Sujet Précédent Sujet Suivant

Virus ou trojan détecté

Résolu/Fermé
Alté - 18 mai 2009 à 03:57
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 27 mai 2009 à 18:55
Bonjour,

Après un clik sur un lien, je me retrouve avec des fenetres pop up incessantes qui apparaissent environ toutes les 15min...mais le pire de tout ca : lorsque je tape une recherche sur google, IE ou firefox me renvoit vers une page qui me donne juste le nom de ma recherche telle que j'ai tapée et une téléchargement...c'est évidemment un virus. que faire ? j'ai déja tenté pas mal de nettoyage avec beaucoup d'antivirus et anti spy mais rien n'y fait.

De l'aide svp ?

merci d'avance

alté

ps: j'ai déja le log de hijackthis au cas ou :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:55:03, on 18/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\pp07.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\SYS32DLL.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S32E3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S5B4A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysldtray] C:\Windows\ld08.exe
O4 - HKLM\..\Run: [pp] C:\Windows\pp07.exe
O4 - HKLM\..\Run: [sysfbtray] C:\Windows\freddy43.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20090504
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe (file missing)
A voir également:

19 réponses

Réponse 1 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
26 mai 2009 à 21:10
Très bien, ton ordinateur n'est plus infecté :)

Avant de te laisser partir, voici quelques conseils pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).



1) Sécurise ton ordinateur

• Anti-virus :
Je ne connais pas bien Norman, mais je ne crois pas qu'il est très efficace... Si un jour tu décides de changer, je te conseille Antivir : version gratuite ou version payante.

• Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur Firefox. Une fois que c'est fait, lance le et installe les deux extensions de sécurité suivantes :
AdBlockPlus pour bloquer les publicités ;
WOT, pour t'avertir des sites web dangereux.

• Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version.

• Tu dois aussi mettre à jour tous tes autres programmes pour combler des failles de sécurité... Vérifie les mises disponibles à l'aide de ce petit programme (choisis la version sans installation) : Update Checker



2) Relance Hijackthis (pour la dernière fois), choisis "scan system only" et coche les lignes suivantes qui sont inutiles :

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Si tu as bien mis à jour Adobe Reader comme je te l'ai recommandé, cette ligne devrait apparaitre, tu peux la cocher : O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Coche également toutes les lignes commençant par 016

Ensuite, clique sur "Fix checked"



3) Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé.
Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
S'il ne supprime pas tout, supprime manuellement ce qui reste.



4) Télécharge et installe Ccleaner, puis lance le.
Clique sur Option → avancé → décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis Nettoyeur → Analyse → Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Enfin, Registre → corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

(Tu peux garder ce logiciel et l'utiliser régulièrement).



5) Pour finir le nettoyage, il faut purger la restauration du système (pour supprimer les points de restauration infectés). Pour ça, suis ce tutoriel stp.



6) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile) : Prévention et sécurité sur internet




Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)
1
Réponse 2 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
18 mai 2009 à 04:03
Bonjour,


Effectivement ton ordinateur est infecté, et il va falloir utiliser plusieurs programmes pour le désinfecter : merci de revenir jusqu'au bout (je te le confirmerai quand ce sera terminé).


• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes

• Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp

0
Réponse 3 / 19
Alté
18 mai 2009 à 04:08
Merci anthony
je fais tout ca demain a la premiere heure car il est déja très tard...

pourrait tu justes m'informer sur la gravité de la situation ? est-ce un virus important ?
je te remercie de ta rapidité en tout cas !
0
Réponse 4 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
18 mai 2009 à 04:17
Moi aussi je vais dormir ;) Je répondrais dès que possible dans la journée.

Et ne t'inquiète pas, ce n'est pas ce qu'il y a de pire comme infection, on arrivera à t'en débarrasser.

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Alté
18 mai 2009 à 12:31
bONJOUR ANTHONY

comme convenu j'ai fais ce que tu me demandais pour résoudre mon problème
voila le rapport :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2147
Windows 6.0.6001 Service Pack 1

18/05/2009 12:22:55
mbam-log-2009-05-18 (12-22-55).txt

Type de recherche: Examen rapide
Eléments examinés: 67225
Temps écoulé: 1 minute(s), 52 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
C:\Windows\pp07.exe (Worm.KoobFace) -> Unloaded process successfully.
C:\Windows\System32\SYS32DLL.exe (Worm.KoobFace) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SYS32DLL (Worm.KoobFace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\pp07.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\System32\SYS32DLL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\st_1242615874.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\freddy43.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Windows\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
0
Réponse 6 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
19 mai 2009 à 05:40
Ok, on continue.


Tu as installé un logiciel néfaste téléchargé sur le site EoRezo... Ne télécharge plus rien sur ce site ! Plus d'infos ici : https://forum.malekal.com/viewtopic.php?f=33&t=18245&p=145923#p145923


● Désactive le contrôle des comptes utilisateurs : Menu démarrer --> panneau de configuration --> comptes utilisateurs --> activer ou désactiver le controle des comptes utilisateur --> décoche la case "utiliser le contrôle....." Puis redémarre ton ordinateur.

● Désactive également ton antivirus, car il risque de faire de fausses alertes sur le programme suivant. Le TeaTimer de Spybot aussi (Lance Spybot --> clique sur Mode => coche Mode avancé => Outils => Résident => décoche la case Résident Tea Timer)


● Ensuite, télécharge Ad-Remover (de C_XX) sur ton Bureau.

/!\ Déconnecte toi et ferme toutes les applications en cours /!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Fais un clic-droit sur le raccourci créé et clique sur "Exécuter en temps qu'administrateur"
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

Aide en images : Installation
Aide en images : Recherche.

0
Alté
19 mai 2009 à 19:35
slt Anthony, alors voila j'ai effectuer le rapport d'Ad-remover sans faire le clean, j'ai ensuite réactivé les droit d'administrateur.Voici le log :


------- LOGFILE OF AD-REMOVER 1.1.4.1 | ONLY XP/VISTA -------

Updated by C_XX on 19/05/2009 at 18:40
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at: 19:17:55, 19/05/2009 | Boot mode: Normal Boot
Option: Scan | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Computer Name: SKILLA
Current User: Aurel - Administrator


============ Known Adwares Found ============

.
.

+-----------------| Eorezo Elements Found:

HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKU\S-1-5-21-2906897876-258636576-2234130964-1000\Software\Eorezo
.
C:\Users\Aurel\AppData\Roaming\EoRezo

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: 44g8omsl.default (Aurel)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.

---- Internet Explorer Version 8.0.6001.18702 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.google.com/

[HKEY_USERS\S-1-5-21-2906897876-258636576-2234130964-1000\..\Internet Explorer\Main]

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.google.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://www.lo.st/?tabs

=========== Suspicious ==========


+---------------------------------------------------------------------------+

2597 Byte(s) - C:\Ad-Report-Scan-19.05.2009.log

1 File(s) - C:\Program Files\Ad-remover\BACKUP
0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 19:22:12 | 19/05/2009
.
+-----------------| E.O.F
.
0
Réponse 7 / 19
ByeByeMissy Messages postés 11 Date d'inscription lundi 18 mai 2009 Statut Membre Dernière intervention 21 mai 2009 1
19 mai 2009 à 06:07
Bonjour,
J'ai un problème semblable à Alté et j'ai aussi utilisé Malwarebytes' Anti-Malware... Je ne sais pas si les fichiers infectés sont supprimés à jamais, et si le problème est vraiment reglé. Pour voir ma démarche, voir mon post intitulé : Virus MSN est-il supprimé sinon comment faire... Je re copie mes résultats après le scan complet de Malwarebytes, et si tu as du temps pour m'aider ce serait apprécié. Sinon merci quand même :)


Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2149
Windows 5.1.2600 Service Pack 3

2009-05-18 22:00:50
mbam-log-2009-05-18 (22-00-50).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 145077
Temps écoulé: 1 hour(s), 52 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tracker.trackerobj (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Sotfone (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 8 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
20 mai 2009 à 17:31
Bonjour,


@ ByeByeMissy :

Tu as déjà ouvert un sujet, merci de ne pas poster partout dans le sujet des autres utilisateurs du forum



@ Alté :


! Déconnecte toi et ferme toutes les applications en cours !

