Sujet Précédent Sujet Suivant

Internet très lent + pubs intempestives

kisscool071 Messages postés 58 Statut Membre -  
eZula Messages postés 3509 Statut Contributeur -
Bonjour,

Depuis quelques jours mon ordinateur est très lent au niveau de la connexion internet, les pages mettent longtemps à s'afficher quand j'ai un peu de chance ou alors ne s'affichent pas du tout.
J'ai aussi de nombreuses pubs en anglais qui arrivent pour me féliciter d'un gain ou pour l'achat d'un antivirus.
J'ai lancé un scan avec Avast, puis sur conseil avec AVG anti spyware mais rien a été trouvé à part quelques cookies traceurs.
J'ai lu sur internet qu'utiliser hijackthis était une bonne solution, donc je vous pose le rapport si quelqu'un pouvait y jeter un œil. Merci beaucoup.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:57:27, on 16/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\user\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [dovehugalo] Rundll32.exe "C:\ProgramData\hiduhozo\hiduhozo.dll",s
O4 - HKCU\..\Run: [00fc8c9e] rundll32.exe "C:\ProgramData\hasepivi\hasepivi.dll",b
O4 - HKCU\..\Run: [CPM03cfbf02] Rundll32.exe "C:\ProgramData\wakozawa\wakozawa.dll",a
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2108E348-A0C0-1563-D327-730450CF5E34} (CPlayFirstDDComcastControl Object) - http://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab
O16 - DPF: {210B1348-30C0-1F63-2B27-7A0450545277} (CPlayFirstDDKnorrControl Object) - http://www.shockwave.com/content/dinerdash/sis/DDKnorr.1.0.0.44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
A voir également:

38 réponses

Précédent
  • 1
  • 2
Réponse 21 / 38
dj-music76 Messages postés 33 Statut Membre 23
 
o pire t telecharge une nouvelle version internet c'est ce que jai fais et ca a marcher
0
Réponse 22 / 38
kisscool071 Messages postés 58 Statut Membre 10
 
Oui mais étant donné que j'ai un virus sur mon ordinateur je préfèrerais quand même le supprimer.
0
Réponse 23 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
Pour information, et suite à ton message privé de relance, j'ai supprimé ton sujet de mes notifications car à compter du 18.04.2009, celui-ci n'avait plus de réponse depuis 48h. Je procède systématiquement ainsi.

Pour en revenir au problème : de la même façon qu'ici http://www.commentcamarche.net/forum/affich 12023521 internet tres lent pubs intempestives#12 passe ce nouveau script combofix

File::
c:\programdata\hunayeko\hunayeko.dll
c:\programdata\hupetetu\hupetetu.dll

Folder::
c:\programdata\wegagolu
c:\programdata\hupetetu
c:\programdata\doyanavo
c:\programdata\kibigipu
c:\programdata\wuzaduzi
c:\programdata\ludoyuja
c:\programdata\vowikiho
c:\programdata\loyegeho
c:\programdata\numimoji
c:\programdata\besohaki
c:\programdata\hunayeko
c:\programdata\valagase
c:\programdata\wifowigu
c:\programdata\bunahotu
c:\programdata\reditika
c:\programdata\husowipe
c:\programdata\gurineyu

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dovehugalo"=-
"CPM03cfbf02"=-
0
Réponse 24 / 38
kisscool071 Messages postés 58 Statut Membre 10
 
Merci beaucoup eZula :-)

Voici le rapport :

ComboFix 09-04-25.03 - user 24/04/2009 16:26.6 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1919.1082 [GMT -4:00]
Lancé depuis: c:\users\user\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\user\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 090321-0] *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\programdata\hunayeko\hunayeko.dll
c:\programdata\hupetetu\hupetetu.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\besohaki
c:\programdata\besohaki\besohaki.dll
c:\programdata\bunahotu
c:\programdata\bunahotu\bunahotu.dll
c:\programdata\doyanavo
c:\programdata\doyanavo\doyanavo.exe
c:\programdata\gurineyu
c:\programdata\gurineyu\gurineyu.dll.tmp
c:\programdata\hunayeko
c:\programdata\hupetetu
c:\programdata\husowipe
c:\programdata\husowipe\husowipe.dll.tmp
c:\programdata\kibigipu
c:\programdata\kibigipu\kibigipu.dll
c:\programdata\kibigipu\upigibik.ini
c:\programdata\loyegeho
c:\programdata\loyegeho\loyegeho.dll
c:\programdata\ludoyuja
c:\programdata\ludoyuja\ludoyuja.dll
c:\programdata\mipaniju\mipaniju.dll
c:\programdata\numimoji
c:\programdata\numimoji\numimoji.dll
c:\programdata\reditika
c:\programdata\reditika\reditika.dll.tmp
c:\programdata\rimafafu\rimafafu.dll
c:\programdata\valagase
c:\programdata\valagase\esagalav.ini
c:\programdata\valagase\valagase.dll
c:\programdata\vowikiho
c:\programdata\vowikiho\ohikiwov.ini
c:\programdata\vowikiho\vowikiho.dll
c:\programdata\wegagolu
c:\programdata\wegagolu\ulogagew.ini
c:\programdata\wifowigu
c:\programdata\wifowigu\wifowigu.dll
c:\programdata\wuzaduzi
c:\programdata\wuzaduzi\wuzaduzi.exe
c:\programdata\yamadeko\yamadeko.dll
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-4-24 ))))))))))))))))))))))))))))))))))))
.

