Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Blocage d'antivirus et message de privilège insuffisant [RÉSOLU]

salvo

Par salvo
dans Analyses et éradication malwares

 Partager

Messages recommandés

salvo Junior Member

salvo

Posté(e)
  • Auteur
Posté(e) (modifié)

J'ai préferé ne pas laisser inutilement en vitrine le CV de mon PC, je comprend que je ne suis le seul à avoir des problèmes de virus et que vous soyez submergés de demandes.

merci quand même pour le temps consacré à mon problème.

Modifié par salvo
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Attends, nous on vient pour désinfecter, il y a du monde bien sûr, mais ce n'est pas grave, on fait au fur et à mesure.

 

Donc pas de souci, on désinfectera ton PC, mais si tu ne veux pas ou plus, que tu as reformaté ou porté chez un réparateur, c'est plus simple de le dire, si c'est le cas.

salvo Junior Member

salvo

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Revoici la copie du rapport combofix alors.

Je précise quand même qu'il n'y a pas eu de reformatage ou de réparation quelconque ormis le fait que Kaspersky soit de nouveau en fonction.

 

ComboFix 09-10-18.06 - Salvatore 19-10-2009 11:34.1.2 - NTFSx86

Microsoft® Windows Vista Édition Intégrale 6.0.6002.2.1252.2.1036.18.2047.1177 [GMT -4:00]

Lancé depuis: c:\users\Salvatore\Desktop\TRALALA.exe

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

c:\program files\INSTALL.LOG

c:\programdata\ntuser.dat{0c9f4fbf-0fc3-11de-aeec-00125a5d4798}.TMContainer00000000000000000001.regtrans-ms

c:\users\Salvatore\UNINSTALL.EXE

c:\windows\Installer\153f74.msi

c:\windows\Installer\1b755e0.msi

c:\windows\Installer\258b52.msi

c:\windows\Installer\2916411.msi

c:\windows\Installer\2eb9ea.msi

c:\windows\Installer\32baf0.msi

c:\windows\Installer\33f797b.msp

c:\windows\Installer\33f797c.msp

c:\windows\Installer\33f797d.msp

c:\windows\Installer\34786f.msi

c:\windows\Installer\4377e.msi

c:\windows\Installer\63833.msi

c:\windows\system32\Ijl11.dll

 

Une copie infectée de c:\windows\system32\cngaudit.dll a été trouvée et désinfectée

Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Service_NetService

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-19 au 2009-10-19 ))))))))))))))))))))))))))))))))))))

.

 

2009-10-19 15:51 . 2009-10-19 15:59 -------- d-----w- c:\users\Salvatore\AppData\Local\temp

2009-10-19 15:51 . 2009-10-19 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-18 21:32 . 2009-10-18 21:32 -------- d-----w- c:\users\Salvatore\AppData\Roaming\Malwarebytes

2009-10-18 21:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-18 21:32 . 2009-10-18 21:32 -------- d-----w- c:\programdata\Malwarebytes

2009-10-18 21:32 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-18 16:44 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-18 14:01 . 2009-10-18 14:01 -------- d-----w- c:\users\Salvatore\AppData\Local\Sophos

2009-10-18 13:38 . 2009-10-18 13:38 -------- d-----w- c:\program files\Kaspersky Lab

2009-10-18 13:02 . 2009-10-18 16:06 -------- d-----w- c:\programdata\Sophos

2009-10-18 13:02 . 2009-10-18 16:06 -------- d-----w- c:\program files\Sophos

2009-10-18 13:00 . 2009-10-18 13:00 -------- d-----w- C:\stdtsa

2009-10-18 12:46 . 2009-10-18 12:46 -------- d-----w- c:\windows\McAfee.com

2009-10-17 23:12 . 2009-10-17 23:12 -------- d-----w- c:\program files\ESET

2009-10-17 22:16 . 2009-10-17 22:16 -------- d-----w- c:\program files\Common Files\Borland Shared

2009-10-17 22:16 . 1999-01-20 09:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2009-10-16 22:01 . 2009-10-16 22:01 -------- d-----w- c:\program files\Trend Micro

2009-10-16 20:26 . 2009-10-16 20:26 -------- d-----w- c:\programdata\F-Secure

2009-10-16 20:25 . 2009-10-18 16:11 -------- d-----w- c:\program files\Windows Live Safety Center