Relance "Ad-remover" en faisant un clic-droit sur le raccourci et en cliquant sur "Exécuter en temps qu'administrateur", et choisis l'option "B" au menu principal

Coche à l'écran de sélection :
2- Suppression Eorezo

Puis choisis "S" , le programme va travailler.
Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

Aide en images : Nettoyage

0
Réponse 9 / 19
Alté
21 mai 2009 à 01:14
voilou le rapport :





------- LOGFILE OF AD-REMOVER 1.1.4.1 | ONLY XP/VISTA -------

Updated by C_XX on 19/05/2009 at 18:40
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

**** LIMITED TO ****

Eorezo

********************

Start at: 1:06:12, 21/05/2009 | Boot mode: Normal Boot
Option: Clean | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Computer Name: SKILLA
Current User: Aurel - Administrator


(!) -- IE start pages/Tabs reset

+-----------------| Eorezo Elements Deleted :

HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\Aurel\AppData\Roaming\EoRezo

(!) -- Temp files deleted.
(!) -- Recycle bin emptied in all drives.



+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: 44g8omsl.default (Aurel)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.

---- Internet Explorer Version 8.0.6001.18702 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-2906897876-258636576-2234130964-1000\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

=========== Suspicious ==========


+---------------------------------------------------------------------------+

2924 Byte(s) - C:\Ad-Report-Clean-21.05.2009.log
2814 Byte(s) - C:\Ad-Report-Scan-19.05.2009.log

21 File(s) - C:\Program Files\Ad-remover\BACKUP
0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 1:07:54 | 21/05/2009
.
+-----------------| E.O.F
.
0
Réponse 10 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
21 mai 2009 à 04:08
Bien, on va voir où on en est. Pour ça, on va utiliser un logiciel de diagnostic plus complet que hijackthis :

• Télécharge Random's System Information Tool (RSIT) de random/random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur ' continue ' à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés

Tutoriel illustré pour t'aider : https://www.androidworld.fr/

0
Réponse 11 / 19
alté
22 mai 2009 à 11:01
salut Anthony j'ai les 2 rapports. Seulement à chaque démarrage il y a 3 fenetres MS dos C/: qui s'ouvrent une s'appelle "Freddy" virus nan ?

voila le premier rapport :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Aurel at 2009-05-22 10:59:26
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 15 GB (16%) free of 96 GB
Total RAM: 3070 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:40, on 22/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Aurel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Aurel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S32E3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S5B4A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysldtray] C:\Windows\ld08.exe
O4 - HKLM\..\Run: [pp] C:\Windows\pp07.exe
O4 - HKLM\..\Run: [sysfbtray] C:\Windows\freddy43.exe
O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20090504
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKCU\..\Run: [kewkc] "c:\users\aurel\appdata\local\kewkc.exe" kewkc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe (file missing)
0
Réponse 12 / 19
alté
22 mai 2009 à 11:03
LE DEUXIEME, cependant était-il normal qu'il soit dans le meme fichier que le premier log ?

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{0B95B891-2A7B-4F46-9D97-B92956F3159D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 61792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-12-02 73040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"Norman ZANDA"=C:\Program Files\Norman\Npm\Bin\ZLH.EXE [2008-06-02 277616]
"NPCTray"=C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD []
"Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2008-12-08 453984]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"EPSON Stylus DX3800 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE [2005-02-08 98304]
"EPSON Stylus DX3800 Series (Copie 1)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE [2005-02-08 98304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"sysldtray"=C:\Windows\ld08.exe [2009-05-16 15360]
"pp"=C:\Windows\pp07.exe [2009-05-16 11776]
"sysfbtray"=C:\Windows\freddy43.exe [2009-05-16 33792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"recinfo"=c:\recinfo\recinfo.exe [2008-02-13 52224]
"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe [2007-11-08 533264]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Registry Helper"=C:\Program Files\Registry Helper\RegistryHelper.Exe /boot []
"Disk Cleaner"=C:\Program Files\Disk Cleaner\DiskCleaner.Exe /boot []
"SYS32DLL"=SYS32DLL []
"kewkc"=c:\users\aurel\appdata\local\kewkc.exe kewkc []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"UacDisableNotify"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f7598f-0989-11de-a5c1-806e6f6e6963}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{577f54e7-9f57-11dd-a53e-00030d9cf40b}]
shell\AutoRun\command - G:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2e6841-adaf-11dd-a7a3-00030d9cf40b}]
shell\AutoRun\command - H:\nudeiect.com
shell\explore\command - H:\nudeiect.com
shell\open\command - H:\nudeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc1e7cf-926a-11dd-80b5-00030d9cf40b}]
shell\AutoRun\command - F:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffa8642b-ed21-11dd-b00e-806e6f6e6963}]
shell\AutoRun\command - H:\nudeiect.com
shell\explore\command - H:\nudeiect.com
shell\open\command - H:\nudeiect.com


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-05-22 10:51:54 ----D---- C:\rsit
2009-05-19 19:16:59 ----D---- C:\Program Files\Ad-remover
2009-05-18 12:19:38 ----D---- C:\Users\Aurel\AppData\Roaming\Malwarebytes
2009-05-18 12:19:33 ----D---- C:\ProgramData\Malwarebytes
2009-05-18 12:19:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-18 00:10:31 ----A---- C:\FindyKill.txt
2009-05-18 00:03:41 ----D---- C:\Program Files\CCleaner
2009-05-17 23:56:51 ----A---- C:\Windows\st_1242615874.exe
2009-05-17 23:40:11 ----D---- C:\Program Files\Trend Micro
2009-05-17 22:21:15 ----D---- C:\Program Files\Common Files\PC Tools
2009-05-17 22:17:52 ----AD---- C:\ProgramData\TEMP
2009-05-17 22:17:39 ----D---- C:\Program Files\Spyware Doctor
2009-05-17 19:44:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-17 19:44:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-17 01:41:11 ----D---- C:\Program Files\BitDefender
2009-05-17 01:39:55 ----D---- C:\Program Files\Common Files\BitDefender
2009-05-17 01:16:21 ----D---- C:\Windows\BDOSCAN8
2009-05-16 20:06:55 ----AH---- C:\Windows\pp07.exe
2009-05-16 20:06:55 ----A---- C:\Windows\system32\SYS32DLL.exe
2009-05-16 20:06:53 ----AH---- C:\Windows\freddy43.exe
2009-05-16 20:06:48 ----AH---- C:\Windows\ld08.exe
2009-05-16 13:27:33 ----D---- C:\Program Files\Adobe
2009-05-13 07:36:13 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-05-13 07:33:35 ----D---- C:\Program Files\World of Warcraft
2009-05-10 19:23:50 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-10 19:23:50 ----A---- C:\Windows\system32\icardie.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\msls31.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\mshtmler.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\jsproxy.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\imgutil.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\ieui.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\iernonce.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\ieakeng.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\corpol.dll
2009-05-10 19:23:49 ----A---- C:\Windows\system32\admparse.dll
2009-05-10 19:23:48 ----A---- C:\Windows\system32\occache.dll
2009-05-10 19:23:48 ----A---- C:\Windows\system32\msrating.dll
2009-05-10 19:23:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-05-10 19:23:48 ----A---- C:\Windows\system32\licmgr10.dll
2009-05-10 19:23:48 ----A---- C:\Windows\system32\inseng.dll
2009-05-10 19:23:48 ----A---- C:\Windows\system32\iepeers.dll
2009-05-10 19:23:48 ----A---- C:\Windows\system32\ieaksie.dll
2009-05-10 19:23:48 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-10 19:23:47 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-05-10 19:23:47 ----A---- C:\Windows\system32\wextract.exe
2009-05-10 19:23:47 ----A---- C:\Windows\system32\webcheck.dll
2009-05-10 19:23:47 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-10 19:23:47 ----A---- C:\Windows\system32\mstime.dll
2009-05-10 19:23:47 ----A---- C:\Windows\system32\msfeedssync.exe
2009-05-10 19:23:47 ----A---- C:\Windows\system32\msfeeds.dll
2009-05-10 19:23:47 ----A---- C:\Windows\system32\iesetup.dll
2009-05-10 19:23:47 ----A---- C:\Windows\system32\ieakui.dll
2009-05-10 19:23:47 ----A---- C:\Windows\system32\advpack.dll
2009-05-10 19:23:46 ----A---- C:\Windows\system32\vbscript.dll
2009-05-10 19:23:46 ----A---- C:\Windows\system32\url.dll
2009-05-10 19:23:46 ----A---- C:\Windows\system32\jscript.dll
2009-05-10 19:23:46 ----A---- C:\Windows\system32\iedkcs32.dll
2009-05-10 19:23:46 ----A---- C:\Windows\system32\ieapfltr.dll
2009-05-10 19:23:45 ----A---- C:\Windows\system32\mshta.exe
2009-05-10 19:23:45 ----A---- C:\Windows\system32\iexpress.exe
2009-05-10 19:23:44 ----A---- C:\Windows\system32\wininet.dll
2009-05-10 19:23:44 ----A---- C:\Windows\system32\urlmon.dll
2009-05-10 19:23:44 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-05-10 19:23:44 ----A---- C:\Windows\system32\SetDepNx.exe
2009-05-10 19:23:44 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-05-10 19:23:44 ----A---- C:\Windows\system32\PDMSetup.exe
2009-05-10 19:23:44 ----A---- C:\Windows\system32\ieUnatt.exe
2009-05-10 19:23:44 ----A---- C:\Windows\system32\iesysprep.dll
2009-05-10 19:23:44 ----A---- C:\Windows\system32\iertutil.dll
2009-05-10 19:23:44 ----A---- C:\Windows\system32\ie4uinit.exe
2009-05-10 19:23:43 ----A---- C:\Windows\system32\ieframe.dll
2009-05-10 19:23:42 ----A---- C:\Windows\system32\mshtml.dll
2009-05-01 15:07:35 ----D---- C:\Users\Aurel\AppData\Roaming\teamspeak2
2009-05-01 15:07:28 ----D---- C:\Program Files\Teamspeak2_RC2
2009-04-28 13:10:57 ----D---- C:\Users\Aurel\AppData\Roaming\Apple Computer
2009-04-28 13:10:24 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-28 13:10:15 ----D---- C:\Program Files\iPod
2009-04-28 13:10:13 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-28 13:10:13 ----D---- C:\Program Files\iTunes
2009-04-28 13:02:00 ----D---- C:\ProgramData\Apple Computer
2009-04-28 13:02:00 ----D---- C:\Program Files\QuickTime
2009-04-28 13:01:40 ----D---- C:\Program Files\Apple Software Update
2009-04-28 13:00:45 ----D---- C:\Program Files\Common Files\Apple
2009-04-28 13:00:43 ----D---- C:\ProgramData\Apple
2009-04-26 19:28:54 ----D---- C:\Program Files\Mumble