2009-04-24 14:22 . 2009-04-24 20:34 -------- d-----w c:\programdata\yamadeko
2009-04-24 14:22 . 2009-04-24 20:34 -------- d-----w c:\programdata\rimafafu
2009-04-24 14:22 . 2009-04-24 14:22 -------- d-----w c:\programdata\honahofu
2009-04-24 02:22 . 2009-04-24 02:44 -------- d-----w c:\programdata\hulifofa
2009-04-24 02:22 . 2009-04-24 02:22 -------- d-----w c:\programdata\sikemaha
2009-04-24 02:22 . 2009-04-24 02:22 -------- d-----w c:\programdata\mewezilu
2009-04-23 14:14 . 2009-04-23 20:27 -------- d-----w c:\programdata\jegehude
2009-04-23 14:14 . 2009-04-23 14:14 -------- d-----w c:\programdata\hawupula
2009-04-23 14:14 . 2009-04-23 14:14 -------- d-----w c:\programdata\fopinope
2009-04-23 02:13 . 2009-04-24 20:34 -------- d-----w c:\programdata\mipaniju
2009-04-23 02:13 . 2009-04-23 02:13 -------- d-----w c:\programdata\kayifase
2009-04-23 02:13 . 2009-04-23 02:13 -------- d-----w c:\programdata\jigesigu
2009-04-23 02:12 . 2009-04-23 02:12 -------- d-----w c:\programdata\hejukuhe
2009-04-23 02:12 . 2009-04-23 02:34 -------- d-----w c:\programdata\sabujopa
2009-04-23 02:12 . 2009-04-23 02:12 -------- d-----w c:\programdata\momewohu
2009-04-23 02:12 . 2009-04-23 02:12 -------- d-----w c:\programdata\bodawusi
2009-04-23 02:12 . 2009-04-23 02:13 -------- d-----w c:\programdata\pehipohu
2009-04-23 02:12 . 2009-04-23 02:13 -------- d-----w c:\programdata\mevorare
2009-04-23 02:12 . 2009-04-23 02:13 -------- d-----w c:\programdata\hibonuli
2009-04-16 06:35 . 2009-04-16 06:35 -------- d-----w C:\GenProc
2009-04-16 00:59 . 2009-04-16 00:59 -------- d-----w c:\programdata\Grisoft
2009-04-15 23:08 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-15 23:08 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-15 23:08 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-15 23:08 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 23:08 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-15 23:08 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 23:08 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-15 23:08 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-15 23:08 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-15 23:08 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 23:06 . 2009-03-03 02:27 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-04-15 00:31 . 2009-04-15 00:31 0 ----a-w c:\windows\nsreg.dat
2009-04-15 00:31 . 2009-04-15 00:31 -------- d-----w c:\users\user\AppData\Local\Mozilla
2009-04-15 00:06 . 2009-04-16 01:13 680 ----a-w c:\users\user\AppData\Local\d3d9caps.dat
2009-04-07 17:02 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-07 17:02 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 20:39 . 2009-02-24 19:30 -------- d-----w c:\users\user\AppData\Roaming\Skype
2009-04-24 03:22 . 2009-02-24 19:36 -------- d-----w c:\users\user\AppData\Roaming\skypePM
2009-04-16 15:27 . 2007-11-26 12:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 06:43 . 2007-11-26 11:50 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 23:01 . 2007-04-18 09:09 672334 ----a-w c:\windows\System32\perfh00C.dat
2009-04-15 23:01 . 2007-04-18 09:09 124434 ----a-w c:\windows\System32\perfc00C.dat
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\program files\iTunes
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\program files\iPod
2009-04-07 17:02 . 2008-11-21 17:58 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 17:00 . 2009-04-07 16:59 -------- d-----w c:\program files\QuickTime
2009-04-07 16:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-07 16:56 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-07 16:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-03-29 14:43 . 2008-11-26 21:46 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 23:07 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 23:07 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 23:07 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-09 03:19 . 2008-11-26 21:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-03 04:40 . 2009-04-15 23:07 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-15 23:07 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-15 23:07 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-24 19:36 . 2009-02-24 19:36 48 ---ha-w c:\programdata\ezsidmv.dat
2009-02-24 19:30 . 2009-02-24 19:29 -------- d-----r c:\program files\Skype
2009-02-24 19:30 . 2009-02-24 19:29 -------- d-----w c:\programdata\Skype
2009-02-24 19:30 . 2009-02-24 19:30 -------- d-----w c:\program files\Common Files\Skype
2009-02-13 08:49 . 2009-04-15 23:07 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 23:07 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 09:48 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-15 20:33 . 2008-03-25 16:21 104424 ----a-w c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2008-09-01 17:58 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-02-28 12:35 . 2008-02-27 13:41 201080 ----a-w c:\users\Amelie\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot_2009-04-21_02.45.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440\msdtcvtr.bat
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6000.16386_none_15a888c6f5e4436c\msdtcvtr.bat
+ 2007-04-18 08:46 . 2009-04-24 20:39 47056 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-24 20:39 65388 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-25 16:21 . 2009-04-24 20:39 10422 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1930788347-3190082942-1752963709-1000_UserData.bin
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\System32\Msdtc\Trace\msdtcvtr.bat
+ 2008-02-27 15:06 . 2009-04-24 20:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-27 15:06 . 2009-04-21 02:44 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-27 15:06 . 2009-04-21 02:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-27 15:06 . 2009-04-24 20:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-27 15:06 . 2009-04-24 20:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-27 15:06 . 2009-04-21 02:44 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-23 20:22 . 2009-04-23 20:22 9560 c:\windows\System32\networklist\icons\{BDE7D721-07C1-460D-AE18-E0345ACBB0AE}_48.bin
+ 2009-04-23 20:22 . 2009-04-23 20:22 4280 c:\windows\System32\networklist\icons\{BDE7D721-07C1-460D-AE18-E0345ACBB0AE}_32.bin
+ 2009-04-23 20:22 . 2009-04-23 20:22 2456 c:\windows\System32\networklist\icons\{BDE7D721-07C1-460D-AE18-E0345ACBB0AE}_24.bin
+ 2009-04-21 13:12 . 2009-04-21 13:12 9560 c:\windows\System32\networklist\icons\{90BF6EDE-9061-4CF9-8516-65BFDC02C268}_48.bin
+ 2009-04-21 13:12 . 2009-04-21 13:12 4280 c:\windows\System32\networklist\icons\{90BF6EDE-9061-4CF9-8516-65BFDC02C268}_32.bin
+ 2009-04-21 13:12 . 2009-04-21 13:12 2456 c:\windows\System32\networklist\icons\{90BF6EDE-9061-4CF9-8516-65BFDC02C268}_24.bin
- 2009-04-21 02:43 . 2009-04-21 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-24 20:36 . 2009-04-24 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-24 20:36 . 2009-04-24 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-21 02:43 . 2009-04-21 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-03-03 15:27 . 2009-04-24 02:22 222552 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:43 . 2009-04-20 18:29 262144 c:\windows\System32\config\systemprofile\ntuser.dat
+ 2006-11-02 12:43 . 2009-04-24 20:22 262144 c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 12:47 . 2009-04-21 02:44 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-24 20:38 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-24 20:38 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-21 02:44 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"dovehugalo"="c:\programdata\mipaniju\mipaniju.dll" [BU]
"00fc8c9e"="c:\programdata\rimafafu\rimafafu.dll" [BU]
"CPM03cfbf02"="c:\programdata\yamadeko\yamadeko.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 815104]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-26 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-26 33136]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-01-15 778240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912]