2009-10-16 20:10 . 2009-10-16 20:10 -------- d-----w- c:\windows\BDOSCAN8

2009-10-16 20:05 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-10-16 19:29 . 2009-10-16 19:52 -------- d-----w- c:\users\Salvatore\.housecall6.6

2009-10-16 19:22 . 2009-10-16 19:22 -------- d-----w- C:\Trend Micro

2009-10-16 03:27 . 2009-10-16 17:21 -------- d-----w- c:\users\Salvatore\{4e8c355b-e688-4091-bf26-3cca1bb7e7df}

2009-10-16 03:26 . 2009-08-20 03:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2009-10-16 03:26 . 2009-08-20 03:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll

2009-10-16 03:22 . 2009-10-16 17:21 -------- d-----w- C:\_AcroTemp

2009-10-16 03:12 . 2009-10-19 13:44 0 ----a-r- c:\windows\win32k.sys

2009-10-14 19:30 . 2009-10-14 20:05 -------- d-----w- c:\programdata\NOS

2009-10-14 19:30 . 2009-10-14 19:30 -------- d-----w- c:\program files\NOS

2009-10-14 17:40 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-14 13:04 . 2009-10-14 13:04 -------- d-----w- c:\users\Salvatore\AppData\Roaming\Windows Live Writer

2009-10-14 13:03 . 2009-10-14 13:04 -------- d-----w- c:\users\Salvatore\AppData\Local\Windows Live Writer

2009-10-13 18:26 . 2009-10-13 18:26 -------- d-----w- c:\program files\Realtek AC97

2009-10-13 18:08 . 2009-06-19 07:45 4172832 ----a-w- c:\windows\system32\drivers\RTKVAC.SYS

2009-10-13 18:08 . 2009-04-14 19:43 10975264 ----a-w- c:\windows\system32\RTLCPL.EXE

2009-10-13 18:08 . 2009-04-14 19:43 154144 ----a-w- c:\windows\system32\RTLCPAPI.dll

2009-10-13 18:08 . 2009-04-14 19:43 965664 ----a-w- c:\windows\system32\RtkPgExt.dll

2009-10-13 18:03 . 2009-10-13 18:03 -------- d-----w- c:\program files\Marvell

2009-10-11 00:19 . 2008-03-29 21:36 106768 ----a-w- c:\windows\system32\dneinobj.dll

2009-10-11 00:19 . 2008-03-29 21:36 125328 ----a-w- c:\windows\system32\drivers\dne2000.sys

2009-10-08 11:50 . 2009-10-16 17:21 -------- d-----w- C:\System Software Updates

2009-10-07 21:58 . 2009-10-19 15:53 -------- d-----w- c:\windows\PRIndex

2009-10-07 21:58 . 2009-10-15 14:47 -------- d-----w- c:\users\Salvatore\AppData\Roaming\NewspaperDirect

2009-10-07 21:57 . 2009-10-07 21:57 -------- d-----w- c:\program files\NewspaperDirect

2009-10-07 12:28 . 2009-10-07 12:28 -------- d-----w- c:\users\Salvatore\AppData\Local\Seven Zip

2009-10-06 18:06 . 2009-10-06 18:20 -------- d-----w- c:\users\Salvatore\AppData\Roaming\SmartDraw

2009-10-03 17:25 . 2009-10-03 17:26 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2009-10-03 12:56 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-03 12:56 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-03 12:56 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-03 12:56 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-03 12:55 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-03 12:55 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-03 12:55 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-03 12:55 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-03 12:55 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-09-28 09:22 . 2009-09-28 09:22 364544 ----a-w- c:\windows\system32\yk60x86.dll

2009-09-28 09:22 . 2009-09-28 09:22 312832 ----a-w- c:\windows\system32\drivers\yk60x86.sys

2009-09-28 00:26 . 2009-09-28 00:26 -------- d-----w- c:\users\Salvatore\AppData\Roaming\RibbonSoft

2009-09-27 23:56 . 2009-09-27 23:56 -------- d-----w- c:\users\Salvatore\.coban

2009-09-27 21:46 . 2009-09-27 21:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll

2009-09-27 21:46 . 2009-09-27 21:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll

2009-09-27 20:12 . 2009-09-27 20:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2009-09-27 20:12 . 2009-09-27 20:12 490088 ----a-w- c:\windows\system32\nvudisp.exe

2009-09-27 20:12 . 2009-09-27 20:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll

2009-09-27 20:12 . 2009-09-27 20:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll

2009-09-27 20:12 . 2009-09-27 20:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-09-27 20:12 . 2009-09-27 20:12 170600 ----a-w- c:\windows\system32\nvcod167.dll

2009-09-27 20:12 . 2009-09-27 20:12 170600 ----a-w- c:\windows\system32\nvcod.dll

2009-09-27 20:12 . 2009-09-27 20:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll

2009-09-27 01:32 . 2009-09-27 01:32 -------- d-----w- c:\users\Salvatore\AppData\Roaming\CadSoft

2009-09-27 01:11 . 2009-09-27 01:12 -------- d-----w- c:\users\Salvatore\AppData\Roaming\qet

2009-09-27 01:04 . 2009-09-27 01:06 -------- d-----w- c:\users\Salvatore\Download

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-19 15:59 . 2009-05-31 16:39 35275 ----a-w- c:\programdata\nvModes.dat

2009-10-19 15:57 . 2007-02-24 03:25 -------- d-----w- c:\programdata\NVIDIA

2009-10-19 15:56 . 2009-01-18 23:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-10-19 15:54 . 2008-01-01 02:24 6193 ----a-w- c:\windows\bthservsdp.dat

2009-10-19 13:52 . 2009-03-09 00:11 -------- d-----w- c:\users\Salvatore\AppData\Roaming\Skype

2009-10-19 13:50 . 2007-02-21 22:59 -------- d-----w- c:\programdata\Google Updater

2009-10-19 13:50 . 2009-03-09 00:19 -------- d-----w- c:\users\Salvatore\AppData\Roaming\skypePM

2009-10-18 13:47 . 2007-02-22 23:59 -------- d-----w- c:\programdata\Kaspersky Lab

2009-10-18 13:41 . 2009-08-11 16:48 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-10-18 13:41 . 2009-08-11 16:48 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-10-18 12:37 . 2009-02-24 00:47 -------- d-----w- c:\programdata\Lavasoft

2009-10-16 19:56 . 2008-05-19 16:13 -------- d-----w- c:\program files\Java

2009-10-16 17:32 . 2009-10-16 17:32 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-10-16 17:31 . 2007-02-21 19:49 202328 ----a-w- c:\users\Salvatore\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-16 17:21 . 2009-03-14 16:26 -------- d-----w- c:\programdata\HP Product Assistant

2009-10-16 17:21 . 2007-03-12 21:59 -------- d-----w- c:\programdata\FLEXnet

2009-10-15 17:49 . 2007-02-28 01:41 -------- d-----w- c:\program files\Common Files\EZB Systems

2009-10-15 16:28 . 2007-02-24 16:55 -------- d-----w- c:\program files\Common Files\Adobe

2009-10-15 15:09 . 2009-07-06 21:11 662610 ----a-w- c:\windows\system32\perfh010.dat

2009-10-15 15:09 . 2009-07-06 21:11 124280 ----a-w- c:\windows\system32\perfc010.dat

2009-10-15 15:09 . 2006-11-02 16:03 678690 ----a-w- c:\windows\system32\perfh00C.dat

2009-10-15 15:09 . 2006-11-02 16:03 127798 ----a-w- c:\windows\system32\perfc00C.dat

2009-10-14 20:49 . 2007-02-21 21:07 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-14 18:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-14 18:36 . 2007-02-24 00:43 -------- d-----w- c:\programdata\Microsoft Help

2009-10-13 18:26 . 2007-03-18 16:21 319488 ----a-w- c:\windows\HideWin.exe

2009-10-13 17:46 . 2009-04-11 13:18 -------- d-----w- c:\programdata\ma-config.com

2009-10-13 17:46 . 2009-04-11 13:18 -------- d-----w- c:\program files\ma-config.com

2009-10-03 16:13 . 2008-03-01 22:10 -------- d-----w- c:\program files\Windows Live

2009-09-27 20:12 . 2009-09-27 20:12 10984 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2009-09-27 20:12 . 2007-04-12 21:07 7614056 ----a-w- c:\windows\system32\nvd3dum.dll

