Sujet Précédent Sujet Suivant

Probleme de virus non détecté par Trend Micro

Fermé
arnaud1804 - 21 mars 2010 à 19:39
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 - 25 mars 2010 à 22:52
Bonjour !

J'ai un virus qui provoque de longues listes de demande sur ma connection, apres avoir été averti par mon fournisseur internet j'ai commencer a chercher le probleme .

J'ai donc vu sur la page de logs de mon routeur la liste :

192.168.2.122:1368 TCP 209.85.222.5:25 61793 3094
192.168.2.129:4253 TCP 116.15.62.151:16735 61843 20
192.168.2.122:65355 UDP 212.71.8.10:53 61885 109
192.168.2.122:51416 UDP 212.71.8.10:53 61921 123
192.168.2.129:4198 TCP 116.15.62.151:16735 61939 37
192.168.2.122:1314 TCP 66.11.173.33:25 61947 2928
192.168.2.122:59776 UDP 212.71.8.10:53 61965 110
192.168.2.129:4335 TCP 117.199.64.46:39174 61967 23
192.168.2.122:60499 UDP 212.71.8.10:53 61969 268
192.168.2.129:4340 TCP 117.254.252.226:51817 62029 15
192.168.2.122:50360 UDP 212.71.8.10:53 62045 108
192.168.2.156:1160 UDP 212.71.8.10:53 62063 172
192.168.2.122:2994 TCP 209.85.227.17:80 62107 28
192.168.2.118:4170 TCP 74.125.10.103:80 62141 3600
192.168.2.122:53950 UDP 212.71.8.10:53 62151 129
192.168.2.122:55043 UDP 212.71.8.10:53 62203 166
192.168.2.118:3448 UDP 212.71.8.10:53 62225 235
192.168.2.122:51904 UDP 212.71.8.10:53 62231 175
192.168.2.118:1855 UDP 212.71.8.10:53 62239 42
192.168.2.122:27665 TCP 209.85.129.114:25 62249 2858

( 192.168.2.122 = ip du pc ayant le virus )

La, y'a 1 pages , pour l'instant j'ai "regler " le probleme avec un firewall mais quand je le désactive on monte jusque 200 pages de demandes ...

J'ai fait un scan complet avec AVG,désinstaller AVG, installer Trend Micro , scanner complet, il a virer quelques trucs et même des "high priority"pour cerains

.Mais maintenant quand je d'active le firewall les demandes reviennent en pagaille sur mon routeur .. Il semblerait que les demandes viennent de "SERVICES.EXE" ..

Quelqu'un peut m'aider avec un log hijhack ou un truc du style ?

Merci !

22 réponses

Précédent
  • 1
  • 2
Réponse 21 / 22
arnaud18
25 mars 2010 à 19:26
Ca a l'air beaucoup mieux depuis ce dernier test thanks !

ComboFix 10-03-24.03 - Arnaud 25/03/2010 18:32:52.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.32.1036.18.2046.1056 [GMT 1:00]
Lancé depuis: c:\users\Arnaud\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Arnaud\AppData\Roaming\inst.exe
c:\users\Arnaud\Drivers\DRIVERS\LAN\_desktop.ini
c:\users\Arnaud\Drivers\DRIVERS\LAN\WIN2000\_desktop.ini
c:\users\Arnaud\Drivers\DRIVERS\LAN\WIN98SE\_desktop.ini
c:\users\Arnaud\Drivers\DRIVERS\LAN\WINME\_desktop.ini
c:\users\Arnaud\Drivers\DRIVERS\LAN\WINXP\_desktop.ini
c:\windows\jestertb.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\service
c:\windows\system32\service\21032010_TIS17_SfFniAU.log
c:\windows\system32\service\22032010_TIS17_SfFniAU.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-25 au 2010-03-25 ))))))))))))))))))))))))))))))))))))
.