c:\users\Amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0DC4D711-A666-4A63-B82A-FEF9532AB767}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B8101C58-6595-4C25-914C-C26F9C674857}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{84A10044-33EB-4DEC-B2AC-722B2E544158}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{C744E3EE-CEFE-4ACB-93EC-F273B7E8C0EB}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{CA664D67-EF03-4AA2-8803-7B45C87012AE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{271B0776-56AA-4170-923B-0A81935081E1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C86B9722-1474-4351-A84D-8FFCCCDCC4DA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{0B721C31-87A0-43FD-A1E8-263047185DEE}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{69F4BAA5-7DCB-47EE-95BC-EB9EAF20A563}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4B293642-6932-4EA1-9FDF-DCE44518AB7B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5429E4E4-4806-472A-A63D-5DEF2067E097}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1EA14D6E-05A9-4FF8-B736-CE48FF5131E0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8CFDB16E-26B0-4C8C-ABE6-B5EBCC299134}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\L260x86.sys [2006-12-13 25600]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-19 1324544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {2108E348-A0C0-1563-D327-730450CF5E34} - hxxp://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab
DPF: {210B1348-30C0-1F63-2B27-7A0450545277} - hxxp://www.shockwave.com/content/dinerdash/sis/DDKnorr.1.0.0.44.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ti0bsq0u.default\
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 16:38
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-04-24 16:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-24 20:44
ComboFix2.txt 2009-04-21 13:10
ComboFix3.txt 2009-04-16 16:59
ComboFix4.txt 2009-04-16 14:43

Avant-CF: 11 678 797 824 octets libres
Après-CF: 11 084 386 304 octets libres

306 --- E O F --- 2009-04-24 03:14

Pendant le scan, Avast m'a averti de 5 virus/adware/logiciel malveillant.
Au redémarrage de Windows, 3 fenêtres se sont ouvertes "Erreur de chargement de C:\ProgrammData\rimafafu\rimafafu.dll Le module spécifié est introuvable" ainsi qu'avec "yamadeko" et "mipaniju".
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
Bon un dernier script et après si ça continue comme ça il va falloir se poser d'autres questions : 

Folder::
c:\programdata\yamadeko
c:\programdata\rimafafu
c:\programdata\honahofu
c:\programdata\hulifofa
c:\programdata\sikemaha
c:\programdata\mewezilu
c:\programdata\jegehude
c:\programdata\hawupula
c:\programdata\fopinope
c:\programdata\mipaniju
c:\programdata\kayifase
c:\programdata\jigesigu
c:\programdata\hejukuhe
c:\programdata\sabujopa
c:\programdata\momewohu
c:\programdata\bodawusi
c:\programdata\pehipohu
c:\programdata\mevorare
c:\programdata\hibonuli 

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dovehugalo"=-
"00fc8c9e"=-
"CPM03cfbf02"=-
0
Réponse 26 / 38
kisscool071 Messages postés 58 Statut Membre 10
 
3 virus ont été détectés pendant le scan par Avast.

Voici le rapport de ComboFix :

ComboFix 09-04-25.A1 - user 25/04/2009 9:55.7 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1919.1268 [GMT -4:00]
Lancé depuis: c:\users\user\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\user\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 090321-0] *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\bodawusi
c:\programdata\bodawusi\bodawusi.exe
c:\programdata\fopinope
c:\programdata\fopinope\fopinope.exe
c:\programdata\hawupula
c:\programdata\hawupula\hawupula.dll
c:\programdata\hejukuhe
c:\programdata\hejukuhe\hejukuhe.dll
c:\programdata\hibonuli
c:\programdata\hibonuli\hibonuli.dll.tmp
c:\programdata\honahofu
c:\programdata\honahofu\honahofu.exe
c:\programdata\hulifofa
c:\programdata\hulifofa\afofiluh.ini
c:\programdata\hulifofa\hulifofa.dll
c:\programdata\jegehude
c:\programdata\jegehude\eduhegej.ini
c:\programdata\jegehude\jegehude.dll
c:\programdata\jigesigu
c:\programdata\jigesigu\jigesigu.dll
c:\programdata\kayifase
c:\programdata\kayifase\kayifase.dll
c:\programdata\mevorare
c:\programdata\mevorare\mevorare.dll.tmp
c:\programdata\mewezilu
c:\programdata\mewezilu\mewezilu.exe
c:\programdata\mipaniju
c:\programdata\momewohu
c:\programdata\momewohu\momewohu.dll
c:\programdata\pehipohu
c:\programdata\pehipohu\pehipohu.dll.tmp
c:\programdata\rimafafu
c:\programdata\rimafafu\ufafamir.ini
c:\programdata\sabujopa
c:\programdata\sabujopa\apojubas.ini
c:\programdata\sabujopa\sabujopa.dll
c:\programdata\sikemaha
c:\programdata\sikemaha\sikemaha.dll
c:\programdata\yamadeko

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-25 au 2009-4-25 ))))))))))))))))))))))))))))))))))))
.