======List of files/folders modified in the last 1 months======

2009-05-22 10:59:35 ----D---- C:\Windows\Temp
2009-05-22 10:51:08 ----D---- C:\Windows\Tasks
2009-05-22 10:50:20 ----D---- C:\Windows\system32\catroot2
2009-05-22 10:48:45 ----D---- C:\Program Files\Norman
2009-05-22 01:52:32 ----D---- C:\Windows\system32\config
2009-05-22 01:52:22 ----SHD---- C:\Windows\Installer
2009-05-22 01:52:22 ----SD---- C:\Windows\Downloaded Program Files
2009-05-22 01:52:22 ----D---- C:\Windows\system32\Tasks
2009-05-22 01:52:22 ----D---- C:\Windows\system32\spool
2009-05-22 01:52:22 ----D---- C:\Windows\system32\Msdtc
2009-05-22 01:52:22 ----D---- C:\Windows\System32
2009-05-22 01:52:22 ----D---- C:\Windows\Minidump
2009-05-22 01:52:22 ----D---- C:\Windows\inf
2009-05-22 01:52:22 ----D---- C:\Windows
2009-05-22 01:52:19 ----D---- C:\Windows\system32\wbem
2009-05-22 01:52:19 ----D---- C:\Windows\registration
2009-05-22 01:50:37 ----SHD---- C:\System Volume Information
2009-05-21 19:10:21 ----D---- C:\Program Files\Steam
2009-05-21 16:48:36 ----D---- C:\Program Files\Common Files\Steam
2009-05-21 15:55:54 ----D---- C:\ProgramData\Google Updater
2009-05-19 19:16:59 ----RD---- C:\Program Files
2009-05-18 12:25:53 ----D---- C:\Windows\system32\drivers
2009-05-18 12:19:33 ----HD---- C:\ProgramData
2009-05-18 12:05:49 ----D---- C:\Windows\system32\WDI
2009-05-18 00:30:32 ----D---- C:\Program Files\Common Files
2009-05-18 00:25:37 ----D---- C:\Windows\Debug
2009-05-18 00:22:03 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 22:21:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-17 21:13:04 ----D---- C:\Program Files\Disk Cleaner
2009-05-17 02:08:46 ----D---- C:\Users\Aurel\AppData\Roaming\OpenOffice.org2
2009-05-17 01:42:48 ----D---- C:\Windows\winsxs
2009-05-17 01:42:19 ----D---- C:\Windows\system32\catroot
2009-05-17 01:19:52 ----D---- C:\Windows\Prefetch
2009-05-16 13:27:43 ----D---- C:\Program Files\Common Files\Adobe
2009-05-16 13:27:39 ----D---- C:\ProgramData\Adobe
2009-05-13 11:11:20 ----D---- C:\Program Files\Windows Mail
2009-05-10 19:44:32 ----D---- C:\Windows\rescache
2009-05-10 19:26:12 ----D---- C:\Program Files\Internet Explorer
2009-05-10 19:26:11 ----D---- C:\Windows\system32\migration
2009-05-10 19:26:11 ----D---- C:\Windows\system32\fr-FR
2009-05-10 19:26:11 ----D---- C:\Windows\system32\en-US
2009-05-10 19:26:11 ----D---- C:\Windows\PolicyDefinitions
2009-05-08 16:34:25 ----RD---- C:\Users
2009-05-07 09:16:29 ----A---- C:\Windows\system32\mrt.exe
2009-04-28 13:10:24 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-28 12:38:09 ----D---- C:\Program Files\Winamp
2009-04-27 19:59:59 ----D---- C:\ProgramData\Google
2009-04-27 19:59:59 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-12 3155456]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 a2d6ktn4;a2d6ktn4; C:\Windows\system32\drivers\a2d6ktn4.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
S3 RescueDrv;Inventel Access Point USB Rescue Driver; C:\Windows\System32\Drivers\resc_dwb.sys [2006-07-28 74828]
S3 USB_RNDIS;Inventel Gateway; C:\Windows\system32\DRIVERS\usb8023.sys [2008-01-21 15872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-12 610304]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\Bin\Elogsvc.exe [2007-11-21 150584]
R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2008-04-24 429176]
R2 NVOY;Norman's Very Own supplY of resources; C:\Program Files\Norman\npm\bin\nvoy.exe [2008-02-07 121912]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [2008-05-13 203896]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE [2007-09-18 154680]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-15 183280]
S2 websrvx;websrvx; C:\Program Files\websrvx\websrvx.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-05-21 322032]

-----------------EOF-----------------
0
Réponse 13 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
22 mai 2009 à 15:14
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.


/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Fais un clic-droit dessus et choisis "Exécuter en temps qu'administrateur"
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

0
Réponse 14 / 19
Alté
23 mai 2009 à 21:19
ComboFix 09-05-23.01 - Aurel 23/05/2009 21:06.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2150 [GMT 2:00]
Lancé depuis: c:\users\Aurel\Desktop\ComboFix.exe
AV: Antivirus BitDefender *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Aurel\AppData\Local\kewkc.dat
c:\users\Aurel\AppData\Local\kewkc_navps.dat
c:\windows\f23567.dat
c:\windows\freddy43.exe
c:\windows\ld08.exe
c:\windows\pp07.exe
c:\windows\st_1242615874.exe
c:\windows\system32\SYS32DLL.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-23 au 2009-05-23 ))))))))))))))))))))))))))))))))))))
.