2010-03-25 17:49 . 2010-03-25 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-23 17:21 . 2010-03-23 17:21 -------- d-----w- c:\users\Arnaud\AppData\Roaming\Malwarebytes
2010-03-23 17:21 . 2010-03-23 17:21 -------- d-----w- c:\programdata\Malwarebytes
2010-03-22 14:27 . 2010-03-22 14:28 94484627 ----a-w- C:\UsbFix_Upload_Me_PC-de-Arnaud.zip
2010-03-21 19:51 . 2010-03-22 14:28 -------- d-----w- C:\UsbFix
2010-03-21 19:27 . 2010-03-21 19:27 -------- d-----w- C:\rsit
2010-03-21 12:52 . 2010-03-21 12:59 -------- d-----w- c:\programdata\Trend Micro
2010-03-21 12:49 . 2010-03-21 12:49 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-03-21 12:49 . 2010-03-21 12:49 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-03-21 12:49 . 2010-03-21 12:49 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-03-21 12:49 . 2010-03-21 12:49 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-03-21 12:49 . 2010-03-21 12:49 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-03-21 12:49 . 2010-03-21 12:49 283152 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-03-21 12:49 . 2010-03-21 12:49 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-03-21 12:49 . 2010-03-21 12:49 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-21 12:49 . 2010-03-21 12:49 146448 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-03-21 12:39 . 2010-03-21 12:53 -------- d-----w- c:\program files\Trend Micro
2010-03-21 11:09 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-21 11:09 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-21 11:09 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-21 11:09 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-21 11:09 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-21 11:09 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-21 11:09 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-21 11:09 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-21 11:09 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-21 11:09 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-03-21 11:08 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-21 11:08 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-21 11:06 . 2010-03-21 11:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-03-21 11:05 . 2010-03-21 11:08 -------- d-----w- C:\SDFix
2010-03-21 10:45 . 2010-03-21 10:45 -------- d-----w- c:\programdata\ZA_PreservedFiles
2010-03-21 10:35 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-21 10:35 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-21 10:35 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-21 00:55 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-20 17:04 . 2009-06-10 11:45 206336 ----a-w- c:\windows\system32\telnet.exe
2010-03-20 17:04 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-20 17:04 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-20 17:04 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-03-20 17:04 . 2009-12-08 20:37 900696 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-20 17:04 . 2009-12-08 20:36 220248 ----a-w- c:\windows\system32\drivers\netio.sys
2010-03-20 17:04 . 2009-12-08 20:36 98392 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-03-20 17:04 . 2009-12-08 19:57 438272 ----a-w- c:\windows\system32\IKEEXT.DLL
2010-03-20 17:04 . 2009-12-08 19:57 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2010-03-20 17:04 . 2009-12-08 19:55 328704 ----a-w- c:\windows\system32\BFE.DLL
2010-03-20 17:03 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-03-20 17:03 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-03-20 13:42 . 2010-03-21 10:46 -------- d-----w- c:\users\Arnaud\AppData\Roaming\CheckPoint
2010-03-20 13:41 . 2010-03-21 11:01 -------- d-----w- c:\program files\CheckPoint
2010-03-20 13:41 . 2008-02-23 04:38 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-03-20 13:41 . 2008-02-23 02:41 22528 ----a-w- c:\windows\system32\netiougc.exe
2010-03-20 13:39 . 2010-03-20 13:39 -------- d-----w- c:\programdata\CheckPoint
2010-03-20 13:39 . 2010-03-21 11:01 -------- d-----w- c:\windows\Internet Logs
2010-03-19 21:32 . 2010-03-19 21:32 -------- d-----w- C:\$AVG
2010-03-19 20:42 . 2010-03-19 20:42 -------- d-----w- c:\programdata\WindowsSearch
2010-03-19 20:00 . 2010-03-19 20:00 -------- d-----w- c:\program files\AVG
2010-03-19 19:01 . 2010-03-20 10:30 -------- d-----w- c:\programdata\Alwil Software
2010-03-19 19:01 . 2010-03-19 19:01 -------- d-----w- c:\program files\Alwil Software
2010-03-15 19:32 . 2010-03-15 19:32 -------- d-----w- c:\program files\PhoneGap Simulator
2010-03-14 12:00 . 2010-03-14 12:09 -------- d-----w- c:\program files\Tansee iPhone Transfer SMS
2010-03-14 11:51 . 2010-03-14 12:57 -------- d-----w- c:\users\Arnaud\AppData\Roaming\MobileSyncBrowser
2010-03-14 11:51 . 2010-03-14 11:51 -------- d-----w- c:\program files\MobileSyncBrowser
2010-03-11 13:22 . 2010-03-11 13:22 -------- d-----w- c:\program files\Foxit Software
2010-03-08 18:48 . 2010-03-08 18:48 -------- d-----w- c:\users\Arnaud\Benjamin Biolay -La Superbe
2010-03-02 18:32 . 2010-03-02 18:32 -------- d-----w- c:\users\Arnaud\AppData\Local\Micro Application
2010-03-02 18:32 . 2010-03-02 18:32 -------- d-----w- c:\users\Arnaud\AppData\Local\Micro_Application
2010-03-02 18:31 . 2010-03-02 18:31 -------- d-----w- c:\program files\Micro Application
2010-03-02 09:47 . 2010-03-02 09:47 2238 ----a-r- c:\users\Arnaud\AppData\Roaming\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_E58D3B0E468C0F9A305490.exe
2010-03-02 09:47 . 2010-03-02 09:47 2238 ----a-r- c:\users\Arnaud\AppData\Roaming\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_184F7DB9A6DFFF85BE5CDB.exe
2010-03-02 09:47 . 2010-03-02 09:47 10134 ----a-r- c:\users\Arnaud\AppData\Roaming\Microsoft\Installer\{86AED2CA-EE00-400B-8516-5152CC10B32E}\_26148796F1C61A0D578706.exe
2010-03-02 09:47 . 2010-03-02 09:47 -------- d-----w- c:\program files\Feneris
2010-03-01 13:04 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-03-01 13:04 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-03-01 13:04 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-03-01 13:04 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-03-01 13:04 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-03-01 13:04 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-03-01 12:54 . 2010-03-01 12:54 36864 ----a-w- c:\users\Arnaud\AppData\Roaming\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
2010-03-01 12:44 . 2010-03-01 12:51 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-01 12:44 . 2010-03-09 12:44 -------- d-----w- c:\users\Arnaud\AppData\Roaming\Autodesk
2010-03-01 12:44 . 2010-03-09 12:44 -------- d-----w- c:\programdata\Autodesk
2010-03-01 12:44 . 2010-03-01 12:52 -------- d-----w- c:\program files\AutoCAD 2010
2010-03-01 12:44 . 2010-03-01 12:44 -------- d-----w- c:\users\Arnaud\AppData\Local\Autodesk