2009-04-16 06:35 . 2009-04-16 06:35 -------- d-----w C:\GenProc
2009-04-16 00:59 . 2009-04-16 00:59 -------- d-----w c:\programdata\Grisoft
2009-04-15 23:08 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-15 23:08 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-15 23:08 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-15 23:08 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 23:08 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-15 23:08 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 23:08 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-15 23:08 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-15 23:08 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-15 23:08 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 23:06 . 2009-03-03 02:27 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-04-15 00:31 . 2009-04-15 00:31 0 ----a-w c:\windows\nsreg.dat
2009-04-15 00:31 . 2009-04-15 00:31 -------- d-----w c:\users\user\AppData\Local\Mozilla
2009-04-15 00:06 . 2009-04-16 01:13 680 ----a-w c:\users\user\AppData\Local\d3d9caps.dat
2009-04-07 17:02 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-07 17:02 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 13:37 . 2009-02-24 19:30 -------- d-----w c:\users\user\AppData\Roaming\Skype
2009-04-24 20:39 . 2009-02-24 19:36 -------- d-----w c:\users\user\AppData\Roaming\skypePM
2009-04-16 15:27 . 2007-11-26 12:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 06:43 . 2007-11-26 11:50 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 23:01 . 2007-04-18 09:09 672334 ----a-w c:\windows\System32\perfh00C.dat
2009-04-15 23:01 . 2007-04-18 09:09 124434 ----a-w c:\windows\System32\perfc00C.dat
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\program files\iTunes
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\program files\iPod
2009-04-07 17:02 . 2008-11-21 17:58 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 17:00 . 2009-04-07 16:59 -------- d-----w c:\program files\QuickTime
2009-04-07 16:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-07 16:56 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-07 16:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-03-29 14:43 . 2008-11-26 21:46 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 23:07 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 23:07 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 23:07 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-09 03:19 . 2008-11-26 21:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-03 04:40 . 2009-04-15 23:07 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-15 23:07 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-15 23:07 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-24 19:36 . 2009-02-24 19:36 48 ---ha-w c:\programdata\ezsidmv.dat
2009-02-24 19:30 . 2009-02-24 19:29 -------- d-----r c:\program files\Skype
2009-02-24 19:30 . 2009-02-24 19:29 -------- d-----w c:\programdata\Skype
2009-02-24 19:30 . 2009-02-24 19:30 -------- d-----w c:\program files\Common Files\Skype
2009-02-13 08:49 . 2009-04-15 23:07 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 23:07 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 09:48 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-15 20:33 . 2008-03-25 16:21 104424 ----a-w c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2008-09-01 17:58 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-02-28 12:35 . 2008-02-27 13:41 201080 ----a-w c:\users\Amelie\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot_2009-04-21_02.45.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440\msdtcvtr.bat
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6000.16386_none_15a888c6f5e4436c\msdtcvtr.bat
+ 2007-04-18 08:46 . 2009-04-25 13:38 47056 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-25 13:38 65396 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-25 16:21 . 2009-04-25 13:38 10430 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1930788347-3190082942-1752963709-1000_UserData.bin
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\System32\Msdtc\Trace\msdtcvtr.bat
+ 2008-02-27 15:06 . 2009-04-25 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-27 15:06 . 2009-04-21 02:44 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-27 15:06 . 2009-04-21 02:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-27 15:06 . 2009-04-25 13:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-27 15:06 . 2009-04-25 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-27 15:06 . 2009-04-21 02:44 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-23 20:22 . 2009-04-23 20:22 9560 c:\windows\System32\networklist\icons\{BDE7D721-07C1-460D-AE18-E0345ACBB0AE}_48.bin
+ 2009-04-23 20:22 . 2009-04-23 20:22 4280 c:\windows\System32\networklist\icons\{BDE7D721-07C1-460D-AE18-E0345ACBB0AE}_32.bin
+ 2009-04-23 20:22 . 2009-04-23 20:22 2456 c:\windows\System32\networklist\icons\{BDE7D721-07C1-460D-AE18-E0345ACBB0AE}_24.bin
+ 2009-04-21 13:12 . 2009-04-21 13:12 9560 c:\windows\System32\networklist\icons\{90BF6EDE-9061-4CF9-8516-65BFDC02C268}_48.bin
+ 2009-04-21 13:12 . 2009-04-21 13:12 4280 c:\windows\System32\networklist\icons\{90BF6EDE-9061-4CF9-8516-65BFDC02C268}_32.bin
+ 2009-04-21 13:12 . 2009-04-21 13:12 2456 c:\windows\System32\networklist\icons\{90BF6EDE-9061-4CF9-8516-65BFDC02C268}_24.bin
- 2009-04-21 02:43 . 2009-04-21 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-25 13:36 . 2009-04-25 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-21 02:43 . 2009-04-21 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-25 13:36 . 2009-04-25 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-03-03 16:20 . 2009-04-25 04:20 207466 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-03-03 15:27 . 2009-04-25 04:14 222696 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:43 . 2009-04-25 13:54 262144 c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 12:43 . 2009-04-20 18:29 262144 c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 12:47 . 2009-04-21 02:44 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-25 13:38 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-21 02:44 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-25 13:38 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"dovehugalo"="c:\programdata\mipaniju\mipaniju.dll" [BU]
"00fc8c9e"="c:\programdata\rimafafu\rimafafu.dll" [BU]
"CPM03cfbf02"="c:\programdata\yamadeko\yamadeko.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 815104]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-26 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-26 33136]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-01-15 778240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912]

c:\users\Amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0DC4D711-A666-4A63-B82A-FEF9532AB767}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B8101C58-6595-4C25-914C-C26F9C674857}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{84A10044-33EB-4DEC-B2AC-722B2E544158}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{C744E3EE-CEFE-4ACB-93EC-F273B7E8C0EB}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{CA664D67-EF03-4AA2-8803-7B45C87012AE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{271B0776-56AA-4170-923B-0A81935081E1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C86B9722-1474-4351-A84D-8FFCCCDCC4DA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{0B721C31-87A0-43FD-A1E8-263047185DEE}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{69F4BAA5-7DCB-47EE-95BC-EB9EAF20A563}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4B293642-6932-4EA1-9FDF-DCE44518AB7B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5429E4E4-4806-472A-A63D-5DEF2067E097}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1EA14D6E-05A9-4FF8-B736-CE48FF5131E0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8CFDB16E-26B0-4C8C-ABE6-B5EBCC299134}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\L260x86.sys [2006-12-13 25600]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-19 1324544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {2108E348-A0C0-1563-D327-730450CF5E34} - hxxp://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab
DPF: {210B1348-30C0-1F63-2B27-7A0450545277} - hxxp://www.shockwave.com/content/dinerdash/sis/DDKnorr.1.0.0.44.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ti0bsq0u.default\
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 10:01
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-04-25 10:04
ComboFix-quarantined-files.txt 2009-04-25 14:04
ComboFix2.txt 2009-04-24 20:44
ComboFix3.txt 2009-04-21 13:10
ComboFix4.txt 2009-04-16 16:59
ComboFix5.txt 2009-04-25 13:53

Avant-CF: 11 656 261 632 octets libres
Après-CF: 11 670 478 848 octets libres

253 --- E O F --- 2009-04-24 03:14
0
Réponse 27 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
fais ce scan en ligne (coche toutes les cases à chaque fois) https://www.eset.com/
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt
0
Réponse 28 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
Où en sont tes problèmes ?
0
Réponse 29 / 38
kisscool071 Messages postés 58 Statut Membre 10
 
La connexion est moins lente mais j'ai toujours beaucoup de pub qui s'affichent alors que le bloqueur de fenêtres intempestives est activé. C'est souvent aussi que Avast bloque des sites malveillants ou des virus, alors qu'avant je n'avais que rarement ce problème...
Sinon, Explorer ou Mozilla se ferment pour rien bref je sais plus quoi faire là... Et je comprends pas parce que Avast est toujours en marche.
0
Réponse 30 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
reposte un rapport combofix, voir ? et désactive avast pendant ce temps
0
Réponse 31 / 38
kisscool071 Messages postés 58 Statut Membre 10
 
ComboFix 09-04-25.A1 - user 26/04/2009 22:08.8 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1919.1063 [GMT -4:00]
Lancé depuis: c:\users\user\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 090321-0] *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\demodamu\demodamu.dll
c:\programdata\fozisitu\fozisitu.dll
c:\programdata\higawaka\higawaka.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-27 au 2009-4-27 ))))))))))))))))))))))))))))))))))))
.