2009-05-23 19:11 . 2009-05-23 19:11 -------- d-----w c:\users\Aurel\AppData\Local\temp
2009-05-22 08:51 . 2009-05-22 08:52 -------- d-----w C:\rsit
2009-05-19 17:16 . 2009-05-20 23:05 -------- d-----w c:\program files\Ad-remover
2009-05-18 10:19 . 2009-05-18 10:19 -------- d-----w c:\users\Aurel\AppData\Roaming\Malwarebytes
2009-05-18 10:19 . 2009-05-18 10:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 10:19 . 2009-05-18 10:19 -------- d-----w c:\programdata\Malwarebytes
2009-05-17 22:03 . 2009-05-17 22:03 -------- d-----w c:\program files\CCleaner
2009-05-17 21:40 . 2009-05-17 21:40 -------- d-----w c:\program files\Trend Micro
2009-05-17 20:21 . 2009-05-21 23:51 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-17 20:17 . 2009-05-21 23:52 -------- d-----w c:\program files\Spyware Doctor
2009-05-17 17:44 . 2009-05-21 23:52 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-17 17:44 . 2009-05-17 21:50 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-17 00:16 . 2009-05-17 18:14 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-16 23:41 . 2009-05-17 18:16 -------- d-----w c:\program files\BitDefender
2009-05-16 23:39 . 2009-05-17 18:17 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-16 23:16 . 2009-05-16 23:16 -------- d-----w c:\windows\BDOSCAN8
2009-05-16 18:06 . 2009-05-16 18:06 2 ---h--w c:\windows\sto453601.dat
2009-05-16 18:06 . 2009-05-16 18:06 2 ---h--w c:\windows\sto453165.dat
2009-05-15 00:01 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{83706AED-7792-420A-94F0-F3BE42A78695}\mpengine.dll
2009-05-13 05:36 . 2009-05-13 05:36 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-05-13 05:33 . 2009-05-13 17:02 -------- d-----w c:\program files\World of Warcraft
2009-05-10 23:25 . 2009-05-10 23:25 -------- d-----w c:\users\Aurel\WoW-BurningCrusade-frFR-Full-Installer
2009-05-10 23:25 . 2009-05-10 23:25 -------- d-----w c:\users\Aurel\WoW-2.0.0-frFR-Installer
2009-05-01 13:07 . 2009-05-13 16:04 -------- d-----w c:\users\Aurel\AppData\Roaming\teamspeak2
2009-05-01 13:07 . 2009-05-01 13:07 -------- d-----w c:\program files\Teamspeak2_RC2
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\users\Aurel\AppData\Roaming\Apple Computer
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\users\Aurel\AppData\Local\Apple Computer
2009-04-28 11:10 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-28 11:10 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\program files\iPod
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\program files\iTunes
2009-04-28 11:02 . 2009-04-28 11:10 -------- d-----w c:\programdata\Apple Computer
2009-04-28 11:02 . 2009-04-28 11:02 -------- d-----w c:\program files\QuickTime
2009-04-28 11:01 . 2009-04-28 11:01 -------- d-----w c:\users\Aurel\AppData\Local\Apple
2009-04-28 11:01 . 2009-04-28 11:01 -------- d-----w c:\program files\Apple Software Update
2009-04-28 11:00 . 2009-04-28 11:10 -------- d-----w c:\program files\Common Files\Apple
2009-04-28 11:00 . 2009-04-28 11:00 -------- d-----w c:\programdata\Apple
2009-04-26 17:28 . 2009-04-26 17:28 -------- d-----w c:\program files\Mumble

