\Users\Admin\AppData\Roaming\RegistrySmart\Log\2008 May 26 - 12_34_57 AM_848.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Users\Admin\AppData\Roaming\RegistrySmart\Registry Backups\2008-05-26_00-38-17.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

C:\Program Files\MicroAntivirus\microAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\MicroAntivirus\microAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\MicroAntivirus\microAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\Windows\System32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\System32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.

Jeetos Junior Member

Jeetos

Posté(e)
  • Auteur
Posté(e)

Ça fait maintenant 4 heures que j'ai fini l'analyse avec mbam et je n'ai plus de fenetre qui s'ouvre détectant un trojan!!

 

Merci beaucoup vous m'avez vraiment aidé!!!

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Vu la quantité qui a dégagé, ça doit aller mieux, héhéhé.

 

Redémarre (si pas déjà fait) et poste un nouveau rapport HijackThis on doit y voir plus clair. :P

Jeetos Junior Member

Jeetos

Posté(e)
  • Auteur
Posté(e)

Cest bon c'est redémarrer et voici le rapport hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:59:52, on 2008-09-19

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\syshlp\udwvoruv.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\conime.exe

C:\hp\kbd\kbd.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MonEn] C:\ProgramData\MonEn\gjshgryd.exe

O4 - HKCU\..\Run: [hmy19iZXM5] C:\ProgramData\cvmbctav\onojavwf.exe

O4 - HKCU\..\Run: [syshlp] C:\ProgramData\syshlp\udwvoruv.exe

O4 - HKCU\..\Run: [lphcccaj0eaa7] C:\Windows\system32\lphcccaj0eaa7.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldfr-ca.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9854 bytes

 

 

Merci encore

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il en reste, on va terminer en 2-3 phases.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Jeetos Junior Member

Jeetos

Posté(e)
  • Auteur
Posté(e)

Je sais pas ou tu as appris tout ce que tu connais mais je te lève mon chapeau!

Voici le rapport combofix:

 

ComboFix 08-09-19.09 - Admin 2008-09-20 7:28:33.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.876 [GMT -4:00]

Lancé depuis: C:\Users\Admin\Desktop\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Il y a peut-être des sites infectés -----

 

http://www.radioenergie.com

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Users\All Users\Malwarebytes

2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Users\Admin\AppData\Roaming\Malwarebytes

2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\ProgramData\Malwarebytes

2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-19 12:49 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-19 12:49 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-19 01:59 . 2008-09-19 01:59 <REP> d-------- C:\Program Files\Trend Micro

2008-09-19 01:37 . 2008-09-19 17:43 <REP> d-------- C:\Users\Admin\AppData\Roaming\DivX

2008-09-19 00:29 . 2008-09-19 00:29 <REP> d-------- C:\Program Files\DivX

2008-09-15 17:57 . 2008-09-15 17:57 <REP> d-------- C:\N360_BACKUP

2008-09-15 15:12 . 2008-07-30 17:42 23,888 --a------ C:\Windows\System32\drivers\COH_Mon.sys

2008-09-15 15:12 . 2008-07-30 17:28 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat

2008-09-15 15:12 . 2008-07-30 17:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf

2008-09-15 14:57 . 2008-09-19 12:56 <REP> d-------- C:\Users\All Users\syshlp

2008-09-15 14:57 . 2008-09-19 12:56 <REP> d-------- C:\ProgramData\syshlp

2008-09-15 08:19 . 2008-09-15 08:19 16 --a------ C:\Windows\System32\coh.cache

2008-09-15 08:01 . 2008-09-15 14:51 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS

2008-09-15 08:01 . 2008-09-15 14:51 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT

2008-09-15 08:01 . 2008-09-15 14:51 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF

2008-09-15 07:59 . 2008-09-15 14:51 <REP> d-------- C:\Program Files\Symantec

2008-09-15 07:40 . 2008-09-19 13:08 <REP> d-------- C:\Users\All Users\MonEn

2008-09-15 07:40 . 2008-09-19 13:00 <REP> d-------- C:\Users\All Users\cvmbctav

2008-09-15 07:40 . 2008-09-19 13:08 <REP> d-------- C:\ProgramData\MonEn

2008-09-15 07:40 . 2008-09-19 13:00 <REP> d-------- C:\ProgramData\cvmbctav

2008-09-09 19:19 . 2008-09-09 19:19 <REP> d----c--- C:\Windows\System32\DRVSTORE

2008-09-09 19:19 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll

2008-09-09 19:19 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys

2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\Program Files\iTunes

2008-09-09 19:18 . 2008-09-09 19:18 <REP> d-------- C:\Program Files\iPod

2008-09-09 19:15 . 2008-09-09 19:16 <REP> d-------- C:\Program Files\QuickTime

2008-09-09 18:13 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-09 18:13 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-09 18:12 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-09 18:12 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-09 18:12 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-09 18:12 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-09 18:12 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-09 18:12 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-09 18:12 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

2008-09-04 15:45 . 2007-11-08 05:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex

2008-08-22 10:38 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-08-22 10:38 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-08-22 10:38 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-08-22 10:38 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-08-22 10:37 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-08-22 10:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-08-22 10:37 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-08-22 10:37 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-08-22 10:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-08-20 17:21 . 2008-08-20 17:21 <REP> d-------- C:\Program Files\Apple Software Update

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-20 11:24 --------- d-----w C:\Users\Admin\AppData\Roaming\uTorrent

2008-09-19 04:31 --------- d-----w C:\ProgramData\Symantec

2008-09-19 04:29 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-09-16 16:44 --------- d-----w C:\Program Files\Norton 360

2008-09-15 23:21 --------- d-----w C:\Program Files\Nero

2008-09-15 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-15 18:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-10 07:04 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-10 07:02 --------- d-----w C:\Program Files\Microsoft Works

2008-09-09 23:15 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-09 00:34 --------- d-----w C:\Users\Admin\AppData\Roaming\Vso

2008-09-06 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-25 19:10 --------- d-----w C:\Program Files\HP

2008-08-20 16:15 --------- d-----w C:\Users\Admin\AppData\Roaming\LimeWire

2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-18 19:35 --------- d-----w C:\ProgramData\NVIDIA

2008-08-14 07:18 --------- d-----w C:\Program Files\Windows Mail

2008-08-07 20:59 --------- d-----w C:\Program Files\PokerStars

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-07-23 16:50 129,784 ------w C:\Windows\System32\PxAFS.DLL

2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2008-07-21 19:43 --------- d-----w C:\Program Files\Java

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-14 00:56 92,064 ----a-w C:\Users\Admin\mqdmmdm.sys

2008-06-14 00:56 9,232 ----a-w C:\Users\Admin\mqdmmdfl.sys

2008-06-14 00:56 79,328 ----a-w C:\Users\Admin\mqdmserd.sys

2008-06-14 00:56 66,656 ----a-w C:\Users\Admin\mqdmbus.sys

2008-06-14 00:56 6,208 ----a-w C:\Users\Admin\mqdmcmnt.sys

2008-06-14 00:56 5,936 ----a-w C:\Users\Admin\mqdmwhnt.sys

2008-06-14 00:56 4,048 ----a-w C:\Users\Admin\mqdmcr.sys

2008-06-14 00:56 25,600 ----a-w C:\Users\Admin\usbsermptxp.sys

2008-06-14 00:56 22,768 ----a-w C:\Users\Admin\usbsermpt.sys

2008-04-20 20:58 174 --sha-w C:\Program Files\desktop.ini

2008-02-29 05:09 47,360 ----a-w C:\Users\Admin\AppData\Roaming\pcouffin.sys

2007-11-06 02:22 1,164,456 ----a-w C:\Users\Admin\install_flash_player.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-15_14.25.45.94 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-15 18:09:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-19 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-15 18:09:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-19 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-09-15 18:11:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-09-19 17:02:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-09-19 17:02:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-09-15 18:24:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-09-20 11:31:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-09-20 11:31:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-15 18:17:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-20 11:24:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-15 18:17:30 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-20 11:24:45 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-15 18:17:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-20 11:24:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-15 18:21:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-20 11:28:20 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-03-31 21:25:46 682,496 ----a-w C:\Windows\System32\divx.dll