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 16:55 . 2007-11-02 10:02 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-22 20:28 . 2009-11-02 20:23 -------- d-----w- c:\users\Arnaud\AppData\Roaming\Skype
2010-03-21 17:31 . 2010-02-23 09:48 -------- d-----w- c:\users\Arnaud\AppData\Roaming\uTorrent
2010-03-20 11:18 . 2006-11-02 15:48 672470 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-20 11:18 . 2006-11-02 15:48 124400 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-19 10:22 . 2010-02-12 12:23 -------- d-----w- c:\programdata\Roxio
2010-03-11 10:59 . 2009-11-02 15:17 124526 ----a-w- c:\users\Arnaud\AppData\Roaming\nvModes.dat
2010-03-09 15:24 . 2007-11-02 12:30 -------- d-----w- c:\programdata\Microsoft Help
2010-03-02 18:32 . 2009-11-02 15:18 174216 ----a-w- c:\users\Arnaud\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-01 12:53 . 2009-11-02 20:10 -------- d-----w- c:\programdata\FLEXnet
2010-02-24 09:16 . 2009-11-03 11:29 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 19:16 . 2010-02-05 14:13 -------- d-----w- c:\users\Arnaud\AppData\Roaming\Vso
2010-02-23 12:13 . 2009-11-02 15:25 -------- d-----w- c:\users\Arnaud\AppData\Roaming\DivX
2010-02-23 12:05 . 2010-02-23 12:05 -------- d-----w- c:\program files\Convert MOV to AVI
2010-02-23 11:54 . 2010-02-23 11:51 -------- d-----w- c:\program files\MediaCoder
2010-02-23 09:49 . 2010-02-23 09:49 -------- d-----w- c:\program files\uTorrent
2010-02-21 13:43 . 2010-02-21 13:42 -------- d-----w- c:\program files\PDFCreator
2010-02-17 12:19 . 2009-11-02 15:18 2032 ----a-w- c:\users\Arnaud\AppData\Local\d3d9caps.dat
2010-02-17 08:51 . 2010-02-17 08:51 -------- d-----w- c:\program files\MOV to WMV
2010-02-16 21:43 . 2010-02-16 21:43 -------- d-----w- c:\program files\RealVNC
2010-02-15 20:57 . 2009-12-28 23:19 -------- d-----w- c:\users\Arnaud\AppData\Roaming\vlc
2010-02-15 19:25 . 2007-11-02 09:56 -------- d-----w- c:\program files\Google
2010-02-15 19:12 . 2010-02-15 19:12 -------- d-----w- c:\program files\DreamBoxEdit
2010-02-15 19:12 . 2010-02-15 19:11 1265621 ----a-w- c:\users\Arnaud\DreamBoxEdit-3.0.0.0-setup.exe
2010-02-15 16:56 . 2010-02-15 16:54 -------- d-----w- c:\users\Arnaud\AppData\Roaming\FreeFLVConverter
2010-02-15 16:54 . 2010-02-15 16:54 -------- d-----w- c:\program files\Free FLV Converter
2010-02-12 12:23 . 2010-02-12 12:23 -------- d-----w- c:\users\Arnaud\AppData\Roaming\Roxio
2010-02-12 10:06 . 2010-02-12 10:04 -------- d-----w- c:\program files\iTunes
2010-02-12 10:05 . 2010-02-12 10:04 -------- d-----w- c:\program files\iPod
2010-02-12 10:04 . 2009-11-17 18:31 -------- d-----w- c:\program files\Common Files\Apple
2010-02-12 10:01 . 2010-02-12 10:01 -------- d-----w- c:\program files\QuickTime
2010-02-12 09:59 . 2010-02-12 09:59 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-12 08:48 . 2010-02-11 17:04 -------- d-----w- c:\program files\AVS4YOU
2010-02-12 08:48 . 2010-02-11 17:06 -------- d-----w- c:\users\Arnaud\AppData\Roaming\AVS4YOU
2010-02-12 08:48 . 2010-02-11 17:04 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-11 17:08 . 2010-02-11 17:08 -------- d-----w- c:\programdata\AVS4YOU
2010-02-10 14:31 . 2010-02-10 14:28 191912 ----a-w- c:\windows\hppins10.dat
2010-02-10 14:30 . 2010-02-10 14:30 -------- d-----w- c:\programdata\Hewlett-Packard
2010-02-10 14:28 . 2010-02-10 14:28 -------- d-----w- c:\program files\HP
2010-02-10 14:28 . 2010-02-10 14:28 -------- d-----w- c:\programdata\HP
2010-02-05 14:27 . 2010-02-05 14:27 -------- d-----w- c:\programdata\vsosdk
2010-02-05 14:13 . 2010-02-05 14:13 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-05 14:13 . 2010-02-05 14:13 47360 ----a-w- c:\users\Arnaud\AppData\Roaming\pcouffin.sys
2010-02-05 14:13 . 2010-02-05 14:13 47360 ----a-w- c:\users\Arnaud\AppData\Roaming\pcouffin.sys
2010-02-05 14:13 . 2010-02-05 14:13 -------- d-----w- c:\program files\VSO
2010-02-04 09:01 . 2010-03-01 13:05 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-03-01 13:05 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-03-01 13:05 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-03-01 13:05 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-02 19:52 . 2010-02-02 19:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-26 17:37 . 2010-01-26 17:37 65412 ----a-w- c:\users\Arnaud\config.bin
2010-01-17 19:14 . 2010-01-17 19:14 200770 ----a-w- c:\users\Arnaud\candid.zip
2010-01-15 17:30 . 2010-02-15 16:54 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-01-02 06:38 . 2010-03-21 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-21 00:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-03-21 00:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-03-21 00:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 12:41 . 2009-12-31 12:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-04 20:52 . 2010-02-04 20:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-17 23:04 . 2009-11-02 16:29 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-11-02 16:29 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-11-02 16:29 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-11-02 16:29 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-11-02 16:29 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-12 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2009-11-12 9094448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-04 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-02 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 2020968]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]