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 18:43 . 2008-10-04 15:20 -------- d-----w c:\program files\Norman
2009-05-22 20:51 . 2008-10-04 17:54 -------- d-----w c:\program files\Steam
2009-05-22 20:48 . 2008-10-04 17:54 -------- d-----w c:\program files\Common Files\Steam
2009-05-22 19:05 . 2009-04-15 13:00 -------- d-----w c:\programdata\Google Updater
2009-05-17 20:21 . 2008-01-21 08:40 669890 ----a-w c:\windows\system32\perfh00C.dat
2009-05-17 20:21 . 2008-01-21 08:40 123896 ----a-w c:\windows\system32\perfc00C.dat
2009-05-17 19:13 . 2009-04-15 13:36 -------- d-----w c:\program files\Disk Cleaner
2009-05-17 17:40 . 2008-10-11 11:29 88 ----a-w c:\users\Aurel\AppData\Local\hpqjss.bat
2009-05-17 00:08 . 2008-10-11 11:18 -------- d-----w c:\users\Aurel\AppData\Roaming\OpenOffice.org2
2009-05-17 00:04 . 2008-10-11 11:19 1 ----a-w c:\users\Aurel\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-16 11:27 . 2008-06-24 02:00 -------- d-----w c:\program files\Common Files\Adobe
2009-05-13 09:11 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-28 10:38 . 2008-10-26 17:37 -------- d-----w c:\program files\Winamp
2009-04-27 17:59 . 2008-10-04 15:18 -------- d-----w c:\program files\Google
2009-04-15 13:36 . 2009-04-15 13:36 -------- d-----w c:\programdata\Disk Cleaner
2009-04-09 17:03 . 2009-04-09 17:02 -------- d-----w c:\program files\EPSON
2009-04-06 09:40 . 2008-12-26 00:31 -------- d-----w c:\program files\Image-Line
2009-04-06 09:39 . 2009-03-02 12:38 -------- d-----w c:\program files\BitTorrent
2009-04-04 10:45 . 2008-10-11 10:41 -------- d-----w c:\program files\Java
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-15 13:42 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 13:42 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-13 15:08 . 2009-03-13 15:08 684872 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-09 03:19 . 2008-11-26 15:12 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-10 17:23 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-10 17:23 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-10 17:23 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-10 17:23 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-10 17:23 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-10 17:23 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-10 17:23 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-10 17:23 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-10 17:23 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-10 17:23 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-10 17:23 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-10 17:23 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-10 17:23 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-10 17:23 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-10 17:23 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-10 17:23 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-10 17:23 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-10 17:23 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-15 13:42 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 13:42 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 13:42 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 13:42 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 13:42 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 13:42 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 13:42 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 13:42 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 13:42 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 13:42 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-05 16:08 . 2009-05-16 23:59 49664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo"="c:\recinfo\recinfo.exe" [2008-02-13 52224]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{402C66AB-75E2-434E-93A5-9D3E566896C0}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{9CED427E-AC35-4525-81B9-D296FB698991}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{6C766915-DE83-4A74-8E40-94B876A64731}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{A145DBDE-E42F-436A-AFCB-B67FA0894778}c:\\users\\aurel\\program files\\dna\\btdna.exe"= UDP:c:\users\aurel\program files\dna\btdna.exe:btdna.exe
"UDP Query User{DD366BC5-8764-4789-B6C5-6EBC6C3E84AC}c:\\users\\aurel\\program files\\dna\\btdna.exe"= TCP:c:\users\aurel\program files\dna\btdna.exe:btdna.exe
"TCP Query User{651D20E9-4855-494D-B3D2-26576AF63435}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\counter-strike source\hl2.exe:hl2
"UDP Query User{67989C9B-C9DB-4A5F-9FC2-1D5767926201}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\counter-strike source\hl2.exe:hl2
"TCP Query User{E702F6E2-DEF0-4A70-A927-E0D0451F8138}c:\\users\\aurel\\program files\\dna\\btdna.exe"= UDP:c:\users\aurel\program files\dna\btdna.exe:btdna.exe
"UDP Query User{418DB7BA-9D36-441B-96D3-F756AB0913B3}c:\\users\\aurel\\program files\\dna\\btdna.exe"= TCP:c:\users\aurel\program files\dna\btdna.exe:btdna.exe
"TCP Query User{FBA9C4BA-524F-4A7C-A45D-1AFE36DED9C1}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\counter-strike source\hl2.exe:hl2
"UDP Query User{4B3017A0-A0C2-44B4-BFF1-83315B449A15}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\counter-strike source\hl2.exe:hl2
"TCP Query User{6E58E269-EE17-4CA3-8FAD-3E5E006359F9}c:\\users\\aurel\\desktop\\installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe"= UDP:c:\users\aurel\desktop\installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe:installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe
"UDP Query User{7EB16D15-8CC5-43AA-A391-1F4AFA8E585E}c:\\users\\aurel\\desktop\\installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe"= TCP:c:\users\aurel\desktop\installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe:installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe
"{F025745F-EF0A-4C88-9294-F756E7BDF2FA}"= UDP:c:\users\Aurel\Desktop\ryzom_setup_637.exe:ryzom_setup_637
"{B3E5327A-7211-4744-803C-5CE164076E36}"= TCP:c:\users\Aurel\Desktop\ryzom_setup_637.exe:ryzom_setup_637
"{32F95859-D470-434D-B20F-45AB33076565}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{DE76DE22-79DE-4421-9C5B-3DB9B004737C}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{56EA9734-B3B8-427D-BAB4-50BE372EFD10}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{652EC79C-5ADE-401E-A188-80F4D865CA26}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule
"{63DD92E2-E956-4723-A6EB-751724C0010D}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{47BF5687-7DA2-4E75-AEAC-65F1C3B04F92}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0FDAB811-DD1C-43CD-8EDF-5DB3ED4E5016}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{EE0BB61A-EB4B-4743-BA51-174499F4FD1A}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DEE70723-E45F-4C9E-B45C-02B75CC55EF3}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{B997FE00-30C3-4EC7-8F3C-4478518161B3}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{2AA49430-2327-4454-88D3-3EB1AFB68F5A}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4F423FC3-AD5F-4393-970D-2B986CC76949}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4B5AEE6A-72E3-4715-88A9-EBF0E46CB9D7}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{94A809C0-3340-4CA1-B39B-42B57A371B4A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{C72FE8F5-822E-44CF-8482-CCB68A39E463}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{D8F4A150-3E63-4D01-89EF-43772D607CA2}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{0103E31B-5358-4CB5-934B-78EDDD8BAB33}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{2EE93E8C-18C6-45D3-A914-86295F0D1AF6}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{272C8B21-C146-49BA-B2FD-8BBED9F5516A}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\age of chivalry\hl2.exe:hl2
"UDP Query User{5277FA2B-0BDD-459C-980E-07961F9665C8}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\age of chivalry\hl2.exe:hl2
"TCP Query User{7533ED7C-A206-4F04-A051-820E67ABE272}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\source sdk base\hl2.exe:hl2
"UDP Query User{DC72CF3A-AE7B-4021-920F-CEACC11A5C1A}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\source sdk base\hl2.exe:hl2
"TCP Query User{A6502C23-5A18-4C53-B566-737C62F6D7FD}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\zombie panic! source\hl2.exe:hl2
"UDP Query User{5E3DD2BC-87C3-4DCF-8CDA-55CB1F5BAE26}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\zombie panic! source\hl2.exe:hl2
"TCP Query User{AE46CBA2-50B4-4C22-9D8D-F94B15AD8723}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\insurgency\hl2.exe:hl2
"UDP Query User{B9AC7AFC-B28D-48AE-9E63-B9FD405FD26C}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\insurgency\hl2.exe:hl2
"{0C10CBA2-C9D0-424F-ADD4-46FD64B66A73}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{625CC581-0221-4D77-BF3D-FF21D6B8E94E}"= TCP:c:\program files\Steam\Steam.exe:Steam
"TCP Query User{88629E3C-E8E4-4657-8EDF-135872AB95F2}c:\\program files\\ubisoft\\gearbox software\\brothersinarmseib\\system\\eib.exe"= UDP:c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe:Brothers In Arms Earned In Blood
"UDP Query User{E35E1B1D-216D-4D06-8559-D73B88196359}c:\\program files\\ubisoft\\gearbox software\\brothersinarmseib\\system\\eib.exe"= TCP:c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe:Brothers In Arms Earned In Blood
"{E782996B-9C35-4452-9540-F4840EAB38E2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{07BBF629-56E6-48F1-8E9A-EDB9F75C0470}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex00.489\\freezer v1.4 fr\\freezer.exe"= UDP:c:\users\aurel\appdata\local\temp\rar$ex00.489\freezer v1.4 fr\freezer.exe:freezer.exe
"UDP Query User{D8CA61C5-E346-4E00-9072-B383CFA203F7}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex00.489\\freezer v1.4 fr\\freezer.exe"= TCP:c:\users\aurel\appdata\local\temp\rar$ex00.489\freezer v1.4 fr\freezer.exe:freezer.exe
"TCP Query User{C91CC548-6A60-4B65-8124-604428BCE463}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex24.162\\freezer v1.4 fr\\freezer.exe"= UDP:c:\users\aurel\appdata\local\temp\rar$ex24.162\freezer v1.4 fr\freezer.exe:freezer.exe
"UDP Query User{84C3490C-8A84-4A07-A288-67DE99C08674}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex24.162\\freezer v1.4 fr\\freezer.exe"= TCP:c:\users\aurel\appdata\local\temp\rar$ex24.162\freezer v1.4 fr\freezer.exe:freezer.exe
"TCP Query User{3458DF03-B6F4-4C38-9285-C688A519C9B0}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex00.087\\freezer v1.4 fr\\freezer.exe"= UDP:c:\users\aurel\appdata\local\temp\rar$ex00.087\freezer v1.4 fr\freezer.exe:freezer.exe
"UDP Query User{E7BE3D21-4ED6-46B3-876D-3FB4F4344338}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex00.087\\freezer v1.4 fr\\freezer.exe"= TCP:c:\users\aurel\appdata\local\temp\rar$ex00.087\freezer v1.4 fr\freezer.exe:freezer.exe
"TCP Query User{92239223-D863-4574-8737-36DC8E9E063F}c:\\users\\aurel\\desktop\\freezer.exe"= UDP:c:\users\aurel\desktop\freezer.exe:freezer.exe
"UDP Query User{486FB1A2-1695-40AD-AD5B-59DBDFA22DB9}c:\\users\\aurel\\desktop\\freezer.exe"= TCP:c:\users\aurel\desktop\freezer.exe:freezer.exe
"{01551691-66D3-4323-832C-B8F6487CE6CC}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{8B4E6D51-17A0-4B3E-A883-F776E2DECB88}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{6ECE563E-0CEF-48EE-89E8-EEA41519B616}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A9BE94F7-C0AF-4A48-9275-C695C10F789E}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{76B30015-3D5B-42B3-918D-B106B2B7825E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AFB85A9C-314C-4C1A-9285-89C3E32F58F4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D92A3B89-046F-4F25-B8A7-F63A720FA8FC}c:\\users\\aurel\\desktop\\wowq(2).exe"= UDP:c:\users\aurel\desktop\wowq(2).exe:wowq(2).exe
"UDP Query User{8BE3361B-CAFB-4DB6-B10B-15C68F681DAE}c:\\users\\aurel\\desktop\\wowq(2).exe"= TCP:c:\users\aurel\desktop\wowq(2).exe:wowq(2).exe
"TCP Query User{A3FD7E88-AB6B-4D7F-B607-E3CDD18BBA91}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{3A755155-BB7C-40C7-889C-5D51475E23FB}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{5FD13D13-25D8-442C-9A98-478FB30F328A}c:\\users\\aurel\\desktop\\wowbc.exe"= UDP:c:\users\aurel\desktop\wowbc.exe:wowbc.exe
"UDP Query User{EBD60558-6692-4E12-B4BA-409E1C26E77E}c:\\users\\aurel\\desktop\\wowbc.exe"= TCP:c:\users\aurel\desktop\wowbc.exe:wowbc.exe
"{5BDB9AE0-2179-456C-BC04-B8E9A623F094}"= UDP:3724:port 3724
"{73DE668B-D763-4B7F-8B4B-488F91C28D9D}"= UDP:6112:port 6112
"TCP Query User{E444299A-986A-4B21-9AB6-D207AF4EABD0}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{FD623031-047C-45CD-AB94-F24E41C00250}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [02/01/2009 17:39 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [08/12/2008 18:01 533344]
R2 NVOY;Norman's Very Own supplY of resources;c:\program files\Norman\Npm\Bin\nvoy.exe [04/10/2008 17:20 121912]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [17/05/2009 19:44 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [24/06/2008 03:54 46592]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Npm\Bin\nvcsched.exe [04/10/2008 17:20 154680]
S2 websrvx;websrvx;c:\program files\websrvx\websrvx.exe --> c:\program files\websrvx\websrvx.exe [?]
S3 RescueDrv;Inventel Access Point USB Rescue Driver;c:\windows\System32\drivers\resc_dwb.sys [05/01/2009 12:47 74828]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-05-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-15 13:00]

2009-05-23 c:\windows\Tasks\User_Feed_Synchronization-{0B95B891-2A7B-4F46-9D97-B92956F3159D}.job
- c:\windows\system32\msfeedssync.exe [2009-05-10 11:31]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Registry Helper - c:\program files\Registry Helper\RegistryHelper.Exe
HKCU-Run-Disk Cleaner - c:\program files\Disk Cleaner\DiskCleaner.Exe
HKCU-Run-kewkc - c:\users\aurel\appdata\local\kewkc.exe
HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-sysfbtray - c:\windows\freddy43.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Aurel\AppData\Roaming\Mozilla\Firefox\Profiles\44g8omsl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 21:11
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2906897876-258636576-2234130964-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,52,ac,9e,38,76,fb,45,3b,86,8e,a6,65,e5,11,f9,02,49,7d,bb,bf,b2,2a,
5f,c9,f5,00,df,57,03,43,bf,d4,65,c0,a5,b3,a9,98,c8,a9,32,cc,e3,02,2d,c8,2d,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-05-23 21:14
ComboFix-quarantined-files.txt 2009-05-23 19:14

Avant-CF: 15 927 595 008 octets libres
Après-CF: 15 667 384 320 octets libres

288 --- E O F --- 2009-05-14 10:46
0
Réponse 15 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
25 mai 2009 à 20:13
Re,


Désolé pour le délai de réponse.
Il va falloir faire un script pour finaliser la désinfection


/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour Alté, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier alte.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

0
Réponse 16 / 19
Alté
26 mai 2009 à 03:33
ComboFix 09-05-25.05 - Aurel 26/05/2009 3:23.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2044 [GMT 2:00]
Lancé depuis: c:\users\Aurel\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Aurel\Desktop\CFScript.txt
AV: Antivirus BitDefender *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::
c:\program files\websrvx\websrvx.exe
c:\users\Aurel\AppData\Local\hpqjss.bat
c:\windows\sto453165.dat
c:\windows\sto453601.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Aurel\AppData\Local\hpqjss.bat
c:\windows\sto453165.dat
c:\windows\sto453601.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_websrvx


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-26 au 2009-05-26 ))))))))))))))))))))))))))))))))))))
.