+ 2008-07-25 08:34:36 683,520 ----a-w C:\Windows\System32\DivX.dll

+ 2008-07-25 08:34:42 823,296 ----a-w C:\Windows\System32\divx_xx07.dll

+ 2008-07-25 08:34:40 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll

+ 2008-07-25 08:34:40 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll

+ 2008-07-25 08:34:40 802,816 ----a-w C:\Windows\System32\divx_xx11.dll

+ 2008-07-25 08:34:30 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe

- 2008-03-21 20:28:54 81,920 ----a-w C:\Windows\System32\dpl100.dll

+ 2008-07-25 08:34:54 81,920 ----a-w C:\Windows\System32\dpl100.dll

+ 2008-07-25 08:34:46 294,912 ----a-w C:\Windows\System32\dpu10.dll

+ 2008-07-25 08:34:46 294,912 ----a-w C:\Windows\System32\dpu11.dll

+ 2008-07-25 08:34:50 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll

+ 2008-07-25 08:34:46 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll

+ 2008-07-25 08:34:46 344,064 ----a-w C:\Windows\System32\dpus11.dll

+ 2008-07-25 08:34:46 57,344 ----a-w C:\Windows\System32\dpv11.dll

- 2007-01-12 02:22:14 247,608 ----a-w C:\Windows\System32\drivers\srtsp.sys

+ 2007-12-01 03:57:12 279,088 ----a-w C:\Windows\System32\drivers\srtsp.sys

- 2007-01-12 02:22:20 276,792 ----a-w C:\Windows\System32\drivers\srtspl.sys

+ 2007-12-01 03:57:12 317,616 ----a-w C:\Windows\System32\drivers\srtspl.sys

- 2007-01-12 02:22:18 25,400 ----a-w C:\Windows\System32\drivers\srtspx.sys

+ 2007-12-01 03:57:12 43,696 ----a-w C:\Windows\System32\drivers\srtspx.sys

+ 2008-07-25 08:34:52 196,608 ----a-w C:\Windows\System32\dtu100.dll

- 2008-09-15 18:15:36 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-09-19 17:07:37 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-09-15 18:15:36 123,350 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-09-19 17:07:37 123,350 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-09-15 18:15:36 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-09-19 17:07:37 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-09-15 18:15:36 669,328 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-09-19 17:07:37 669,328 ----a-w C:\Windows\System32\perfh00C.dat

- 2007-02-06 14:03:36 547,576 ------w C:\Windows\System32\Px.dll

+ 2008-07-23 16:50:46 551,672 ------w C:\Windows\System32\Px.dll

- 2007-02-20 23:02:00 514,808 ------w C:\Windows\System32\pxdrv.dll

+ 2008-07-23 16:50:48 518,904 ------w C:\Windows\System32\pxdrv.dll

- 2007-02-06 14:03:46 187,128 ------w C:\Windows\System32\PxMas.dll

+ 2008-07-23 16:50:50 187,128 ------w C:\Windows\System32\PxMas.dll

- 2007-02-06 14:03:54 1,628,920 ------w C:\Windows\System32\PxSFS.DLL

+ 2008-07-23 16:50:48 1,628,920 ------w C:\Windows\System32\PxSFS.DLL

- 2007-02-06 14:03:58 379,640 ------w C:\Windows\System32\PxWave.dll

+ 2008-07-23 16:50:48 379,640 ------w C:\Windows\System32\PxWave.dll

- 2007-02-19 03:23:04 185,496 ----a-r C:\Windows\System32\SymNppWA.dll

+ 2007-07-12 06:49:26 186,256 ----a-w C:\Windows\System32\SymNPPWA.dll

- 2006-10-09 23:00:00 39,672 ------w C:\Windows\System32\VXBLOCK.dll

+ 2008-07-23 16:50:46 88,824 ------w C:\Windows\System32\VXBLOCK.dll

- 2008-09-15 18:11:48 9,948 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208395152-1236647788-2440741126-1000_UserData.bin

+ 2008-09-19 17:02:57 10,156 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208395152-1236647788-2440741126-1000_UserData.bin