2009-04-27 02:17 . 2009-04-27 02:17 45056 ----a-w c:\windows\system32\acovcnt.exe
2009-04-26 17:08 . 2009-04-27 02:14 -------- d-----w c:\programdata\higawaka
2009-04-26 17:08 . 2009-04-27 02:14 -------- d-----w c:\programdata\fozisitu
2009-04-26 17:08 . 2009-04-26 17:08 -------- d-----w c:\programdata\yoyaheku
2009-04-26 05:08 . 2009-04-26 05:08 -------- d-----w c:\programdata\viwafinu
2009-04-26 05:08 . 2009-04-27 02:14 -------- d-----w c:\programdata\demodamu
2009-04-26 05:08 . 2009-04-26 05:08 -------- d-----w c:\programdata\vabekame
2009-04-26 05:07 . 2009-04-26 05:29 -------- d-----w c:\programdata\lojafuyu
2009-04-26 05:07 . 2009-04-26 05:07 -------- d-----w c:\programdata\rivokopu
2009-04-26 05:07 . 2009-04-26 05:07 -------- d-----w c:\programdata\pavereye
2009-04-26 05:07 . 2009-04-26 05:07 -------- d-----w c:\programdata\mepepora
2009-04-26 05:07 . 2009-04-26 05:08 -------- d-----w c:\programdata\zibuweti
2009-04-26 05:07 . 2009-04-26 05:08 -------- d-----w c:\programdata\jehuluka
2009-04-26 05:07 . 2009-04-26 05:08 -------- d-----w c:\programdata\pogogiso
2009-04-16 06:35 . 2009-04-16 06:35 -------- d-----w C:\GenProc
2009-04-16 00:59 . 2009-04-16 00:59 -------- d-----w c:\programdata\Grisoft
2009-04-15 23:08 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-15 23:08 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-15 23:08 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-15 23:08 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 23:08 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-15 23:08 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 23:08 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-15 23:08 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-15 23:08 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-15 23:08 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 23:06 . 2009-03-03 02:27 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-04-15 00:31 . 2009-04-15 00:31 0 ----a-w c:\windows\nsreg.dat
2009-04-15 00:31 . 2009-04-15 00:31 -------- d-----w c:\users\user\AppData\Local\Mozilla
2009-04-15 00:06 . 2009-04-16 01:13 680 ----a-w c:\users\user\AppData\Local\d3d9caps.dat
2009-04-07 17:02 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-07 17:02 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 02:19 . 2009-02-24 19:36 -------- d-----w c:\users\user\AppData\Roaming\skypePM
2009-04-27 02:18 . 2009-02-24 19:30 -------- d-----w c:\users\user\AppData\Roaming\Skype
2009-04-16 15:27 . 2007-11-26 12:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 06:43 . 2007-11-26 11:50 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 23:01 . 2007-04-18 09:09 672334 ----a-w c:\windows\System32\perfh00C.dat
2009-04-15 23:01 . 2007-04-18 09:09 124434 ----a-w c:\windows\System32\perfc00C.dat
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\program files\iTunes
2009-04-07 17:02 . 2009-04-07 17:02 -------- d-----w c:\program files\iPod
2009-04-07 17:02 . 2008-11-21 17:58 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 17:00 . 2009-04-07 16:59 -------- d-----w c:\program files\QuickTime
2009-04-07 16:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-07 16:56 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-07 16:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-03-29 14:43 . 2008-11-26 21:46 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 23:07 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 23:07 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 23:07 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-09 03:19 . 2008-11-26 21:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-03 04:40 . 2009-04-15 23:07 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-15 23:07 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-15 23:07 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-24 19:36 . 2009-02-24 19:36 48 ---ha-w c:\programdata\ezsidmv.dat
2009-02-13 08:49 . 2009-04-15 23:07 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 23:07 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 09:48 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-15 20:33 . 2008-03-25 16:21 104424 ----a-w c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2008-09-01 17:58 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-02-28 12:35 . 2008-02-27 13:41 201080 ----a-w c:\users\Amelie\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot_2009-04-25_14.02.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-18 08:46 . 2009-04-27 02:19 47294 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-27 02:19 65420 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-25 16:21 . 2009-04-27 02:19 10454 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1930788347-3190082942-1752963709-1000_UserData.bin
- 2008-02-27 15:06 . 2009-04-25 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-02-27 15:06 . 2009-04-27 02:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-27 15:06 . 2009-04-25 13:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-27 15:06 . 2009-04-27 02:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-27 15:06 . 2009-04-27 02:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-27 15:06 . 2009-04-25 13:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-27 02:16 . 2009-04-27 02:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-25 13:36 . 2009-04-25 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-25 13:36 . 2009-04-25 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-27 02:16 . 2009-04-27 02:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-03-03 15:27 . 2009-04-26 15:27 224180 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:47 . 2009-04-27 02:17 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-25 13:38 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-25 13:38 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-27 02:17 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"dovehugalo"="c:\programdata\demodamu\demodamu.dll" [BU]
"00fc8c9e"="c:\programdata\higawaka\higawaka.dll" [BU]
"CPM03cfbf02"="c:\programdata\fozisitu\fozisitu.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 815104]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-26 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-26 33136]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-01-15 778240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912]

c:\users\Amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0DC4D711-A666-4A63-B82A-FEF9532AB767}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B8101C58-6595-4C25-914C-C26F9C674857}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{84A10044-33EB-4DEC-B2AC-722B2E544158}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{C744E3EE-CEFE-4ACB-93EC-F273B7E8C0EB}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{CA664D67-EF03-4AA2-8803-7B45C87012AE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{271B0776-56AA-4170-923B-0A81935081E1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C86B9722-1474-4351-A84D-8FFCCCDCC4DA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{0B721C31-87A0-43FD-A1E8-263047185DEE}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{69F4BAA5-7DCB-47EE-95BC-EB9EAF20A563}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4B293642-6932-4EA1-9FDF-DCE44518AB7B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5429E4E4-4806-472A-A63D-5DEF2067E097}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1EA14D6E-05A9-4FF8-B736-CE48FF5131E0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8CFDB16E-26B0-4C8C-ABE6-B5EBCC299134}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\L260x86.sys [2006-12-13 25600]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-19 1324544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {2108E348-A0C0-1563-D327-730450CF5E34} - hxxp://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab
DPF: {210B1348-30C0-1F63-2B27-7A0450545277} - hxxp://www.shockwave.com/content/dinerdash/sis/DDKnorr.1.0.0.44.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ti0bsq0u.default\
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 22:18
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP000000245F1F072A0EDB3C0A 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-04-27 22:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-27 02:24
ComboFix2.txt 2009-04-25 14:04
ComboFix3.txt 2009-04-24 20:44
ComboFix4.txt 2009-04-21 13:10
ComboFix5.txt 2009-04-27 02:08

Avant-CF: 12 209 377 280 octets libres
Après-CF: 12 125 650 944 octets libres

247 --- E O F --- 2009-04-24 03:14
0
Réponse 32 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
y'a un truc qui relance à chaque fois mais il doit être discret. Désactive avast complètement et poste ces deux rapports successivement

https://www.micro-astuce.com/securite/NanoScan-Panda.php
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 33 / 38
kisscool071 Messages postés 58 Statut Membre 10
 
Rapport de NanoScan-Panda :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-04-27 19:48:40
PROTECTIONS: 5
MALWARE: 22
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1169 [VPS 090321-0] 4.8.1169 Yes Yes
Norton Internet Security 2007 Yes No
Windows Defender 1.1.1505.0 No Yes
Norton Internet Security 2007 No No
avast! antivirus 4.8.1169 [VPS 090321-0] 4.8.1169 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@trafficmp[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@mediaplex[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.yieldmanager[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@statse.webtrendslive[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@bluestreak[2].txt
00800068 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\ProgramData\hupetetu\hupetetu.dll.vir
02990320 Application/BoontyGames HackTools No 0 Yes No C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ���`��39
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ���`��39
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Kaspersky n'est pas compatible avec vista donc ça n'a pas marché.

Sur chaque scan j'ai remarqué qu'il y avait Norton d'activé, mais je ne l'ai pas sur mon ordinateur...
0
Réponse 34 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
Lance HijackThis -> "Open the Misc tool section" -> coche les deux cases "list..." puis clique sur "Generate Startup list". Un rapport conséquent va s'ouvrir, poste-le.
0
Réponse 35 / 38
kisscool071 Messages postés 58 Statut Membre 10
 
StartupList report, 29/04/2009, 14:32:12
StartupList version: 1.52.2
Started from : C:\Users\user\Desktop\HiJackThis.EXE
Detected: Windows Vista SP1 (WinNT 6.00.1905)
Detected: Internet Explorer v7.00 (7.00.6001.18226)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\user\Desktop\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

RtHDVCpl = RtHDVCpl.exe
SMSERIAL = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
ATKMEDIA = C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ASUSTPE = C:\Windows\system32\ASUSTPE.exe
ASUS Camera ScreenSaver = C:\Windows\ASScrProlog.exe
ASUS Screen Saver Protector = C:\Windows\ASScrPro.exe
PowerForPhone = C:\Program Files\PowerForPhone\PowerForPhone.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartCCC = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MsnMsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
ehTray.exe = C:\Windows\ehome\ehTray.exe
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
dovehugalo = Rundll32.exe "C:\ProgramData\rurerogu\rurerogu.dll",s
00fc8c9e = rundll32.exe "C:\ProgramData\dobibige\dobibige.dll",b
CPM03cfbf02 = Rundll32.exe "C:\ProgramData\yugugari\yugugari.dll",a

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[ccc-core-static] *
StubPath = msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Module de délivrance de certificat MINEFI]
InProcServer32 = C:\Windows\Downloaded Program Files\CERTDGI1.dll
CODEBASE = https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab

[Facebook Photo Uploader 5 Control]
InProcServer32 = C:\Windows\Downloaded Program Files\PhotoUploader5.ocx
CODEBASE = http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

[CKAVWebScan Object]
InProcServer32 = C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

[Shockwave ActiveX Control]
InProcServer32 = C:\Windows\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\Windows\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

[CPlayFirstDDComcastControl Object]
InProcServer32 = C:\Windows\Downloaded Program Files\DDComcast.1.0.0.39.dll
CODEBASE = http://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab

[CPlayFirstDDKnorrControl Object]
InProcServer32 = C:\Windows\Downloaded Program Files\DDKnorr.1.0.0.44.dll
CODEBASE = http://www.shockwave.com/content/dinerdash/sis/DDKnorr.1.0.0.44.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\Windows\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab

[DivXBrowserPlugin Object]
InProcServer32 = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CODEBASE = http://download.divx.com/player/DivXBrowserPlugin.cab

[{7530BFB8-7293-4D34-9923-61A11451AFC5}]
CODEBASE = http://download.eset.com/special/eos/OnlineScanner.cab

[AdVerifierADPCtrl Class]
InProcServer32 = C:\Windows\Downloaded Program Files\AdVerifierADP.dll
CODEBASE = https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

[MSN Games - Installer]
InProcServer32 = C:\Windows\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

[Zylom Games Player]
InProcServer32 = C:\Windows\Downloaded Program Files\zylomgamesplayer.dll
CODEBASE = http://game01.zylom.com/activex/zylomgamesplayer.cab

[MessengerStatsClient Class]
InProcServer32 = C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

[Java Plug-in 1.6.0_13]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_13.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