2009-09-27 20:12 . 2007-04-12 21:07 1074280 ----a-w- c:\windows\system32\nvapi.dll

2009-09-24 13:24 . 2007-09-12 09:28 490088 ----a-w- c:\windows\system32\nvuninst.exe

2009-09-20 13:22 . 2009-09-20 13:22 0 ----a-w- c:\windows\system32\REN897D.tmp

2009-09-20 13:22 . 2009-09-20 13:22 0 ----a-w- c:\windows\system32\REN897C.tmp

2009-09-20 13:22 . 2009-09-20 13:22 0 ----a-w- c:\windows\system32\REN897B.tmp

2009-09-17 17:18 . 2009-09-17 17:18 -------- d-----w- c:\program files\iTunes

2009-09-17 17:18 . 2009-09-17 17:18 -------- d-----w- c:\program files\iPod

2009-09-17 17:18 . 2009-04-01 14:05 -------- d-----w- c:\program files\Common Files\Apple

2009-09-17 17:16 . 2009-06-07 23:59 -------- d-----w- c:\program files\QuickTime

2009-09-17 15:04 . 2008-08-13 02:47 -------- d-----w- c:\program files\Apple Software Update

2009-09-17 14:25 . 2009-09-17 14:23 -------- d-----w- c:\program files\iTunes(57)

2009-09-17 14:23 . 2009-09-17 14:23 -------- d-----w- c:\program files\iPod(56)

2009-09-17 14:23 . 2009-09-17 13:49 -------- d-----w- c:\program files\Common Files\Apple(7)

2009-09-17 14:17 . 2009-09-17 14:17 -------- d-----w- c:\program files\QuickTime(58)

2009-09-17 12:27 . 2007-08-21 00:58 -------- d-----w- c:\program files\Bonjour

2009-09-16 14:13 . 2007-03-04 01:13 -------- d-----w- c:\users\Salvatore\AppData\Roaming\Apple Computer

2009-09-14 19:49 . 2009-09-14 19:47 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-14 09:29 . 2009-10-14 17:39 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-09-14 00:17 . 2007-03-04 00:48 -------- d-----w- c:\users\Salvatore\AppData\Roaming\ZoomBrowser EX

2009-09-13 19:32 . 2009-01-29 19:03 -------- d-----w- c:\programdata\ZoomBrowser

2009-09-10 16:38 . 2009-09-03 16:31 -------- d-----w- c:\users\Salvatore\AppData\Roaming\HpUpdate

2009-09-09 02:07 . 2008-03-01 22:03 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-04 12:21 . 2007-02-24 01:14 -------- d-----w- c:\program files\Microsoft Works

2009-09-04 11:41 . 2009-10-14 17:39 60928 ----a-w- c:\windows\system32\msasn1.dll

2009-09-03 13:01 . 2007-09-05 15:18 878080 ----a-w- c:\windows\system32\iconv.dll

2009-09-03 13:01 . 2007-09-05 15:18 721920 ----a-w- c:\windows\system32\libxml2.dll

2009-09-03 13:01 . 2007-09-05 15:18 51200 ----a-w- c:\windows\system32\libexslt.dll

2009-09-03 13:01 . 2007-09-05 15:18 150016 ----a-w- c:\windows\system32\libxslt.dll

2009-09-02 11:04 . 2008-12-16 20:31 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK

2009-09-01 20:57 . 2009-01-04 00:18 -------- d-----w- c:\program files\Motorola Phone Tools

2009-09-01 13:00 . 2009-09-01 13:00 -------- d-----w- c:\program files\Microsoft IntelliPoint

2009-09-01 02:17 . 2007-11-19 00:12 -------- d-----w- c:\programdata\Nero

2009-08-31 13:49 . 2007-12-14 03:47 -------- d-----w- c:\program files\DivX

2009-08-31 13:48 . 2009-04-20 14:20 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-08-31 12:15 . 2009-01-18 23:19 -------- d-----w- c:\program files\Common Files\LogiShrd

2009-08-31 12:15 . 2009-01-18 23:18 -------- d-----w- c:\programdata\LogiShrd

2009-08-31 12:15 . 2008-04-09 00:08 -------- d-----w- c:\program files\Logitech

2009-08-30 18:42 . 2009-08-30 18:42 -------- d-----w- c:\program files\Free Audio Pack