- 2008-09-15 18:11:47 82,706 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-19 17:02:56 83,820 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-15 18:11:45 46,876 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-19 17:02:50 47,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-22 13539872]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-22 92704]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{17B2A58A-B4D2-4C22-844B-0E616A22AB33}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{00547B28-2C78-4CF8-BA38-C6057C65DAB1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{31277309-9E02-4A44-8A34-E60B4BC14F06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F6BD2B90-951E-4E1A-8681-DB570771F98D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{A77BC339-93BF-4686-A9AA-4F11A8C4EBED}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{647EB620-34F9-41D3-B344-AC0C7951C738}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{F8EBFD3B-C26B-4597-905C-6431B5E2F781}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{32ECB6BB-A587-4EFF-BBDA-2629962ABF58}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe

"{B93F7533-93F1-4BC9-8EBB-059486580176}"= TCP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe

"{C7CB0428-2FB0-4F24-BBD6-E3295E94AACE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{92A16732-D6A6-4BD5-800D-E01550AFA039}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{E28524E5-1D6B-4AD7-A373-2519D73D8D44}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC

"UDP Query User{B7748A2E-6111-41F5-8D5F-A32BE28545AC}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

"{B87F175B-6A1D-4527-9451-EF1D2D13160E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{EE19C775-3239-4230-A3DD-0E452F29F9EF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080917.004\IDSvix86.sys [2008-09-12 270384]

R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 86016]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 38200]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5437466-67e8-11dd-ac54-001bfcd1362c}]

\shell\AutoRun\command - InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f268b72d-783f-11dc-9ce4-001bfcd1362c}]

\shell\AutoRun\command - J:\SETUP.EXE

 

*Newly Created Service* - COMHOST

.

Contenu du dossier 'Tâches planifiées'

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

 

 

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pxfao69f.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ca

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-20 07:32:15

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2008-09-20 7:34:20

ComboFix-quarantined-files.txt 2008-09-20 11:34:15

ComboFix2.txt 2008-09-15 18:26:58

 

Avant-CF: 112ÿ781ÿ996ÿ032 octets libres

Après-CF: 112,755,937,280 octets libres

 

284 --- E O F --- 2008-09-18 18:35:45

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

  • Désactive ton antivirus, il peut gêner.
  • Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :

Killall::

 

File::

C:\Windows\System32\rlvknlg.exe

C:\Windows\system32\rlservice.exe

 

Folder::

C:\ProgramData\syshlp

C:\Program Files\MicroAntivirus

C:\ProgramData\MonEn

C:\ProgramData\cvmbctav

C:\Windows\system32\lphcccaj0eaa7.exe

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{32ECB6BB-A587-4EFF-BBDA-2629962ABF58}"=-

"{B93F7533-93F1-4BC9-8EBB-059486580176}"=-

 

Driver::

RelevantKnowledge

  • Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
     
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

img-2258535my8h.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là, et réactive ton antivirus.

Jeetos Junior Member

Jeetos

Posté(e)
  • Auteur
Posté(e)

Désolé j'ai été un peu lent cette fin de semaine je travaillais mon 40hrs en 3 jours.. Voici le résultat ComboFix avec mon antivirus désactivé:

 

ComboFix 08-09-20.05 - Admin 2008-09-22 8:39:49.3 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1179 [GMT -4:00]

Lancé depuis: C:\Users\Admin\Desktop\ComboFix.exe

Commutateurs utilisés :: C:\Users\Admin\Desktop\CFScript.txt

 

FILE ::

C:\Windows\system32\rlservice.exe

C:\Windows\System32\rlvknlg.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ProgramData\cvmbctav

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

C:\ProgramData\MonEn

C:\ProgramData\syshlp

C:\Windows\system32\rlservice.exe

 

----- BITS: Il y a peut-être des sites infectés -----

 

http://www.radioenergie.com

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_RelevantKnowledge

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Users\All Users\Malwarebytes

2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Users\Admin\AppData\Roaming\Malwarebytes

2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\ProgramData\Malwarebytes

2008-09-19 12:49 . 2008-09-19 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-19 12:49 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-19 12:49 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-19 01:59 . 2008-09-19 01:59 <REP> d-------- C:\Program Files\Trend Micro

2008-09-19 01:37 . 2008-09-19 17:43 <REP> d-------- C:\Users\Admin\AppData\Roaming\DivX

2008-09-19 00:29 . 2008-09-19 00:29 <REP> d-------- C:\Program Files\DivX

2008-09-15 17:57 . 2008-09-15 17:57 <REP> d-------- C:\N360_BACKUP

2008-09-15 15:12 . 2008-07-30 17:42 23,888 --a------ C:\Windows\System32\drivers\COH_Mon.sys