[Minesweeper Flags Class]
InProcServer32 = C:\Windows\Downloaded Program Files\MineSweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #5: C:\Windows\system32\wshbth.dll
NameSpace #6: C:\Windows\System32\mswsock.dll
NameSpace #7: C:\Windows\System32\winrnr.dll
NameSpace #8: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
Protocol #14: C:\Windows\system32\mswsock.dll
Protocol #15: C:\Windows\system32\mswsock.dll
Protocol #16: C:\Windows\system32\mswsock.dll
Protocol #17: C:\Windows\system32\mswsock.dll
Protocol #18: C:\Windows\system32\mswsock.dll
Protocol #19: C:\Windows\system32\mswsock.dll
Protocol #20: C:\Windows\system32\mswsock.dll
Protocol #21: C:\Windows\system32\mswsock.dll
Protocol #22: C:\Windows\system32\mswsock.dll
Protocol #23: C:\Windows\system32\mswsock.dll
Protocol #24: C:\Windows\system32\mswsock.dll
Protocol #25: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Pilote ACPI Microsoft: system32\drivers\acpi.sys (system)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (disabled)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (disabled)
adpu160m: \SystemRoot\system32\drivers\adpu160m.sys (disabled)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (disabled)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Ancilliary Function Driver for Winsock: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
aic78xx: \SystemRoot\system32\drivers\djsvs.sys (disabled)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\drivers\amdagp.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (disabled)
AMD K7 Processor Driver: \SystemRoot\system32\drivers\amdk7.sys (disabled)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (disabled)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
arc: \SystemRoot\system32\drivers\arc.sys (disabled)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (disabled)
ASLDR Service: C:\Program Files\ATK Hotkey\ASLDRSrv.exe (autostart)
aswFsBlk: system32\DRIVERS\aswFsBlk.sys (autostart)
aswMonFlt: system32\DRIVERS\aswMonFlt.sys (autostart)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Canal IDE: system32\drivers\atapi.sys (system)
NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller: system32\DRIVERS\L260x86.sys (manual start)
Atheros Extensible Wireless LAN device driver: system32\DRIVERS\athr.sys (manual start)
Ati External Event Utility: %SystemRoot%\system32\Ati2evxx.exe (autostart)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
blbdrive: \SystemRoot\system32\drivers\blbdrive.sys (disabled)
Service Bonjour: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Bowser: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\brfiltlo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\brfiltup.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\system32\drivers\brserid.sys (disabled)
Brother WDM Serial driver: \SystemRoot\system32\drivers\brserwdm.sys (disabled)
Brother MFC USB Fax Only Modem: \SystemRoot\system32\drivers\brusbmdm.sys (disabled)
Brother MFC USB Serial WDM Driver: \SystemRoot\system32\drivers\brusbser.sys (manual start)
Bluetooth Enumerator Service: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (disabled)
Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth Port Driver: System32\Drivers\BTHport.sys (manual start)
@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)
Bluetooth Radio USB Driver: System32\Drivers\BTHUSB.sys (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (disabled)
Common Log (CLFS): System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Symantec Lic NetConnect service: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
Pilote pour Batterie à méthode de contrôle ACPI Microsoft: system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (disabled)
Pilote de batterie composite Microsoft: system32\DRIVERS\compbatt.sys (system)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: system32\drivers\crcdisk.sys (system)
Transmeta Crusoe Processor Driver: \SystemRoot\system32\drivers\crusoe.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@dfsrres.dll,-101: %SystemRoot%\system32\DFSR.exe (manual start)
@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Pilote de disque: system32\drivers\disk.sys (system)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
Intel(R) PRO/1000 NDIS 6 Adapter Driver: system32\DRIVERS\E1G60I32.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
ReadyBoost Caching Driver: System32\drivers\ecache.sys (system)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
@%SystemRoot%\ehome\ehstart.dll,-101: %windir%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (disabled)
@%SystemRoot%\system32\emdmgmt.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (disabled)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
File Information FS MiniFilter: system32\drivers\fileinfo.sys (system)
FileTrace: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (disabled)
FltMgr: system32\drivers\fltmgr.sys (system)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
GEAR ASPI Filter Driver: system32\DRIVERS\GEARAspiWDM.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Pilote de bus UAA Microsoft pour High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (disabled)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (disabled)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HpCISSs: \SystemRoot\system32\drivers\hpcisss.sys (disabled)
HTTP: system32\drivers\HTTP.sys (manual start)
i2omp: \SystemRoot\system32\drivers\i2omp.sys (disabled)
Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system)
Intel RAID Controller Vista: \SystemRoot\system32\drivers\iastorv.sys (disabled)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (disabled)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Service for Realtek HD Audio (WDM): system32\drivers\RTKVHDA.sys (manual start)
intelide: \SystemRoot\system32\drivers\intelide.sys (disabled)
Pilote de processeur Intel: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IPMIDRV: \SystemRoot\system32\drivers\ipmidrv.sys (disabled)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
Service de l’iPod: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IR Bus Enumerator: system32\drivers\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: \SystemRoot\system32\drivers\isapnp.sys (disabled)
Pilote iScsiPort: system32\DRIVERS\msiscsi.sys (manual start)
ITEATAPI_Service_Install: \SystemRoot\system32\drivers\iteatapi.sys (disabled)
ITERAID_Service_Install: \SystemRoot\system32\drivers\iteraid.sys (disabled)
Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: \SystemRoot\system32\drivers\kbdhid.sys (disabled)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
KSecDD: System32\Drivers\ksecdd.sys (system)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
Pilote d’E/S du mappage de découverte de topologie de la couche de liaison: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (disabled)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (disabled)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (disabled)
UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
megasas: \SystemRoot\system32\drivers\megasas.sys (disabled)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Modem: system32\drivers\modem.sys (manual start)
Périphérique de filtrage de flux Unimodem: system32\drivers\MODEMCSA.sys (manual start)
Service Pilote de fonction de classe Moniteur Microsoft: system32\DRIVERS\monitor.sys (manual start)
Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system)
Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start)
Mount Point Manager: System32\drivers\mountmgr.sys (system)
Microsoft Multi-Path Bus Driver: \SystemRoot\system32\drivers\mpio.sys (disabled)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
Mraid35x: \SystemRoot\system32\drivers\mraid35x.sys (disabled)
WebDav Client Redirector Driver: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
SMB MiniRedirector Wrapper and Engine: system32\DRIVERS\mrxsmb.sys (manual start)
SMB 1.x MiniRedirector: system32\DRIVERS\mrxsmb10.sys (manual start)
SMB 2.0 MiniRedirector: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (disabled)
Microsoft Multi-Path Device Specific Module: \SystemRoot\system32\drivers\msdsm.sys (disabled)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
Pilote de classe ISA/EISA: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATK0100 ACPI UTILITY: system32\DRIVERS\ATKACPI.sys (manual start)
Mup: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
Filtre NativeWiFi: system32\DRIVERS\nwifi.sys (manual start)
NBService: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start)
NDIS System Driver: system32\drivers\ndis.sys (system)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NETBT: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprof.dll,-246: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit: system32\DRIVERS\NETw3v32.sys (manual start)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (disabled)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (manual start)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
NSI proxy service: system32\drivers\nsiproxy.sys (system)
N-trig HID Tablet Driver: \SystemRoot\system32\drivers\ntrigdigi.sys (disabled)
nvlddmkm: system32\DRIVERS\nvlddmkm.sys (manual start)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (disabled)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (disabled)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
RICOH OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (disabled)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (disabled)
Partition Manager: System32\drivers\partmgr.sys (system)
Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Pilote de bus PCI: system32\drivers\pci.sys (system)
pciide: system32\drivers\pciide.sys (system)
pcmcia: \SystemRoot\system32\drivers\pcmcia.sys (disabled)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
PLFlash DeviceIoControl Service: C:\Windows\system32\IoctlSvc.exe (autostart)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\p2psvc.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (disabled)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
QLogic Fibre Channel Miniport Driver: \SystemRoot\system32\drivers\ql2300.sys (disabled)
QLogic iSCSI Miniport Driver: \SystemRoot\system32\drivers\ql40xx.sys (disabled)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
R300: system32\DRIVERS\atikmdag.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
Redirected Buffering Sub Sysytem: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: \SystemRoot\system32\drivers\rdpdr.sys (disabled)
RDP Encoder Mirror Driver: system32\drivers\rdpencdd.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
Bluetooth Device (RFCOMM Protocol TDI): system32\DRIVERS\rfcomm.sys (manual start)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Répondeur de découverte de topologie de la couche de liaison: system32\DRIVERS\rspndr.sys (autostart)
Realtek 8169 NT Driver: system32\DRIVERS\Rtlh86.sys (manual start)
USB Mass Storage Device: system32\drivers\RTSTOR.SYS (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: \SystemRoot\system32\drivers\sbp2port.sys (disabled)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
sdbus: system32\DRIVERS\sdbus.sys (disabled)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: \SystemRoot\system32\drivers\serenum.sys (manual start)
Serial Port Driver: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (disabled)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (disabled)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: system32\DRIVERS\sfloppy.sys (disabled)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\drivers\sisagp.sys (manual start)
SiSRaid2: \SystemRoot\system32\drivers\sisraid2.sys (disabled)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (disabled)
@%SystemRoot%\system32\SLsvc.exe,-101: %SystemRoot%\system32\SLsvc.exe (autostart)
@%SystemRoot%\system32\SLUINotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (system)
smserial: system32\DRIVERS\smserial.sys (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
srv: System32\DRIVERS\srv.sys (manual start)
srv2: System32\DRIVERS\srv2.sys (manual start)
srvnet: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SAMSUNG Mobile USB Device II 1.0 driver (WDM): system32\DRIVERS\ssm_bus.sys (manual start)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Syntek AVStream USB2.0 1.3M WebCam: System32\Drivers\StkCMini.sys (manual start)
Syntek AVStream USB2.0 WebCam Service: %SystemRoot%\System32\StkCSrv.exe (autostart)
Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Symc8xx: \SystemRoot\system32\drivers\symc8xx.sys (disabled)
Sym_hi: \SystemRoot\system32\drivers\sym_hi.sys (disabled)
Sym_u3: \SystemRoot\system32\drivers\sym_u3.sys (disabled)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Pilote de protocole IPv6 Microsoft: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
TPM: system32\drivers\tpm.sys (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
Terminal Services Security Filter Driver: System32\DRIVERS\tssecsrv.sys (manual start)
Pilote de carte miniport Microsoft Tun: system32\DRIVERS\tunmp.sys (manual start)
Pilote de carte miniport Microsoft IPv6 Tunnel: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
uliahci: \SystemRoot\system32\drivers\uliahci.sys (disabled)
UlSata: \SystemRoot\system32\drivers\ulsata.sys (disabled)
ulsata2: \SystemRoot\system32\drivers\ulsata2.sys (disabled)
Pilote d’énumérateur UMBus: system32\DRIVERS\umbus.sys (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (disabled)
Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start)
Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start)
Pilote miniport de contrôleur hôte ouvert USB Microsoft: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (disabled)
Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (disabled)
Service Messenger Sharing Folders USN Journal Reader: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\drivers\viaagp.sys (manual start)
VIA C7 Processor Driver: \SystemRoot\system32\drivers\viac7.sys (disabled)
viaide: \SystemRoot\system32\drivers\viaide.sys (disabled)
Pilote du Gestionnaire de volume: system32\drivers\volmgr.sys (system)
Dynamic Volume Manager: System32\drivers\volmgrx.sys (system)
Volumes de stockage: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (disabled)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (disabled)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Remote Access IPv6 ARP Driver: system32\DRIVERS\wanarp.sys (system)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Microsoft Watchdog Timer Driver: \SystemRoot\system32\drivers\wd.sys (disabled)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k wdisvc (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (autostart)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\drivers\wmiacpi.sys (disabled)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" (manual start)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
WpdUsb: system32\DRIVERS\wpdusb.sys (manual start)
Winsock IFS driver: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 53 232 bytes
Report generated in 0,454 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
0
Réponse 36 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
tout cela n'est pas bien convaincant. Essayons un dernier truc : Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 37 / 38
kisscool071 Messages postés 58 Statut Membre 10
 
log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-05-01 19:40:57
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 16 GB (21%) free of 76 GB
Total RAM: 1919 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:21, on 01/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Downloads\RSIT.exe
C:\Program Files\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [dovehugalo] Rundll32.exe "C:\ProgramData\rurerogu\rurerogu.dll",s
O4 - HKCU\..\Run: [00fc8c9e] rundll32.exe "C:\ProgramData\dobibige\dobibige.dll",b
O4 - HKCU\..\Run: [CPM03cfbf02] Rundll32.exe "C:\ProgramData\yugugari\yugugari.dll",a
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2108E348-A0C0-1563-D327-730450CF5E34} (CPlayFirstDDComcastControl Object) - http://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab
O16 - DPF: {210B1348-30C0-1F63-2B27-7A0450545277} (CPlayFirstDDKnorrControl Object) - http://www.shockwave.com/content/dinerdash/sis/DDKnorr.1.0.0.44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
0
Réponse 38 / 38
eZula Messages postés 3509 Statut Contributeur 392
 
Dans ajout-suppression de programmes, désinstalle tout ce qui a trait à "adobe reader". N'utilise plus ce programme pour lire tes pdf, c'est une usine à gaz. Il y a d'autres solutions libres et bien plus légères https://pdfreaders.org/ parmi lesquelles celle-ci http://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-0.9.3-install.exe

Repasse ce script combofix :

File::
c:\programdata\hunayeko\hunayeko.dll
c:\programdata\hupetetu\hupetetu.dll
C:\ProgramData\dobibige\dobibige.dll
C:\ProgramData\rurerogu\rurerogu.dll
C:\ProgramData\yugugari\yugugari.dll
c:\windows\system32\acovcnt.exe

Folder::
c:\programdata\wegagolu
c:\programdata\hupetetu
c:\programdata\doyanavo
c:\programdata\kibigipu
c:\programdata\wuzaduzi
c:\programdata\ludoyuja
c:\programdata\vowikiho
c:\programdata\loyegeho
c:\programdata\numimoji
c:\programdata\besohaki
c:\programdata\hunayeko
c:\programdata\valagase
c:\programdata\wifowigu
c:\programdata\bunahotu
c:\programdata\reditika
c:\programdata\husowipe
c:\programdata\gurineyu
C:\ProgramData\yugugari
C:\ProgramData\dobibige
C:\ProgramData\yebukobe
C:\ProgramData\puwumawi
C:\ProgramData\zujaviwi
C:\ProgramData\rawituzo
C:\ProgramData\rurerogu
C:\ProgramData\hawivobi
C:\ProgramData\dulurare
C:\ProgramData\zeladugu
C:\ProgramData\modeboho
C:\ProgramData\soremeno
C:\ProgramData\fawofofo
C:\ProgramData\yawopigo
C:\ProgramData\ponahohe
C:\ProgramData\feyowube
C:\ProgramData\higawaka
C:\ProgramData\yoyaheku
C:\ProgramData\fozisitu
C:\ProgramData\viwafinu
C:\ProgramData\vabekame
C:\ProgramData\demodamu
C:\ProgramData\lojafuyu
C:\ProgramData\rivokopu
C:\ProgramData\pavereye
C:\ProgramData\mepepora
C:\ProgramData\zibuweti
C:\ProgramData\pogogiso
C:\ProgramData\jehuluka

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run]
"dovehugalo"=-
"00fc8c9e"=-
"CPM03cfbf02"=-
0

Discussions similaires

FOTOSE (allemagne)
lix -
Yves -

13 réponses
Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
Pc très lent du jour au lendemain
Zelaz93330 -
Malekal_morte- -

33 réponses