[Résolu] Infection rootkit crypto.sys

kimi10 · le 25 mai 2013

Bonjour a tous

Suite analyse complete par AVG Antivirus Free le 23/5, mon portable est manifestement infecté :

Statut Priorité Nom Description Résultat
Infecté Moyen Raccordement de la fonction de service NtSetInformationThread -> Crypto.sys +0x1CF63 C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtCreateKey -> Crypto.sys +0x1CC23 C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtCreateDirectoryObject -> Crypto.sys +0x1CB9B C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtMapViewOfSection -> Crypto.sys +0x1CD6B C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtEnumerateKey -> Crypto.sys +0x1CC93 C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtWriteFile -> Crypto.sys +0x1D00B C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtEnumerateValueKey -> Crypto.sys +0x1CCD3 C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtUnmapViewOfSection -> Crypto.sys +0x1CFDB C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtSetInformationFile -> Crypto.sys +0x1CF27 C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtClose -> Crypto.sys +0x1CB6F C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtFlushKey -> Crypto.sys +0x1CD13 C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtMakeTemporaryObject -> Crypto.sys +0x1CD3F C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtDeleteKey -> Crypto.sys +0x1CC67 C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtSetValueKey -> Crypto.sys +0x1CF9B C:\WINDOWS\system32\Drivers\Crypto.sys Infecté
Infecté Moyen Raccordement de la fonction de service NtCreateFile -> Crypto.sys +0x1CBCF C:\WINDOWS\system32\Drivers\Crypto.sys Infecté

Je fais suivre egalement le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:53, on 23/05/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 26.0.1410.64

Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SafeNet\SoftRemote\IPSecMon.exe
C:\PROGRA~1\SafeNet\SoftRemote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\program\soffice.exe
C:\Program Files\program\soffice.bin
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\M4F7D~1.DON\LOCALS~1\TempImg\AutoUpdate.exe
C:\Program Files\Windows Process Security\WindowsProcessSecurity.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\m.donez\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Portail SFR: Actualités, Sport, Info, TV, Jeux et musique
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://srvdubost/mail/mdonez.nsf
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Ets DUBOST
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dubost.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.*;srvdubost;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MI3AA1~1\wcescomm.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [3813D95CB9D5D1D0F78A7AEEDC3616A037E61FA4._service_run] "C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: Botanic® : jardinerie écologique, animalerie, décoration, alimentation bio | botanic.com
O15 - Trusted Zone: http://*.copaindescopeaux.fr
O15 - Trusted Zone: http://catalog.myosram.com
O15 - Trusted Zone: *.samsung-emp.com
O15 - Trusted Zone: http://partnereu.sec.samsung.com
O15 - Trusted Zone: *.samsunggsbn.com
O15 - Trusted Zone: *.samsungwireless.com
O15 - Trusted Zone: Windows Media Guide | Home
O16 - DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} (CodeAx Class) - http://partnereu.sec.samsung.com/EP/web/common/cabfiles/CM_CodeAx.cab
O16 - DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} (MxTextAreaU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTextAreaU.cab
O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} (Potential Class) - http://gsfs-eu.lge.com/sys/cabfiles/Potential.cab
O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxLogicalTRU.cab
O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxBinderU.cab
O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMenuU.cab
O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxFileControlU.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219153138717
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347398932390
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://partnereu.sec.samsung.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxGridU.cab
O16 - DPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} (ManagerEx4 Class) - http://partnereu.sec.samsung.com/EP/htdocs/activex/gauce/ManagerEx4.Cab
O16 - DPF: {812C7F0C-B62D-45BC-AE42-062F597F5E57} (CHardwareChecker Object) - http://partnereu.sec.samsung.com/EP/web/gerp/hwchecker.cab
O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxResourceMngU.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.0.1.cab
O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTabU.cab
O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxReportU.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://srvdubost/dwa8W.cab
O16 - DPF: {98D193AD-51B4-4503-80F5-EB953C47DB47} (RSSAdaptor Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxRSSAdaptor.cab
O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxImageSetU.cab
O16 - DPF: {ABD23063-AD99-4691-AFE7-BD520FF8C013} (DvrOcx Control) - http://www.fringale.dtdns.net/DvrOcx.cab
O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxDataSetU.cab
O16 - DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} (MGridU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMGridU.cab
O16 - DPF: {B84E12B0-B248-4371-A95A-EC943670DCFC} (AcubeFileCtrl Control) - http://partnereu.sec.samsung.com/EP/web/common/cabfiles/ACUBEFileCtrl.cab
O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxComboU.cab
O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTreeU.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMaskEditU.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E463DD62-1D07-425E-B82A-539FBA2F4162} (GSBN_Updater.UserControl1) - https://www.samsunggsbn.com/PSI3/Cab/GSBN_Updater.CAB
O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxRadioU.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dubost.local
O17 - HKLM\Software\..\Telephony: DomainName = dubost.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED7DD599-D14D-45EE-9891-3C029E96F9D3}: Domain = dubost.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dubost.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dubost.local
O18 - Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll
O18 - Filter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\PROGRA~1\SafeNet\SoftRemote\IPSecMon.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\PROGRA~1\SafeNet\SoftRemote\IreIKE.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 22185 bytes

Merci de votre aide pour savoir comment eradiquer ces probables infections, qui sont a manier avec precaution :sad:

Modifié le 29 août 2013 par kimi10

Apollo · le 25 mai 2013

Bonjour,,

Il s'agit peut-être d'un faux-positif.