2008-09-15 15:12 . 2008-07-30 17:28 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat

2008-09-15 15:12 . 2008-07-30 17:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf

2008-09-15 08:19 . 2008-09-15 08:19 16 --a------ C:\Windows\System32\coh.cache

2008-09-15 08:01 . 2008-09-15 14:51 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS

2008-09-15 08:01 . 2008-09-15 14:51 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT

2008-09-15 08:01 . 2008-09-15 14:51 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF

2008-09-15 07:59 . 2008-09-15 14:51 <REP> d-------- C:\Program Files\Symantec

2008-09-09 19:19 . 2008-09-09 19:19 <REP> d----c--- C:\Windows\System32\DRVSTORE

2008-09-09 19:19 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll

2008-09-09 19:19 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys

2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-09 19:18 . 2008-09-09 19:19 <REP> d-------- C:\Program Files\iTunes

2008-09-09 19:18 . 2008-09-09 19:18 <REP> d-------- C:\Program Files\iPod

2008-09-09 19:15 . 2008-09-09 19:16 <REP> d-------- C:\Program Files\QuickTime

2008-09-09 18:13 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-09 18:13 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-09 18:12 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-09 18:12 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-09 18:12 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-09 18:12 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-09 18:12 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-09 18:12 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-09 18:12 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

2008-09-04 15:45 . 2007-11-08 05:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex

2008-08-22 10:38 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-08-22 10:38 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-08-22 10:38 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-08-22 10:38 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-08-22 10:37 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-08-22 10:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-08-22 10:37 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-08-22 10:37 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-08-22 10:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-20 11:24 --------- d-----w C:\Users\Admin\AppData\Roaming\uTorrent

2008-09-19 04:31 --------- d-----w C:\ProgramData\Symantec

2008-09-19 04:29 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-09-16 16:44 --------- d-----w C:\Program Files\Norton 360

2008-09-15 23:21 --------- d-----w C:\Program Files\Nero

2008-09-15 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-15 18:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-10 07:04 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-10 07:02 --------- d-----w C:\Program Files\Microsoft Works

2008-09-09 23:15 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-09 00:34 --------- d-----w C:\Users\Admin\AppData\Roaming\Vso

2008-09-06 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-25 19:10 --------- d-----w C:\Program Files\HP

2008-08-20 21:21 --------- d-----w C:\Program Files\Apple Software Update

2008-08-20 16:15 --------- d-----w C:\Users\Admin\AppData\Roaming\LimeWire

2008-08-19 07:01 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-18 19:35 --------- d-----w C:\ProgramData\NVIDIA

2008-08-14 07:18 --------- d-----w C:\Program Files\Windows Mail

2008-08-07 20:59 --------- d-----w C:\Program Files\PokerStars

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-07-23 16:50 129,784 ------w C:\Windows\System32\PxAFS.DLL

2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-14 00:56 92,064 ----a-w C:\Users\Admin\mqdmmdm.sys

2008-06-14 00:56 9,232 ----a-w C:\Users\Admin\mqdmmdfl.sys

2008-06-14 00:56 79,328 ----a-w C:\Users\Admin\mqdmserd.sys

2008-06-14 00:56 66,656 ----a-w C:\Users\Admin\mqdmbus.sys

2008-06-14 00:56 6,208 ----a-w C:\Users\Admin\mqdmcmnt.sys

2008-06-14 00:56 5,936 ----a-w C:\Users\Admin\mqdmwhnt.sys

2008-06-14 00:56 4,048 ----a-w C:\Users\Admin\mqdmcr.sys

2008-06-14 00:56 25,600 ----a-w C:\Users\Admin\usbsermptxp.sys

2008-06-14 00:56 22,768 ----a-w C:\Users\Admin\usbsermpt.sys

2008-04-20 20:58 174 --sha-w C:\Program Files\desktop.ini

2008-02-29 05:09 47,360 ----a-w C:\Users\Admin\AppData\Roaming\pcouffin.sys

2007-11-06 02:22 1,164,456 ----a-w C:\Users\Admin\install_flash_player.exe

.

 

((((((((((((((((((((((((((((( snapshot_2008-09-20_ 7.33.08.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-21 00:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE

- 2008-09-19 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-22 12:46:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-19 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-22 12:46:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-09-19 17:02:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-09-22 12:47:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

- 2008-09-20 11:31:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-09-22 12:47:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-09-22 12:47:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-20 11:24:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-22 12:25:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-20 11:24:45 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-22 12:25:22 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-20 11:24:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-22 12:25:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-20 11:28:20 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-22 12:38:02 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-22 12:38:02 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-09-19 17:07:37 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-09-21 18:18:12 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-09-19 17:07:37 123,350 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-09-21 18:18:12 123,350 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-09-19 17:07:37 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-09-21 18:18:12 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-09-19 17:07:37 669,328 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-09-21 18:18:12 669,328 ----a-w C:\Windows\System32\perfh00C.dat

- 2008-09-19 17:02:57 10,156 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208395152-1236647788-2440741126-1000_UserData.bin

+ 2008-09-22 12:36:31 10,164 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208395152-1236647788-2440741126-1000_UserData.bin

- 2008-09-19 17:02:56 83,820 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-22 12:36:30 83,944 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-19 17:02:50 47,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-22 12:36:28 47,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-22 13539872]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-22 92704]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{17B2A58A-B4D2-4C22-844B-0E616A22AB33}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{00547B28-2C78-4CF8-BA38-C6057C65DAB1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{31277309-9E02-4A44-8A34-E60B4BC14F06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F6BD2B90-951E-4E1A-8681-DB570771F98D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{A77BC339-93BF-4686-A9AA-4F11A8C4EBED}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{647EB620-34F9-41D3-B344-AC0C7951C738}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{F8EBFD3B-C26B-4597-905C-6431B5E2F781}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{C7CB0428-2FB0-4F24-BBD6-E3295E94AACE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{92A16732-D6A6-4BD5-800D-E01550AFA039}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{E28524E5-1D6B-4AD7-A373-2519D73D8D44}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC

"UDP Query User{B7748A2E-6111-41F5-8D5F-A32BE28545AC}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

"{B87F175B-6A1D-4527-9451-EF1D2D13160E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{EE19C775-3239-4230-A3DD-0E452F29F9EF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080917.004\IDSvix86.sys [2008-09-12 270384]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 38200]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5437466-67e8-11dd-ac54-001bfcd1362c}]

\shell\AutoRun\command - InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f268b72d-783f-11dc-9ce4-001bfcd1362c}]

\shell\AutoRun\command - J:\SETUP.EXE

 

*Newly Created Service* - COMHOST

.

Contenu du dossier 'Tâches planifiées'

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-22 08:47:32

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

PROCESSUS: C:\Windows\Explorer.exe

-> ?:\Windows\system32\iertutil.dll

.

------------------------ Autres processus actifs ------------------------

.

C:\Windows\System32\nvvsvc.exe

C:\Windows\System32\audiodg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\hp\KBD\kbd.exe

C:\Windows\System32\wbem\WMIADAP.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2008-09-22 8:54:24 - La machine a redémarré [Admin]

ComboFix-quarantined-files.txt 2008-09-22 12:54:14

ComboFix2.txt 2008-09-20 11:34:21

ComboFix3.txt 2008-09-15 18:26:58

 

Avant-CF: 111ÿ983ÿ267ÿ840 octets libres

Après-CF: 113,550,635,008 octets libres

 

261 --- E O F --- 2008-09-18 18:35:45

 

 

Et maintenant le HiJackThis avec encore une fois mon antivirus désactivé

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:59:52, on 2008-09-19

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\syshlp\udwvoruv.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\conime.exe

C:\hp\kbd\kbd.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAntivirus\microAV.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MonEn] C:\ProgramData\MonEn\gjshgryd.exe

O4 - HKCU\..\Run: [hmy19iZXM5] C:\ProgramData\cvmbctav\onojavwf.exe

O4 - HKCU\..\Run: [syshlp] C:\ProgramData\syshlp\udwvoruv.exe

O4 - HKCU\..\Run: [lphcccaj0eaa7] C:\Windows\system32\lphcccaj0eaa7.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldfr-ca.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9854 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...