2009-05-26 01:25 . 2009-05-26 01:26 -------- d-----w c:\users\Aurel\AppData\Local\temp
2009-05-25 18:36 . 2009-05-25 18:36 -------- d-----w c:\program files\Microsoft
2009-05-25 18:35 . 2009-05-25 18:35 -------- d-----w c:\windows\PCHEALTH
2009-05-25 11:20 . 2009-05-25 11:20 -------- d-----w c:\program files\CCleaner
2009-05-22 08:51 . 2009-05-22 08:52 -------- d-----w C:\rsit
2009-05-19 17:16 . 2009-05-20 23:05 -------- d-----w c:\program files\Ad-remover
2009-05-18 10:19 . 2009-05-18 10:19 -------- d-----w c:\users\Aurel\AppData\Roaming\Malwarebytes
2009-05-18 10:19 . 2009-05-18 10:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 10:19 . 2009-05-18 10:19 -------- d-----w c:\programdata\Malwarebytes
2009-05-17 21:40 . 2009-05-17 21:40 -------- d-----w c:\program files\Trend Micro
2009-05-17 20:21 . 2009-05-21 23:51 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-17 20:17 . 2009-05-21 23:52 -------- d-----w c:\program files\Spyware Doctor
2009-05-17 17:44 . 2009-05-25 18:44 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-17 17:44 . 2009-05-17 21:50 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-17 00:16 . 2009-05-17 18:14 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-16 23:41 . 2009-05-17 18:16 -------- d-----w c:\program files\BitDefender
2009-05-16 23:39 . 2009-05-17 18:17 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-16 23:16 . 2009-05-16 23:16 -------- d-----w c:\windows\BDOSCAN8
2009-05-15 00:01 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{83706AED-7792-420A-94F0-F3BE42A78695}\mpengine.dll
2009-05-13 05:36 . 2009-05-13 05:36 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-05-13 05:33 . 2009-05-13 17:02 -------- d-----w c:\program files\World of Warcraft
2009-05-10 23:25 . 2009-05-10 23:25 -------- d-----w c:\users\Aurel\WoW-BurningCrusade-frFR-Full-Installer
2009-05-10 23:25 . 2009-05-10 23:25 -------- d-----w c:\users\Aurel\WoW-2.0.0-frFR-Installer
2009-05-01 13:07 . 2009-05-13 16:04 -------- d-----w c:\users\Aurel\AppData\Roaming\teamspeak2
2009-05-01 13:07 . 2009-05-01 13:07 -------- d-----w c:\program files\Teamspeak2_RC2
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\users\Aurel\AppData\Roaming\Apple Computer
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\users\Aurel\AppData\Local\Apple Computer
2009-04-28 11:10 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-28 11:10 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\program files\iPod
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-28 11:10 . 2009-04-28 11:10 -------- d-----w c:\program files\iTunes
2009-04-28 11:02 . 2009-04-28 11:10 -------- d-----w c:\programdata\Apple Computer
2009-04-28 11:02 . 2009-04-28 11:02 -------- d-----w c:\program files\QuickTime
2009-04-28 11:01 . 2009-04-28 11:01 -------- d-----w c:\users\Aurel\AppData\Local\Apple
2009-04-28 11:01 . 2009-04-28 11:01 -------- d-----w c:\program files\Apple Software Update
2009-04-28 11:00 . 2009-04-28 11:10 -------- d-----w c:\program files\Common Files\Apple
2009-04-28 11:00 . 2009-04-28 11:00 -------- d-----w c:\programdata\Apple
2009-04-26 17:28 . 2009-04-26 17:28 -------- d-----w c:\program files\Mumble