2009-08-30 16:36 . 2009-08-29 14:57 -------- d-----w- c:\users\Salvatore\AppData\Roaming\Nero

2009-08-30 11:24 . 2009-08-01 15:35 -------- d-----w- c:\programdata\LightScribe

2009-08-29 14:51 . 2009-08-29 14:39 -------- d-----w- c:\program files\Common Files\Nero

2009-08-29 14:50 . 2009-08-20 22:27 -------- d-----w- c:\program files\Nero

2009-08-29 14:39 . 2009-08-29 14:38 -------- d-----w- c:\program files\Common Files\LightScribe

2009-08-29 00:27 . 2009-09-02 21:48 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-02 21:48 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-27 05:22 . 2009-10-14 17:39 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-27 05:17 . 2009-10-14 17:39 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-08-27 05:17 . 2009-10-14 17:39 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-08-27 03:42 . 2009-10-14 17:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-25 20:34 . 2008-03-12 01:26 286720 ------w- c:\windows\Setup1.exe

2009-08-25 13:14 . 2009-08-25 13:14 -------- d-----w- c:\program files\NVIDIA Corporation

2009-08-20 21:44 . 2009-08-20 21:44 -------- d-----w- c:\program files\TomTom International B.V

2009-08-20 21:44 . 2009-08-20 21:44 -------- d-----w- c:\program files\TomTom HOME 2

2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod162.dll

2009-08-14 16:27 . 2009-09-08 20:49 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 15:53 . 2009-09-08 20:49 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 13:49 . 2009-09-08 20:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 13:49 . 2009-09-08 20:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 13:49 . 2009-09-08 20:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 13:49 . 2009-09-08 20:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 13:49 . 2009-09-08 20:49 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 13:49 . 2009-09-08 20:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 13:49 . 2009-09-08 20:49 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-14 13:48 . 2009-09-08 20:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 13:48 . 2009-09-08 20:49 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-11 16:51 . 2009-08-11 16:51 604140 --sha-w- c:\windows\system32\drivers\ISwift3(98).dat

2009-08-11 16:51 . 2009-08-11 16:51 604140 ----a-w- c:\windows\system32\drivers\ISwift3(751).dat

2009-08-11 16:51 . 2009-08-11 16:51 604140 ----a-w- c:\windows\system32\drivers\ISwift3(437).dat

2007-12-07 23:15 . 2007-12-07 23:11 24 --sh--w- c:\windows\SF63CD005.tmp

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"RocketDock"="c:\program files\Utilitaires\RocketDock\RocketDock.exe" [2007-09-02 495616]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2007-01-17 46632]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"LiveUpdate"="c:\program files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" [2009-05-21 270336]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-28 1501064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-04-14 604704]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Application de mise … jour de QuickBooks.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-12-12 967960]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Mises … jour planifi‚es de Quicken.lnk - c:\program files\Quicken\bagent.exe [2009-1-11 62752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Users^Salvatore^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]

path=c:\users\Salvatore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk

backup=c:\windows\pss\Lotus Organizer EasyClip.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiSpywareOverride"=dword:00000001

"VistaSp2"=hex(b):fb,65,d0,f6,27,df,c9,01

 

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15-05-2009 18:50 21008]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17-08-2009 01:32 239648]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27-08-2009 11:05 92008]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-03-2009 16:28 1533808]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16-05-2009 20:59 19472]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S2 UDNT;UDNT;c:\windows\System32\drivers\UDNT.SYS [28-06-2008 10:31 24576]

S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [20-03-2008 22:59 21504]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23-09-2009 14:50 238960]

S3 RT-USB;Ross-Tech USB driver;c:\windows\System32\drivers\RT-USB.SYS [05-02-2007 13:38 54176]

S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [03-08-2007 16:05 74392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

getPlusHelper REG_MULTI_SZ getPlusHelper

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Contenu du dossier 'Tâches planifiées'

 

2009-10-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 19:25]

 

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{F10C0B6F-FF1B-408F-A6D3-BD55198AD8F8}.job

- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8

uInternet Settings,ProxyOverride = *.local

IE: Ajouter au fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js

IE: Convertir au format PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien en Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Dictionnaires en ligne - c:\program files\PRMT8\PRMTIE\oda.htm

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Mots inconnus - c:\program files\PRMT8\PRMTIE\infopanel.htm

IE: Ouvrir avec ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_fre.dll /100

IE: Ouvrir l'entrée - c:\program files\PRMT8\PRMTIE\addentry.htm

IE: Personnaliser les options de la traduction - c:\program files\PRMT8\PRMTIE\options.htm

IE: Rechercher sur le Web - c:\program files\PRMT8\PRMTIE\search.htm

IE: Traduire - c:\program files\PRMT8\PRMTIE\translat.htm

IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js

IE: Traduire la page - c:\program files\PRMT8\PRMTIE\page.htm

Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll

DPF: {123BBFF5-F9E4-4B0A-A75B-B545AC5AAB91} - hxxps://honda.portal.honda.ca/portal/DiagClient.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {3C9ECC99-D050-4AA2-9D9A-C0EA26252005} - hxxps://honda.portal.honda.ca/portal/DealerIdentity.CAB

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-19 11:59

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(4164)

c:\program files\Utilitaires\RocketDock\RocketDock.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

c:\tralala\CF9937.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Microsoft IntelliType Pro\dpupdchk.exe

c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Heure de fin: 2009-10-19 12:12 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-10-19 16:12

 

Avant-CF: 34 425 053 184 octets libres

Après-CF: 40 263 569 408 octets libres

 

- - End Of File - - 5776CCA93A942491750351A0F73B18BE

salvo Junior Member

salvo

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

J'ai donc réinstaller MBAM et procédé à un examen tel que décrit dans tes instructions du 18 octobre dernier

"Trojan Dropper" a été détecté et supprimé, ensuite j'ai du redémarrer.

 

Copie du rapport:

 

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 3024

Windows 6.0.6002 Service Pack 2

 

24-10-2009 09:39:47

mbam-log-2009-10-24 (09-39-47).txt

 

Type de recherche: Examen rapide

Eléments examinés: 100036

Temps écoulé: 7 minute(s), 1 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Windows\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

salvo Junior Member

salvo

Posté(e)
  • Auteur
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:54:51, on 24-10-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Utilitaires\RocketDock\RocketDock.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/webhp?sourceid=navcli...fr&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LiveUpdate] "C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" -R

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\Utilitaires\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)

O4 - Global Startup: Application de mise à jour de QuickBooks.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Mises à jour planifiées de Quicken.lnk = ?

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Dictionnaires en ligne - C:\Program Files\PRMT8\PRMTIE\oda.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Mots inconnus - C:\Program Files\PRMT8\PRMTIE\infopanel.htm

O8 - Extra context menu item: Ouvrir avec ScanSoft PDF Converter 4.1 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_fre.dll /100

O8 - Extra context menu item: Ouvrir l'entrée - C:\Program Files\PRMT8\PRMTIE\addentry.htm

O8 - Extra context menu item: Personnaliser les options de la traduction - C:\Program Files\PRMT8\PRMTIE\options.htm

O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\PRMT8\PRMTIE\search.htm

O8 - Extra context menu item: Traduire - C:\Program Files\PRMT8\PRMTIE\translat.htm

O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js

O8 - Extra context menu item: Traduire la page - C:\Program Files\PRMT8\PRMTIE\page.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {123BBFF5-F9E4-4B0A-A75B-B545AC5AAB91} (DiagClientA Class) - https://honda.portal.honda.ca/portal/DiagClient.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {3C9ECC99-D050-4AA2-9D9A-C0EA26252005} (DealerIdentity Class) - https://honda.portal.honda.ca/portal/DealerIdentity.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ssodano.spaces.live.com/PhotoUpload...nPUpldfr-ca.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_3_0.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...774/mcfscan.cab

O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - (no file)

O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\System32,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Service de gestionnaire de base de données de QuickBooks (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

 

--

End of file - 16677 bytes

salvo Junior Member

salvo

Posté(e)
  • Auteur
Posté(e)

Oui tout semble être rentré dans l'ordre.

Je vais effectivement en profiter pour faire un peu de ménage.

 

Est-ce que selon toi Kaspersky Internet Security est fiable comme antivirus, ou dois-je songer à un remplaçant plus efficace?

Le virus est quand même passé au travers de Kaspersky alors que celui-ci était opérationnel, il auarait du me semble le détecter.

 

Merci!

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...