c:\users\Arnaud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-04 30192]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136]
R3 WSDPrintDevice;Prise en charge de l'impression WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-18 16896]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-03-21 146448]
S2 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 2655848]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-03-21 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-03-21 283152]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-03-21 50704]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-03-21 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-03-21 689416]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - esdlg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 22:35]

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 22:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Arnaud\AppData\Roaming\Mozilla\Firefox\Profiles\vr98ztl7.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.accept.default", "application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
.
------- Associations de fichier -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-NvMediaCenter - c:\windows\system32\NvMcTray.dll
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-sysgif32 - c:\users\Arnaud\AppData\Local\Temp\~TM6CA1.tmp
AddRemove-Chilipoker - c:\poker\Chilipoker\_SetupCasino_4a50[1].exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 18:50
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\esdlg]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
Heure de fin: 2010-03-25 18:55:14
ComboFix-quarantined-files.txt 2010-03-25 17:55

Avant-CF: 56.013.074.432 octets libres
Après-CF: 55.968.190.464 octets libres

- - End Of File - - BB8F33A9B6BF39A06E6F16BA82F36BA8
0
Réponse 22 / 22
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
25 mars 2010 à 22:52
Salut arnaud18


On va vérifier si rien de caché :
Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :

https://www.eset.com/int/home/online-scanner/

(coche toutes les cases à chaque fois, sauf les deux dernières a la fin du scan, sinon le rapport est supprimer)
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt


@++ :)
0

Discussions similaires

Livebox s'allume mais marque pas de réseau orange
Bebelle -
kaumune -

9 réponses
Livebox 4 Réseau Orange non détecté
Azfun -
brupala -

10 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus détecté
Koony -
MisteryBean -

6 réponses
Installation Win10 - Aucun pilote de périphérique signé n’a été trouvé
telsa7200 -
Rudobiku -

26 réponses