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 01:26 . 2008-10-04 15:20 -------- d-----w c:\program files\Norman
2009-05-25 23:48 . 2008-10-04 17:54 -------- d-----w c:\program files\Steam
2009-05-25 22:08 . 2009-04-15 13:00 -------- d-----w c:\programdata\Google Updater
2009-05-25 18:36 . 2008-10-04 17:14 -------- d-----w c:\program files\Windows Live
2009-05-25 18:22 . 2008-10-04 17:13 -------- d-----w c:\programdata\WLInstaller
2009-05-24 12:02 . 2008-01-21 08:40 669890 ----a-w c:\windows\system32\perfh00C.dat
2009-05-24 12:02 . 2008-01-21 08:40 123896 ----a-w c:\windows\system32\perfc00C.dat
2009-05-22 20:48 . 2008-10-04 17:54 -------- d-----w c:\program files\Common Files\Steam
2009-05-17 19:13 . 2009-04-15 13:36 -------- d-----w c:\program files\Disk Cleaner
2009-05-17 00:08 . 2008-10-11 11:18 -------- d-----w c:\users\Aurel\AppData\Roaming\OpenOffice.org2
2009-05-17 00:04 . 2008-10-11 11:19 1 ----a-w c:\users\Aurel\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-16 11:27 . 2008-06-24 02:00 -------- d-----w c:\program files\Common Files\Adobe
2009-05-13 09:11 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-28 10:38 . 2008-10-26 17:37 -------- d-----w c:\program files\Winamp
2009-04-27 17:59 . 2008-10-04 15:18 -------- d-----w c:\program files\Google
2009-04-15 13:36 . 2009-04-15 13:36 -------- d-----w c:\programdata\Disk Cleaner
2009-04-09 17:03 . 2009-04-09 17:02 -------- d-----w c:\program files\EPSON
2009-04-06 09:40 . 2008-12-26 00:31 -------- d-----w c:\program files\Image-Line
2009-04-06 09:39 . 2009-03-02 12:38 -------- d-----w c:\program files\BitTorrent
2009-04-04 10:45 . 2008-10-11 10:41 -------- d-----w c:\program files\Java
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-15 13:42 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 13:42 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-13 15:08 . 2009-03-13 15:08 684872 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-09 03:19 . 2008-11-26 15:12 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-10 17:23 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-10 17:23 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-10 17:23 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-10 17:23 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-10 17:23 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-10 17:23 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-10 17:23 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-10 17:23 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-10 17:23 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-10 17:23 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-10 17:23 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-10 17:23 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-10 17:23 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-10 17:23 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-10 17:23 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-10 17:23 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-10 17:23 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-10 17:23 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-15 13:42 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 13:42 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 13:42 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 13:42 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 13:42 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 13:42 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 13:42 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 13:42 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 13:42 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 13:42 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-05 16:08 . 2009-05-16 23:59 49664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-23_19.11.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-14 10:46 . 2009-05-25 17:54 39660 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2008-01-21 01:58 . 2009-05-25 17:57 57450 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-25 17:57 96128 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-04 15:24 . 2009-05-25 17:57 13572 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2906897876-258636576-2234130964-1000_UserData.bin
+ 2009-02-06 16:52 . 2009-02-06 16:52 49504 c:\windows\System32\sirenacm.dll
- 2008-10-04 14:14 . 2009-05-23 18:44 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-04 14:14 . 2009-05-25 22:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-04 14:14 . 2009-05-23 18:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 14:14 . 2009-05-25 22:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 14:14 . 2009-05-25 22:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-04 14:14 . 2009-05-23 18:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-25 18:36 . 2009-05-25 18:36 62304 c:\windows\Installer\{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}\IconWlc.exe
+ 2009-05-24 22:59 . 2009-05-24 22:59 58945 c:\windows\Installer\{63DC2DA0-2A6C-4C38-9249-B75395458657}\wlmail.exe
- 2009-01-02 15:36 . 2009-01-02 15:36 58945 c:\windows\Installer\{63DC2DA0-2A6C-4C38-9249-B75395458657}\wlmail.exe
- 2009-01-02 15:36 . 2009-01-02 15:36 80395 c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-05-25 18:36 . 2009-05-25 18:36 80395 c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-05-24 23:47 . 2009-05-24 23:47 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\f0940934a3aa33b7671f416206a76c03\WindowsLiveWriter.ni.exe
+ 2009-05-24 23:48 . 2009-05-24 23:48 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b63823a5b3ae8aa81cb94997db390ab\WindowsLive.Writer.Api.ni.dll
+ 2008-10-04 16:31 . 2009-05-25 00:35 252970 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2006-11-02 10:33 . 2009-05-17 20:21 587484 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-24 12:02 587484 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-17 20:21 101556 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-24 12:02 101556 c:\windows\System32\perfc009.dat
+ 2009-05-10 17:28 . 2009-05-25 17:58 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-10 17:28 . 2009-05-23 18:44 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-24 23:48 . 2009-05-24 23:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a362ea14c0fe23d4f2aea8ec021f0d3e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dff83a93cfce38247be2ac2e0a8785a9\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\db7a09cf44aa9b0d0e57ddee3762ab1a\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b58392b9d39e8daf17f3bd78ab1147d0\WindowsLive.Writer.Passport.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\93193886e8077ef3c8de1ea5f0edd7f8\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84e8e405b3075006fb93c866af02c63c\WindowsLive.Writer.Interop.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7db7da9911abb2aa8a4e94ef744e7586\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56771dc2fe172f871091c71ac3a561c2\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\423d86baaaa446228fc3205bd0671318\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3c0571b569bad5e54a9932c8a898107e\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2e9d7206e575145912ce8aa61b211d77\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\20fb431e55c3f27ad51498fe55d37ae4\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c76889f6da313c75b11eaf60461c82e\WindowsLive.Writer.Localization.ni.dll
+ 2009-05-24 23:47 . 2009-05-24 23:47 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\[u]0/u521176f85dd52cee07fb05917197f4f\WindowsLive.Writer.Controls.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\[u]0/u1ac4b7ff5021dad8a2a4ca560e4b2d7\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b6c3541e8a9df4ddbd720eb4c4dfd5e8\WindowsLive.Client.ni.dll
+ 2006-11-02 10:22 . 2009-05-26 01:25 6262784 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-05-26 01:25 . 2009-05-26 01:25 6262784 c:\windows\ERDNT\subs\schema.dat
+ 2009-05-26 01:22 . 2009-05-26 01:22 6262784 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-05-24 23:48 . 2009-05-24 23:48 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ce1b4192a4cf7472f1755e3aaee3aef3\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-05-24 23:48 . 2009-05-24 23:48 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\99870d72535ce9a8c53ac80236c675c4\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-05-24 23:47 . 2009-05-24 23:47 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a806fa96e3330a853ef9834dffdebf4\WindowsLive.Writer.PostEditor.ni.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo"="c:\recinfo\recinfo.exe" [2008-02-13 52224]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9CED427E-AC35-4525-81B9-D296FB698991}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{6C766915-DE83-4A74-8E40-94B876A64731}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{A145DBDE-E42F-436A-AFCB-B67FA0894778}c:\\users\\aurel\\program files\\dna\\btdna.exe"= UDP:c:\users\aurel\program files\dna\btdna.exe:btdna.exe
"UDP Query User{DD366BC5-8764-4789-B6C5-6EBC6C3E84AC}c:\\users\\aurel\\program files\\dna\\btdna.exe"= TCP:c:\users\aurel\program files\dna\btdna.exe:btdna.exe
"TCP Query User{651D20E9-4855-494D-B3D2-26576AF63435}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\counter-strike source\hl2.exe:hl2
"UDP Query User{67989C9B-C9DB-4A5F-9FC2-1D5767926201}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\counter-strike source\hl2.exe:hl2
"TCP Query User{E702F6E2-DEF0-4A70-A927-E0D0451F8138}c:\\users\\aurel\\program files\\dna\\btdna.exe"= UDP:c:\users\aurel\program files\dna\btdna.exe:btdna.exe
"UDP Query User{418DB7BA-9D36-441B-96D3-F756AB0913B3}c:\\users\\aurel\\program files\\dna\\btdna.exe"= TCP:c:\users\aurel\program files\dna\btdna.exe:btdna.exe
"TCP Query User{FBA9C4BA-524F-4A7C-A45D-1AFE36DED9C1}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\counter-strike source\hl2.exe:hl2
"UDP Query User{4B3017A0-A0C2-44B4-BFF1-83315B449A15}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\counter-strike source\hl2.exe:hl2
"TCP Query User{6E58E269-EE17-4CA3-8FAD-3E5E006359F9}c:\\users\\aurel\\desktop\\installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe"= UDP:c:\users\aurel\desktop\installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe:installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe
"UDP Query User{7EB16D15-8CC5-43AA-A391-1F4AFA8E585E}c:\\users\\aurel\\desktop\\installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe"= TCP:c:\users\aurel\desktop\installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe:installer-5455-855fr-dragon-ball-z-mugen-edition-french.exe
"{F025745F-EF0A-4C88-9294-F756E7BDF2FA}"= UDP:c:\users\Aurel\Desktop\ryzom_setup_637.exe:ryzom_setup_637
"{B3E5327A-7211-4744-803C-5CE164076E36}"= TCP:c:\users\Aurel\Desktop\ryzom_setup_637.exe:ryzom_setup_637
"{32F95859-D470-434D-B20F-45AB33076565}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{DE76DE22-79DE-4421-9C5B-3DB9B004737C}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{56EA9734-B3B8-427D-BAB4-50BE372EFD10}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{652EC79C-5ADE-401E-A188-80F4D865CA26}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule
"{63DD92E2-E956-4723-A6EB-751724C0010D}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{47BF5687-7DA2-4E75-AEAC-65F1C3B04F92}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0FDAB811-DD1C-43CD-8EDF-5DB3ED4E5016}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{EE0BB61A-EB4B-4743-BA51-174499F4FD1A}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DEE70723-E45F-4C9E-B45C-02B75CC55EF3}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{B997FE00-30C3-4EC7-8F3C-4478518161B3}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{2AA49430-2327-4454-88D3-3EB1AFB68F5A}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4F423FC3-AD5F-4393-970D-2B986CC76949}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4B5AEE6A-72E3-4715-88A9-EBF0E46CB9D7}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{94A809C0-3340-4CA1-B39B-42B57A371B4A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{C72FE8F5-822E-44CF-8482-CCB68A39E463}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{D8F4A150-3E63-4D01-89EF-43772D607CA2}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{0103E31B-5358-4CB5-934B-78EDDD8BAB33}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{2EE93E8C-18C6-45D3-A914-86295F0D1AF6}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{272C8B21-C146-49BA-B2FD-8BBED9F5516A}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\age of chivalry\hl2.exe:hl2
"UDP Query User{5277FA2B-0BDD-459C-980E-07961F9665C8}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\age of chivalry\hl2.exe:hl2
"TCP Query User{7533ED7C-A206-4F04-A051-820E67ABE272}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\source sdk base\hl2.exe:hl2
"UDP Query User{DC72CF3A-AE7B-4021-920F-CEACC11A5C1A}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\source sdk base\hl2.exe:hl2
"TCP Query User{A6502C23-5A18-4C53-B566-737C62F6D7FD}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\zombie panic! source\hl2.exe:hl2
"UDP Query User{5E3DD2BC-87C3-4DCF-8CDA-55CB1F5BAE26}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\zombie panic! source\hl2.exe:hl2
"TCP Query User{AE46CBA2-50B4-4C22-9D8D-F94B15AD8723}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\patafucka_noobkiller\insurgency\hl2.exe:hl2
"UDP Query User{B9AC7AFC-B28D-48AE-9E63-B9FD405FD26C}c:\\program files\\steam\\steamapps\\patafucka_noobkiller\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\patafucka_noobkiller\insurgency\hl2.exe:hl2
"{0C10CBA2-C9D0-424F-ADD4-46FD64B66A73}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{625CC581-0221-4D77-BF3D-FF21D6B8E94E}"= TCP:c:\program files\Steam\Steam.exe:Steam
"TCP Query User{88629E3C-E8E4-4657-8EDF-135872AB95F2}c:\\program files\\ubisoft\\gearbox software\\brothersinarmseib\\system\\eib.exe"= UDP:c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe:Brothers In Arms Earned In Blood
"UDP Query User{E35E1B1D-216D-4D06-8559-D73B88196359}c:\\program files\\ubisoft\\gearbox software\\brothersinarmseib\\system\\eib.exe"= TCP:c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe:Brothers In Arms Earned In Blood
"TCP Query User{07BBF629-56E6-48F1-8E9A-EDB9F75C0470}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex00.489\\freezer v1.4 fr\\freezer.exe"= UDP:c:\users\aurel\appdata\local\temp\rar$ex00.489\freezer v1.4 fr\freezer.exe:freezer.exe
"UDP Query User{D8CA61C5-E346-4E00-9072-B383CFA203F7}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex00.489\\freezer v1.4 fr\\freezer.exe"= TCP:c:\users\aurel\appdata\local\temp\rar$ex00.489\freezer v1.4 fr\freezer.exe:freezer.exe
"TCP Query User{C91CC548-6A60-4B65-8124-604428BCE463}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex24.162\\freezer v1.4 fr\\freezer.exe"= UDP:c:\users\aurel\appdata\local\temp\rar$ex24.162\freezer v1.4 fr\freezer.exe:freezer.exe
"UDP Query User{84C3490C-8A84-4A07-A288-67DE99C08674}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex24.162\\freezer v1.4 fr\\freezer.exe"= TCP:c:\users\aurel\appdata\local\temp\rar$ex24.162\freezer v1.4 fr\freezer.exe:freezer.exe
"TCP Query User{3458DF03-B6F4-4C38-9285-C688A519C9B0}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex00.087\\freezer v1.4 fr\\freezer.exe"= UDP:c:\users\aurel\appdata\local\temp\rar$ex00.087\freezer v1.4 fr\freezer.exe:freezer.exe
"UDP Query User{E7BE3D21-4ED6-46B3-876D-3FB4F4344338}c:\\users\\aurel\\appdata\\local\\temp\\rar$ex00.087\\freezer v1.4 fr\\freezer.exe"= TCP:c:\users\aurel\appdata\local\temp\rar$ex00.087\freezer v1.4 fr\freezer.exe:freezer.exe
"TCP Query User{92239223-D863-4574-8737-36DC8E9E063F}c:\\users\\aurel\\desktop\\freezer.exe"= UDP:c:\users\aurel\desktop\freezer.exe:freezer.exe
"UDP Query User{486FB1A2-1695-40AD-AD5B-59DBDFA22DB9}c:\\users\\aurel\\desktop\\freezer.exe"= TCP:c:\users\aurel\desktop\freezer.exe:freezer.exe
"{01551691-66D3-4323-832C-B8F6487CE6CC}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{8B4E6D51-17A0-4B3E-A883-F776E2DECB88}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{6ECE563E-0CEF-48EE-89E8-EEA41519B616}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A9BE94F7-C0AF-4A48-9275-C695C10F789E}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{76B30015-3D5B-42B3-918D-B106B2B7825E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AFB85A9C-314C-4C1A-9285-89C3E32F58F4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D92A3B89-046F-4F25-B8A7-F63A720FA8FC}c:\\users\\aurel\\desktop\\wowq(2).exe"= UDP:c:\users\aurel\desktop\wowq(2).exe:wowq(2).exe
"UDP Query User{8BE3361B-CAFB-4DB6-B10B-15C68F681DAE}c:\\users\\aurel\\desktop\\wowq(2).exe"= TCP:c:\users\aurel\desktop\wowq(2).exe:wowq(2).exe
"TCP Query User{A3FD7E88-AB6B-4D7F-B607-E3CDD18BBA91}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{3A755155-BB7C-40C7-889C-5D51475E23FB}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{5FD13D13-25D8-442C-9A98-478FB30F328A}c:\\users\\aurel\\desktop\\wowbc.exe"= UDP:c:\users\aurel\desktop\wowbc.exe:wowbc.exe
"UDP Query User{EBD60558-6692-4E12-B4BA-409E1C26E77E}c:\\users\\aurel\\desktop\\wowbc.exe"= TCP:c:\users\aurel\desktop\wowbc.exe:wowbc.exe
"{5BDB9AE0-2179-456C-BC04-B8E9A623F094}"= UDP:3724:port 3724
"{73DE668B-D763-4B7F-8B4B-488F91C28D9D}"= UDP:6112:port 6112
"TCP Query User{E444299A-986A-4B21-9AB6-D207AF4EABD0}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{FD623031-047C-45CD-AB94-F24E41C00250}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{520B5F26-5809-4CDD-BD51-D02BAEDD944B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A31B253A-D61C-4DC5-A5AC-0EB25EC76EDD}"= UDP:c:\program files\Windows Live\Messenger\wlcstart.exe:Windows Live Call
"{45E9E1C2-CF89-4B62-AF0E-1907319F69D1}"= TCP:c:\program files\Windows Live\Messenger\wlcstart.exe:Windows Live Call
"{7C9B8798-3B86-43D5-9BDC-471CE11CB613}"= UDP:c:\program files\Windows Live\Mail\wlmail.exe:Windows Live Mail
"{2FF968E8-F70D-4DB3-BA5B-81CF71E5C382}"= TCP:c:\program files\Windows Live\Mail\wlmail.exe:Windows Live Mail
"{61310982-FEF7-48F2-82F7-58BEC6072400}"= UDP:c:\program files\Windows Live\Photo Gallery\MovieMaker.Exe:Windows Live Movie Maker Bêta
"{749ADAD8-A7FA-4F7F-968C-E99B72080CA3}"= TCP:c:\program files\Windows Live\Photo Gallery\MovieMaker.Exe:Windows Live Movie Maker Bêta
"{ADB135AC-B9EA-49EF-9AE2-502D9854DC89}"= UDP:c:\program files\Windows Live\Writer\WindowsLiveWriter.exe:Windows Live Writer
"{98310D30-707F-400D-934C-DBD6CE0F8292}"= TCP:c:\program files\Windows Live\Writer\WindowsLiveWriter.exe:Windows Live Writer
"{7B8DE98A-91F5-4603-A71E-A45402B2ED5B}"= UDP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{B0A5CD37-CF2F-4605-A805-821DFE214A5C}"= TCP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{B724C66F-41EF-4499-996D-CE8AF7B3F519}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{EF3E7982-8CAD-482A-9A3C-514E13AEF2B7}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{42403714-7DFA-4AE5-9158-3E152FE74668}"= UDP:c:\program files\Movie Maker\MOVIEMK.exe:Windows Movie Maker
"{6258ECA2-FC1E-4E42-8B91-E8EAD807514D}"= TCP:c:\program files\Movie Maker\MOVIEMK.exe:Windows Movie Maker
"{94BFDD91-22E6-429B-AE78-78F8B73ACECC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 NVOY;Norman's Very Own supplY of resources;c:\program files\Norman\Npm\Bin\nvoy.exe [04/10/2008 17:20 121912]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [17/05/2009 19:44 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [24/06/2008 03:54 46592]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Npm\Bin\nvcsched.exe [04/10/2008 17:20 154680]
S3 RescueDrv;Inventel Access Point USB Rescue Driver;c:\windows\System32\drivers\resc_dwb.sys [05/01/2009 12:47 74828]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-05-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-15 13:00]