Télécharge RogueKiller (par Tigzy) sur le bureau

(A partir d'une clé USB si le Rogue empêche l'accès au net) .

Télécharger RogueKiller (Site Officiel)

Quitte tous les programmes en cours

Lance RogueKiller.exe.

Sous Vista/Seven/8, faire un clic droit et choisir Exécuter en tant qu'administrateur. Clique sur scan

Poste le rapport stp.

----------------------------------

2) Clique sur Suppression et poste le rapport.

@++

kimi10 · le 26 août 2013

Bonjour,

Désolé, j 'ai bien recu une alerte mail, mais qui n'a pas été transférée sur ma messagerie habituelle, d'ou le retard !

!

Donc nouvelle analyse Hijack et AVG récente (!) ainsi que le rapport Roguekiller souhaité ( suppression effectuée ) :

Statut Priorité Nom Description Résultat Infecté Moyen Raccordement de la fonction de service NtCreateDirectoryObject -> Crypto.sys +0x1CB9B C:\WINDOWS\system32\Drivers\Crypto.sys Infecté Infecté Moyen Raccordement de la fonction de service NtClose -> Crypto.sys +0x1CB6F C:\WINDOWS\system32\Drivers\Crypto.sys Infecté

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:24:55, on 26/08/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

CHROME: 29.0.1547.57

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\PROGRA~1\SafeNet\SoftRemote\IPSecMon.exe

C:\PROGRA~1\SafeNet\SoftRemote\IreIKE.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\PDF Architect\HelperService.exe

C:\Program Files\PDF Architect\ConversionService.exe

C:\Program Files\Lenovo\PM Driver\PMSveH.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\rpcnet.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

C:\WINDOWS\RTHDCPL.EXE

c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\MI3AA1~1\wcescomm.exe

C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\FileHippo.com\UpdateChecker.exe

C:\WINDOWS\system32\ctfmon.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\m.donez\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/portail.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://srvdubost/mail/mdonez.nsf

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Ets DUBOST

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dubost.fr:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.*;srvdubost;<local>;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll

O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MI3AA1~1\wcescomm.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [3813D95CB9D5D1D0F78A7AEEDC3616A037E61FA4._service_run] "C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

O4 - HKCU\..\Run: [9Giga Synchro] "C:\Program Files\SFR\9Giga Synchro\9Giga_Synchro.exe" /delayed

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\program\quickstart.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\program\quickstart.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

O4 - Global Startup: Philips GoGear ARIA Device Manager.lnk = ?

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://www.botanic.com

O15 - Trusted Zone: http://catalog.myosram.com

O15 - Trusted Zone: *.samsung-emp.com

O15 - Trusted Zone: http://partnereu.sec.samsung.com

O15 - Trusted Zone: *.samsunggsbn.com

O15 - Trusted Zone: *.samsungwireless.com

O15 - Trusted Zone: http://www.windowsmedia.com

O16 - DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} (CodeAx Class) - http://partnereu.sec.samsung.com/EP/web/common/cabfiles/CM_CodeAx.cab

O16 - DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} (MxTextAreaU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTextAreaU.cab

O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} (Potential Class) - http://gsfs-eu.lge.com/sys/cabfiles/Potential.cab

O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxLogicalTRU.cab

O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxBinderU.cab

O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMenuU.cab

O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxFileControlU.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219153138717

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347398932390

O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://partnereu.sec.samsung.com/EP/web/common/cabfiles/ACUBETrustChecker.cab

O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxGridU.cab

O16 - DPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} (ManagerEx4 Class) - http://partnereu.sec.samsung.com/EP/htdocs/activex/gauce/ManagerEx4.Cab

O16 - DPF: {812C7F0C-B62D-45BC-AE42-062F597F5E57} (CHardwareChecker Object) - http://partnereu.sec.samsung.com/EP/web/gerp/hwchecker.cab

O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxResourceMngU.cab

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.0.1.cab

O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTabU.cab

O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxReportU.cab

O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - http://srvdubost/dwa8W.cab

O16 - DPF: {98D193AD-51B4-4503-80F5-EB953C47DB47} (RSSAdaptor Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxRSSAdaptor.cab

O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxImageSetU.cab

O16 - DPF: {ABD23063-AD99-4691-AFE7-BD520FF8C013} (DvrOcx Control) - http://www.fringale.dtdns.net/DvrOcx.cab

O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxDataSetU.cab

O16 - DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} (MGridU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMGridU.cab

O16 - DPF: {B84E12B0-B248-4371-A95A-EC943670DCFC} (AcubeFileCtrl Control) - http://partnereu.sec.samsung.com/EP/web/common/cabfiles/ACUBEFileCtrl.cab

O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxComboU.cab

O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTreeU.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMaskEditU.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E463DD62-1D07-425E-B82A-539FBA2F4162} (GSBN_Updater.UserControl1) - https://www.samsunggsbn.com/PSI3/Cab/GSBN_Updater.CAB

O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxRadioU.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dubost.local

O17 - HKLM\Software\..\Telephony: DomainName = dubost.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED7DD599-D14D-45EE-9891-3C029E96F9D3}: Domain = dubost.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dubost.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dubost.local

O18 - Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll

O18 - Filter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\PROGRA~1\SafeNet\SoftRemote\IPSecMon.exe

O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\PROGRA~1\SafeNet\SoftRemote\IreIKE.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe

O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--

End of file - 22637 bytes

Et donc les 2 rapports Roguekiller :

avant suppression :

RogueKiller V8.6.6 [Aug 19 2013] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : http://www.adlice.com/forum/

Site Web : http://www.sur-la-toile.com/RogueKiller/

Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Demarrage : Mode normal

Utilisateur : m.donez [Droits d'admin]

Mode : Recherche -- Date : 08/26/2013 09:35:45

| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> TROUVÉ

[RUN][sUSP PATH] HKUS\S-1-5-21-746137067-115176313-725345543-1678\[...]\Run : Google Update ("C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> TROUVÉ

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.dubost.fr:8080) -> TROUVÉ

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Tâches planifiées : 2 ¤¤¤

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-746137067-115176313-725345543-1678UA.job : C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> TROUVÉ

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-746137067-115176313-725345543-1678Core.job : C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> TROUVÉ

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

[Address] SSDT[12] : NtAlertResumeThread @ 0x80637C36 -> HOOKED (Unknown @ 0x893EDF00)

[Address] SSDT[13] : NtAlertThread @ 0x80592EFA -> HOOKED (Unknown @ 0x8A771F88)

[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8A7737A0)

[Address] SSDT[31] : NtConnectPort @ 0x80590C5B -> HOOKED (Unknown @ 0x8A784550)

[Address] SSDT[43] : NtCreateMutant @ 0x80580B62 -> HOOKED (Unknown @ 0x89D35350)

[Address] SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (Unknown @ 0x896B3E18)

[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8A6A5528)

[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x8059BB5D -> HOOKED (Unknown @ 0x89B11CB0)

[Address] SSDT[91] : NtImpersonateThread @ 0x805874C1 -> HOOKED (Unknown @ 0x89945F88)

[Address] SSDT[114] : NtOpenEvent @ 0x80589B69 -> HOOKED (Unknown @ 0x89A04B60)

[Address] SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x8942AF88)

[Address] SSDT[129] : NtOpenThreadToken @ 0x805746D2 -> HOOKED (Unknown @ 0x8A6BD580)

[Address] SSDT[206] : NtResumeThread @ 0x80586737 -> HOOKED (Unknown @ 0x89CF8B50)

[Address] SSDT[213] : NtSetContextThread @ 0x8063629D -> HOOKED (Unknown @ 0x89A67B18)

[Address] SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8A6B1330)

[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x88402390)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVS-08RST2 +++++

--- User ---

[MBR] a13f12c3cd16b8d0973a2bde2d338f08

[bSP] 3a49784b29bd560f453d6b10e7b4dc13 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 146412 Mo

1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 299853225 | Size: 6212 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600BEVS-08RST2 +++++

--- User ---

[MBR] 30c5ccea8db6bdd06b73dc79c3fec14f

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 512 | Size: 955 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD1600BEVS-08RST2 +++++

--- User ---

[MBR] a69f589b85e20afe460aeeb093432066

[bSP] 212313f7ddacb4317fe933f6c4d6b50a : Empty MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Termine : << RKreport[0]_S_08262013_093545.txt >>

et aprés suppression :

RogueKiller V8.6.6 [Aug 19 2013] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : http://www.adlice.com/forum/

Site Web : http://www.sur-la-toile.com/RogueKiller/

Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Demarrage : Mode normal

Utilisateur : m.donez [Droits d'admin]

Mode : Suppression -- Date : 08/26/2013 09:37:42

| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 3 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> SUPPRIMÉ

[RUN][sUSP PATH] HKUS\S-1-5-21-746137067-115176313-725345543-1678\[...]\Run : Google Update ("C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> [0x2] Le fichier spécifié est introuvable.

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Tâches planifiées : 2 ¤¤¤

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-746137067-115176313-725345543-1678UA.job : C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> SUPPRIMÉ

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-746137067-115176313-725345543-1678Core.job : C:\Documents and Settings\m.donez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> SUPPRIMÉ