2009-05-25 c:\windows\Tasks\User_Feed_Synchronization-{0B95B891-2A7B-4F46-9D97-B92956F3159D}.job
- c:\windows\system32\msfeedssync.exe [2009-05-10 11:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Aurel\AppData\Roaming\Mozilla\Firefox\Profiles\44g8omsl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 03:27
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2906897876-258636576-2234130964-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,52,ac,9e,38,76,fb,45,3b,86,8e,a6,65,e5,11,f9,02,49,7d,bb,bf,b2,2a,
5f,c9,f5,00,df,57,03,43,bf,d4,65,c0,a5,b3,a9,98,c8,a9,32,cc,e3,02,2d,c8,2d,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Norman\Npm\Bin\elogsvc.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Norman\Npm\Bin\Njeeves.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2009-05-26 3:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-26 01:32
ComboFix2.txt 2009-05-23 19:14

Avant-CF: 16 876 048 384 octets libres
Après-CF: 16 490 967 040 octets libres

370 --- E O F --- 2009-05-14 10:46
0
Réponse 17 / 19
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
26 mai 2009 à 18:44
Ok, poste un nouveau rapport RSIT stp

0
Réponse 18 / 19
Alté
26 mai 2009 à 20:36
Bonjour ANthony, alors que se passe t'il ? encore des ***** dans mon system ou on approche de la fin ^^'' ?
en tout cas merci de ton aide
voila le rapport RSIT :




Logfile of random's system information tool 1.06 (written by random/random)
Run by Aurel at 2009-05-26 20:34:12
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 15 GB (15%) free of 96 GB
Total RAM: 3070 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:27, on 26/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Mumble\bin\dbus-daemon.exe
C:\Users\Aurel\Desktop\antiviruss\RSIT.exe
C:\Program Files\trend micro\Aurel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20090504
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
0
Réponse 19 / 19
Alté
27 mai 2009 à 01:38
sALUT Anthony je te remercie de ta patience, je lis tout cela demain et fais le nécessaire .

Arvii que la force soi avec toi
0
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
27 mai 2009 à 18:55
De rien ;)

Bon courage ^^
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Livebox s'allume mais marque pas de réseau orange
Bebelle -
kaumune -

9 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Installation Win10 - Aucun pilote de périphérique signé n’a été trouvé
telsa7200 -
Rudobiku -

26 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses