Je n'y arrive pas, j'aides attaques de cheval

Résolu
dbourgeo -  
dbourgeo Messages postés 75 Statut Membre -
Bonjour à tous,
Depuis quelques jours j'ai mon Anti virus eset security nod 32 qui me met sans arrêt tous les 5 minutes un message comme quoi il bloque l'attaque d'un cheval de troie.
J'ai voulu essayer de nettoyer avec spyboot et malarbytes et hijackthis mais rien n'y fait.
J'ai l'impression que j'ai un fichier surement installé sur mon PC qui demande aux attaquant de pénétrer.
Je baisse les bras car à force c'est pénible donc si vous pouvez m'aider, merci
Cordialement Daniel
s
A voir également:

72 réponses

Précédent
Réponse 21 / 72
dbourgeo Messages postés 75 Statut Membre
 
Partie 1


ComboFix 10-04-21.01 - Dany 22/04/2010 21:47:35.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1487 [GMT 2:00]
Lancé depuis: c:\documents and settings\Dany\Bureau\ComboFix.exe
AV: BitDefender Internet Security v10 *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Internet Security v10 *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3602737474-2172167897-2797940940-1000
c:\$recycle.bin\S-1-5-21-4200881234-2146675543-2877990657-1000
c:\windows\system32\drivers\kthblled.sys
c:\windows\system32\drivers\wgteicji.sys
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\winsys.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_wgteicji
-------\Service_wgteicji


((((((((((((((((((((((((((((( Fichiers créés du 2010-03-22 au 2010-04-22 ))))))))))))))))))))))))))))))))))))
.

2010-04-22 18:56 . 2010-04-22 19:00 -------- d-----w- c:\program files\ZHPDiag
2010-04-22 16:36 . 2010-04-22 18:20 -------- d-----w- C:\Kill'em
2010-04-22 16:35 . 2010-04-22 18:29 -------- d-----w- c:\program files\List_Kill'em
2010-04-22 11:05 . 2010-04-22 11:05 -------- d-----w- C:\rsit
2010-04-22 11:05 . 2010-04-22 11:05 -------- d-----w- c:\program files\trend micro
2010-04-22 09:46 . 2010-04-22 09:46 -------- d-----w- c:\program files\ESET
2010-04-19 16:12 . 2010-04-19 16:12 -------- d-----w- c:\program files\TomTom International B.V
2010-04-18 09:39 . 2010-04-18 09:39 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-18 09:23 . 2010-04-18 09:23 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-04-18 07:46 . 2010-04-18 07:46 -------- d-----w- c:\program files\Microsoft.NET
2010-04-18 07:43 . 2010-04-18 07:43 -------- d-----w- c:\windows\SHELLNEW
2010-04-18 07:42 . 2010-04-18 07:42 -------- d-----r- C:\MSOCache
2010-04-17 21:46 . 2010-04-17 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-04-17 19:27 . 2010-04-17 19:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-17 19:16 . 2010-04-17 19:16 -------- d-----w- c:\documents and settings\Dany\Local Settings\Application Data\Logishrd
2010-04-17 19:10 . 2010-04-17 19:11 -------- d-----w- c:\documents and settings\Dany\Application Data\Logishrd
2010-04-16 18:00 . 2010-04-16 18:00 -------- d-----w- c:\program files\TrendMicro
2010-04-14 05:15 . 2010-04-14 05:53 -------- d-----w- c:\program files\Trojan Killer
2010-04-13 06:36 . 2010-04-22 07:57 -------- d-----w- C:\Ad-Remover
2010-04-12 23:11 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-12 11:57 . 2010-04-12 19:51 -------- d-----w- c:\documents and settings\Dany\Local Settings\Application Data\Google
2010-04-12 10:37 . 2010-04-12 10:37 699904 ----a-w- c:\windows\is-5NVC6.exe
2010-04-12 08:59 . 2010-04-12 08:59 140288 ----a-w- c:\windows\system32\drivers\ethsrmex.sys
2010-04-07 19:08 . 2010-04-07 19:08 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-04-02 14:30 . 2010-04-02 14:30 -------- d-----w- c:\program files\DIFX
2010-04-02 14:30 . 2006-12-21 22:11 40576 ------w- c:\windows\system32\drivers\VCommUSB.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 18:49 . 2004-08-05 12:00 546120 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-22 18:49 . 2004-08-05 12:00 99178 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-22 12:08 . 2009-03-07 14:21 -------- d-----w- c:\documents and settings\Dany\Application Data\WeatherWatcher
2010-04-22 12:02 . 2004-08-05 12:00 42112 ----a-w- c:\windows\system32\drivers\Imapi.sys
2010-04-22 08:54 . 2007-03-20 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-21 11:07 . 2010-04-21 11:07 388096 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-19 16:58 . 2007-03-19 16:56 58136 ----a-w- c:\documents and settings\Dany\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 16:46 . 2007-03-19 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 16:43 . 2007-03-20 13:02 117248 ----a-w- c:\windows\system32\drivers\SSIDRV.sys
2010-04-19 16:39 . 2007-03-21 13:35 -------- d-----w- c:\program files\TechniSat DVB
2010-04-19 16:39 . 2007-03-19 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 16:38 . 2007-03-19 16:12 -------- d-----w- c:\program files\Smartione
2010-04-19 16:37 . 2009-09-26 15:12 -------- d-----w- c:\program files\ProgFinder
2010-04-19 16:36 . 2009-08-12 11:06 -------- d-----w- c:\program files\Panda Security
2010-04-19 16:34 . 2007-03-21 13:35 -------- d-----w- c:\program files\DVBViewerTE
2010-04-19 16:22 . 2007-04-05 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-04-19 15:46 . 2009-09-19 17:52 4945232 ----a-w- c:\documents and settings\Dany\Application Data\TomTom\HOME\Profiles\w3c08jqu.default\extensions\Navcore.8.413.1237@tomtom.com\8-413-1237-1.dll
2010-04-17 21:47 . 2010-04-17 19:17 53248 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-04-17 21:47 . 2007-12-10 07:36 -------- d-----w- c:\program files\Fichiers communs\Logishrd
2010-04-17 19:15 . 2007-03-19 14:55 -------- d-----w- c:\program files\Logitech
2010-04-17 19:14 . 2007-03-19 14:55 -------- d-----w- c:\program files\Fichiers communs\Logitech
2010-04-16 14:12 . 2010-02-20 21:16 -------- d-----w- c:\documents and settings\Dany\Application Data\vlc
2010-04-15 15:49 . 2009-02-08 07:42 -------- d-----w- c:\program files\Google
2010-04-12 10:40 . 2008-10-01 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 10:37 . 2008-10-01 13:10 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 07:29 . 2007-04-30 20:15 -------- d-----w- c:\program files\BitTorrent_DNA
2010-04-09 09:29 . 2010-03-19 10:27 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-09 09:29 . 2010-03-19 10:27 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-08 10:10 . 2007-05-18 12:30 -------- d-----w- c:\program files\FastStone Capture
2010-04-02 14:42 . 2008-06-18 10:05 335 -c--a-w- c:\windows\nsreg.dat
2010-03-29 22:46 . 2008-10-01 13:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2008-10-01 13:10 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 19:36 . 2007-03-20 12:36 -------- d-----w- c:\program files\CCleaner
2010-03-23 09:27 . 2010-03-19 10:27 3749200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-03-20 16:00 . 2007-06-23 13:34 -------- d-----w- c:\documents and settings\Dany\Application Data\Canon
2010-03-19 10:27 . 2010-03-19 10:27 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 13:51 . 2008-12-19 06:37 -------- d-----w- c:\documents and settings\Dany\Application Data\dvdcss
2010-03-03 09:23 . 2007-03-19 15:54 -------- d-----w- c:\program files\IZArc
2010-02-25 20:47 . 2007-03-19 16:26 -------- d-----w- c:\documents and settings\Dany\Application Data\HARVEST S.A
2010-02-25 20:46 . 2010-02-25 20:46 -------- d-----w- c:\program files\ClickImpots plus SCI 2010
2010-02-25 18:11 . 2007-05-04 20:42 -------- d-----w- c:\program files\AM-DeadLink
2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:23 . 2010-03-19 10:27 283984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
2010-02-16 19:06 . 2004-08-05 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2004-08-04 00:49 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:01 . 2010-03-19 10:27 259408 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
2010-02-16 11:00 . 2010-03-19 10:27 226640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
2010-02-16 11:00 . 2010-03-19 10:27 390480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
2010-02-16 11:00 . 2010-03-19 10:27 173392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
2010-02-16 11:00 . 2010-03-19 10:27 296272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
2010-02-16 11:00 . 2010-03-19 10:27 345424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
2010-02-16 11:00 . 2010-03-19 10:27 206160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
2010-02-16 11:00 . 2010-03-19 10:27 177488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
2010-02-16 11:00 . 2010-03-19 10:27 206160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll
2010-02-12 10:03 . 2010-02-24 22:13 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-03-19 10:16 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2010-03-19 10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-01 09:45 . 2010-02-01 09:45 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-02-01 09:45 . 2010-02-01 09:45 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-02-01 09:44 . 2010-02-01 09:44 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2006-05-03 09:06 . 2009-10-09 15:07 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-10-09 15:07 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-10-09 15:07 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2008-11-18 1081344]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-06-07 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBDriver"="c:\program files\Keyboard Driver\OEMDriver.exe" [2004-08-25 151552]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= "c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-07 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-02-27 09:24 159744 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Server4PC.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Dany^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]
path=c:\documents and settings\Dany\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 22:46 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2009-08-21 10:36 878080 ----a-w- c:\windows\system32\PrintDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Kyodai Mahjongg\\kmj.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19/03/2010 12:27 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2007 19:37 717296]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [26/03/2007 16:26 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [26/03/2007 16:26 52224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [07/04/2010 21:07 114984]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys [21/09/2005 10:17 5632]
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS [20/02/2007 15:02 32256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [07/04/2010 21:07 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [01/10/2008 15:10 303952]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [16/11/2009 14:52 77824]
R2 RegServ;RegServ;c:\windows\SRNTService.exe [12/11/2009 12:14 69632]
R2 TomTomHOMEService;TomTomHOMEService;f:\tomtom home 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [02/11/2009 10:32 762112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/10/2008 15:10 20824]
S2 gupdate1c989c0d9b3d5dc;Google Update Service (gupdate1c989c0d9b3d5dc);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2009 09:42 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [05/08/2004 14:00 3584]
S2 tqavcdyu;Logitech AEC Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 14:00 14336]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 17:52 1265264]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14/04/2004 14:52 20736]
S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [19/03/2007 17:32 15104]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS --> c:\windows\system32\DRIVERS\SkyNET.SYS [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tqavcdyu
.
Contenu du dossier 'Tâches planifiées'

2010-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:29]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:42]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:42]

2010-04-22 c:\windows\Tasks\User_Feed_Synchronization-{B4010896-F085-4E90-8706-E2D3865DFB9B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
0
Réponse 22 / 72
dbourgeo Messages postés 75 Statut Membre
 
Partie 2


------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
IE: Ajouter au fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: secuser.com\www
TCP: {9E9D081D-EAA5-4C2C-ABA7-6BA4EE5C7653} = 212.27.54.252,213.228.0.23
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
FF - ProfilePath - c:\documents and settings\Dany\Application Data\Mozilla\Firefox\Profiles\6ndeje8e.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.my.yahoo.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{5C887690-4044-418A-8A28-8BEBC3F9EF75} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{5C887690-4044-418A-8A28-8BEBC3F9EF75} - (no file)
HKCU-Run-RSRWin.exe - c:\windows\RSRWin.exe
HKU-Default-Run-RSRWin.exe - c:\windows\RSRWin.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-QZAIB7KITK - c:\windows\Nhegea.exe
AddRemove-CPUID CPU-Z_is1 - i:\cpu-z\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 21:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\NODE.tmp 872448 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvb.sys >>UNKNOWN [0x8ABE2938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> SecurityProcedure -> ntoskrnl.exe @ 0x805df529
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntoskrnl.exe @ 0x805df529
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb8672bb0
PacketIndicateHandler -> NDIS.sys @ 0xb867fa21
SendHandler -> NDIS.sys @ 0xb865d87b
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1409082233-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A017AF56-B493-BA8F-B78A-ABAC1F958DAB}*]
"faigafmkfagb"=hex:6d,62,6e,67,67,6a,6f,63,66,6b,62,6b,67,6a,6f,6d,6d,62,61,6b,
64,65,65,69,6a,69,6b,6b,63,6f,63,6a,6f,6a,66,6d,68,62,6e,70,68,68,65,66,64,\
"gajeimeomgllde"=hex:63,61,6b,66,66,68,00,00
"gaiennfajdkfje"=hex:63,61,6b,66,66,68,00,00

[HKEY_USERS\S-1-5-21-1409082233-261903793-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c9,8a,a1,d3,ea,6c,33,6c,1a,e7,0d,94,b3,e1,f4,f7,96,79,6f,5e,d5,25,6e,
08,a3,e8,1e,f3,1a,70,7e,89,36,32,94,d1,a6,5a,6b,3e,40,01,54,44,f7,21,de,8b,\
"??"=hex:6b,17,e5,79,7b,28,33,4c,05,ba,2a,9e,a9,42,7d,26

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000040c
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{B91B907B-3542-4DDB-84FA-55EDE3F13969}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.40.10"
"UniqueId"="0007876D4BD01B15"
"ScannerBuild"=dword:00001aeb
"ScannerVersionId"=dword:00001390
"ScannerVersion"="Open window for status."

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI04.00.00.01PRO"="9D8A793893C67688BABF2127E6827D4EDA27D0B11FE83A54D5B0D036F379505986151D5064A59CBDED6A2809C6A9A2B32649710525FAD4FDAAF876CF66BE1FBE69B863305159C752A70E9D905181A2C6BAA61FF21A7210CD84CF997A8EA3CA554F74747F000E9024F0AE12363A1108833BEF6AE6E052890245AD6FB21AC02A417AA7CBEA8A9820D3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB3452BA7FD869164D67945902353A9A01F6341CC2B6562780CCDEFA4EC48EE171B24A9828A0D10040AB7F217F0D4C04C8847EE2F78CC3B75F30A22FF2687BF86AF80E8E7E07AE568C832C493B1511FCE11C3838687F68F248D965E9703A3525380C85188F5A6542B37FCBEB03FD9CEA3E891B924E820A2A64EBE1200992D0C3DE040A46C8F77C4F31CCFA578D4907A7EF2EA19D465F71A4839C9379621FE8A8038B3B5EF712FD7D252C988FF1CD6BFEB2800DB852306A1B15373D5408DF1A1BF1627A5A522DF9BFD2F147492CB7E9B2E008E17857E445BC301962BF682987D5985AEDE7ED2503002385EE6F9E04A6F77DE3E6A39F41582A8F35CD01D5A5D4078BDD8067C5252E992063B9210C0748F6ACC3A936575EFA7A8F118C8F85D0AD5281E45FEEBA31965BFB9C97311D667B4D37EDF85E12260A3833486E1992FABECFD380FB490F1EDC8A88D3BAA4DE9D6E8B09BBE901C2D9665F9F080A7E7CC9B90903538E72EA15205FBFC39BB6C07B56B7B41A5436448CF3E39F123752A336D47E3194909DD8950B853C36F45718216ACAEE895447D2261D2BA03D14DED08C48A12590BE2E496F449C3D0DC5279C87E5301021CAB591E24C8FB47401A0ACEC535A4A259DBE8EC97E39A83C51FDEA7808CA1688DAB38451F35E11B5A346454E36032F46F09CE19E6963054C9DE40313956E9F7D6C2A9457085A9093E5B60FF6B7EB07FBC4C9DBB93C967ED8F79B4AC8D564F251ADB3112A023830B27309DE0521D6285F667BFDBF33C2E4126D9589E2146AF8E90C202A56DB2492CFBE8AEEE8C0FB0FA2E71BABA38A4C2CBC5277EAF920B03F3F3E73753D1A3AFC377BBBDEE6668458071FC6AA31060C6C31BE1C81FDCEDB75E0BAE26C123E8ED9CBA4CF3099E9914964274FA8856D4D62DB8B12BE31F40771EDBDDDEBDAD125B6837530496BA3B546265E3AB2138A4FEBBCD81DFD2BF03D2B1B480036746378C6E9707A749E71F55C4B66423E9DAB470E670BB17AD4A17FC0B41E9F708F8076DD9BD97DE0C73550B8E7A35322C1A2DCF105C6FC53EE6AC4F0164743242FC082F6CBBBBF21CF5532AFA1438F18EAC7ACE0D17ADA8E0BB2F3A3AF8FA53E2AB971B04163F62A72B9FD38B4B14DC1DBF545CC1E515F9411E6EADF8888"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(2316)
c:\docume~1\Dany\LOCALS~1\Temp\IadHide4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\IoctlSvc.exe
e:\xp\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Heure de fin: 2010-04-22 22:02:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-22 20:02

Avant-CF: 28 787 978 240 octets libres
Après-CF: 28 639 907 840 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /NOEXECUTE=OPTIN /FASTDETECT

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7459F36E88C8F3771724B9D3EFCF7941
0
Réponse 23 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour dbourgeo, il n'est pas transposable sur un autre ordinateur !

crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScrip
Copies y ce texte dedans et enregistres le

KillAll::

Driver::

SKYNET


* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

Je cherche beaucoup...et maintenant je trouve !
(sourire)
0
Réponse 24 / 72
dbourgeo Messages postés 75 Statut Membre
 
Partie 1


ComboFix 10-04-21.01 - Dany 23/04/2010 6:25.4.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1498 [GMT 2:00]
Lancé depuis: c:\documents and settings\Dany\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Dany\Bureau\CFScript.txt
AV: BitDefender Internet Security v10 *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Internet Security v10 *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3602737474-2172167897-2797940940-1000
c:\$recycle.bin\S-1-5-21-4200881234-2146675543-2877990657-1000

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNET


((((((((((((((((((((((((((((( Fichiers créés du 2010-03-23 au 2010-04-23 ))))))))))))))))))))))))))))))))))))
.

2010-04-22 18:56 . 2010-04-22 19:00 -------- d-----w- c:\program files\ZHPDiag
2010-04-22 16:36 . 2010-04-22 18:20 -------- d-----w- C:\Kill'em
2010-04-22 16:35 . 2010-04-22 18:29 -------- d-----w- c:\program files\List_Kill'em
2010-04-22 11:05 . 2010-04-22 11:05 -------- d-----w- C:\rsit
2010-04-22 11:05 . 2010-04-22 11:05 -------- d-----w- c:\program files\trend micro
2010-04-22 09:46 . 2010-04-22 09:46 -------- d-----w- c:\program files\ESET
2010-04-21 11:07 . 2010-04-21 11:07 388096 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-19 16:12 . 2010-04-19 16:12 -------- d-----w- c:\program files\TomTom International B.V
2010-04-18 09:39 . 2010-04-18 09:39 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-18 09:23 . 2010-04-18 09:23 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-04-18 07:46 . 2010-04-18 07:46 -------- d-----w- c:\program files\Microsoft.NET
2010-04-18 07:43 . 2010-04-18 07:43 -------- d-----w- c:\windows\SHELLNEW
2010-04-18 07:42 . 2010-04-18 07:42 -------- d-----r- C:\MSOCache
2010-04-17 21:46 . 2010-04-17 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-04-17 19:27 . 2010-04-17 19:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-17 19:17 . 2010-04-17 21:47 53248 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-04-17 19:16 . 2010-04-17 19:16 -------- d-----w- c:\documents and settings\Dany\Local Settings\Application Data\Logishrd
2010-04-17 19:10 . 2010-04-17 19:11 -------- d-----w- c:\documents and settings\Dany\Application Data\Logishrd
2010-04-16 18:00 . 2010-04-16 18:00 -------- d-----w- c:\program files\TrendMicro
2010-04-14 05:15 . 2010-04-14 05:53 -------- d-----w- c:\program files\Trojan Killer
2010-04-13 06:36 . 2010-04-22 07:57 -------- d-----w- C:\Ad-Remover
2010-04-12 23:11 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-12 11:57 . 2010-04-12 19:51 -------- d-----w- c:\documents and settings\Dany\Local Settings\Application Data\Google
2010-04-12 10:37 . 2010-04-12 10:37 699904 ----a-w- c:\windows\is-5NVC6.exe
2010-04-12 08:59 . 2010-04-12 08:59 140288 ----a-w- c:\windows\system32\drivers\ethsrmex.sys
2010-04-07 19:08 . 2010-04-07 19:08 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-04-02 14:30 . 2010-04-02 14:30 -------- d-----w- c:\program files\DIFX
2010-04-02 14:30 . 2006-12-21 22:11 40576 ------w- c:\windows\system32\drivers\VCommUSB.sys
2010-04-02 09:29 . 2010-04-02 09:29 516480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
2010-04-02 09:29 . 2010-04-02 09:29 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 20:21 . 2010-02-20 21:16 -------- d-----w- c:\documents and settings\Dany\Application Data\vlc
2010-04-22 20:01 . 2009-03-07 14:21 -------- d-----w- c:\documents and settings\Dany\Application Data\WeatherWatcher
2010-04-22 18:49 . 2004-08-05 12:00 546120 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-22 18:49 . 2004-08-05 12:00 99178 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-22 12:02 . 2004-08-05 12:00 42112 ----a-w- c:\windows\system32\drivers\Imapi.sys
2010-04-22 08:54 . 2007-03-20 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-19 16:58 . 2007-03-19 16:56 58136 ----a-w- c:\documents and settings\Dany\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 16:46 . 2007-03-19 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 16:43 . 2007-03-20 13:02 117248 ----a-w- c:\windows\system32\drivers\SSIDRV.sys
2010-04-19 16:39 . 2007-03-21 13:35 -------- d-----w- c:\program files\TechniSat DVB
2010-04-19 16:39 . 2007-03-19 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 16:38 . 2007-03-19 16:12 -------- d-----w- c:\program files\Smartione
2010-04-19 16:37 . 2009-09-26 15:12 -------- d-----w- c:\program files\ProgFinder
2010-04-19 16:36 . 2009-08-12 11:06 -------- d-----w- c:\program files\Panda Security
2010-04-19 16:34 . 2007-03-21 13:35 -------- d-----w- c:\program files\DVBViewerTE
2010-04-19 16:22 . 2007-04-05 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-04-19 15:46 . 2009-09-19 17:52 4945232 ----a-w- c:\documents and settings\Dany\Application Data\TomTom\HOME\Profiles\w3c08jqu.default\extensions\Navcore.8.413.1237@tomtom.com\8-413-1237-1.dll
2010-04-17 21:47 . 2007-12-10 07:36 -------- d-----w- c:\program files\Fichiers communs\Logishrd
2010-04-17 19:15 . 2007-03-19 14:55 -------- d-----w- c:\program files\Logitech
2010-04-17 19:14 . 2007-03-19 14:55 -------- d-----w- c:\program files\Fichiers communs\Logitech
2010-04-15 15:49 . 2009-02-08 07:42 -------- d-----w- c:\program files\Google
2010-04-12 10:40 . 2008-10-01 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 10:37 . 2008-10-01 13:10 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 07:29 . 2007-04-30 20:15 -------- d-----w- c:\program files\BitTorrent_DNA
2010-04-09 09:29 . 2010-03-19 10:27 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-09 09:29 . 2010-03-19 10:27 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-08 10:10 . 2007-05-18 12:30 -------- d-----w- c:\program files\FastStone Capture
2010-04-02 14:42 . 2008-06-18 10:05 335 -c--a-w- c:\windows\nsreg.dat
2010-03-29 22:46 . 2008-10-01 13:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2008-10-01 13:10 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 19:36 . 2007-03-20 12:36 -------- d-----w- c:\program files\CCleaner
2010-03-23 09:27 . 2010-03-19 10:27 3749200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-03-20 16:00 . 2007-06-23 13:34 -------- d-----w- c:\documents and settings\Dany\Application Data\Canon
2010-03-19 10:27 . 2010-03-19 10:27 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 13:51 . 2008-12-19 06:37 -------- d-----w- c:\documents and settings\Dany\Application Data\dvdcss
2010-03-03 09:23 . 2007-03-19 15:54 -------- d-----w- c:\program files\IZArc
2010-02-25 20:47 . 2007-03-19 16:26 -------- d-----w- c:\documents and settings\Dany\Application Data\HARVEST S.A
2010-02-25 20:46 . 2010-02-25 20:46 -------- d-----w- c:\program files\ClickImpots plus SCI 2010
2010-02-25 18:11 . 2007-05-04 20:42 -------- d-----w- c:\program files\AM-DeadLink
2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:23 . 2010-03-19 10:27 283984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
2010-02-16 19:06 . 2004-08-05 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2004-08-04 00:49 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:01 . 2010-03-19 10:27 259408 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
2010-02-16 11:00 . 2010-03-19 10:27 226640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
2010-02-16 11:00 . 2010-03-19 10:27 390480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
2010-02-16 11:00 . 2010-03-19 10:27 173392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
2010-02-16 11:00 . 2010-03-19 10:27 296272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
2010-02-16 11:00 . 2010-03-19 10:27 345424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
2010-02-16 11:00 . 2010-03-19 10:27 206160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
2010-02-16 11:00 . 2010-03-19 10:27 177488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
2010-02-16 11:00 . 2010-03-19 10:27 206160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll
2010-02-12 10:03 . 2010-02-24 22:13 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-03-19 10:16 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2010-03-19 10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-01 09:45 . 2010-02-01 09:45 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-02-01 09:45 . 2010-02-01 09:45 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-02-01 09:44 . 2010-02-01 09:44 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2006-05-03 09:06 . 2009-10-09 15:07 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-10-09 15:07 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-10-09 15:07 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2008-11-18 1081344]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-06-07 20480]
"RSRWin.exe"="c:\windows\RSRWin.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBDriver"="c:\program files\Keyboard Driver\OEMDriver.exe" [2004-08-25 151552]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RSRWin.exe"="c:\windows\RSRWin.exe" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= "c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-07 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-02-27 09:24 159744 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Server4PC.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Dany^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]
path=c:\documents and settings\Dany\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-03-29 22:46 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2009-08-21 10:36 878080 ----a-w- c:\windows\system32\PrintDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Kyodai Mahjongg\\kmj.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19/03/2010 12:27 64288]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [26/03/2007 16:26 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [26/03/2007 16:26 52224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [07/04/2010 21:07 114984]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys [21/09/2005 10:17 5632]
R1 SABKUTIL;SABKUTIL;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS [20/02/2007 15:02 32256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [07/04/2010 21:07 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [01/10/2008 15:10 303952]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [16/11/2009 14:52 77824]
R2 RegServ;RegServ;c:\windows\SRNTService.exe [12/11/2009 12:14 69632]
R2 TomTomHOMEService;TomTomHOMEService;f:\tomtom home 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [02/11/2009 10:32 762112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/10/2008 15:10 20824]
S2 gupdate1c989c0d9b3d5dc;Google Update Service (gupdate1c989c0d9b3d5dc);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2009 09:42 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [05/08/2004 14:00 3584]
S2 tqavcdyu;Logitech AEC Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 14:00 14336]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 17:52 1265264]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14/04/2004 14:52 20736]
S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [19/03/2007 17:32 15104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2007 19:37 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tqavcdyu
.
Contenu du dossier 'Tâches planifiées'

2010-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:29]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:42]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:42]

2010-04-22 c:\windows\Tasks\User_Feed_Synchronization-{B4010896-F085-4E90-8706-E2D3865DFB9B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 72
dbourgeo Messages postés 75 Statut Membre
 
Partie 2


------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
IE: Ajouter au fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: secuser.com\www
TCP: {9E9D081D-EAA5-4C2C-ABA7-6BA4EE5C7653} = 212.27.54.252,213.228.0.23
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
FF - ProfilePath - c:\documents and settings\Dany\Application Data\Mozilla\Firefox\Profiles\6ndeje8e.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.my.yahoo.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\xp\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\xp\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\xp\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 06:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1409082233-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A017AF56-B493-BA8F-B78A-ABAC1F958DAB}*]
"faigafmkfagb"=hex:6d,62,6e,67,67,6a,6f,63,66,6b,62,6b,67,6a,6f,6d,6d,62,61,6b,
64,65,65,69,6a,69,6b,6b,63,6f,63,6a,6f,6a,66,6d,68,62,6e,70,68,68,65,66,64,\
"gajeimeomgllde"=hex:63,61,6b,66,66,68,00,00
"gaiennfajdkfje"=hex:63,61,6b,66,66,68,00,00

[HKEY_USERS\S-1-5-21-1409082233-261903793-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c9,8a,a1,d3,ea,6c,33,6c,1a,e7,0d,94,b3,e1,f4,f7,96,79,6f,5e,d5,25,6e,
08,a3,e8,1e,f3,1a,70,7e,89,36,32,94,d1,a6,5a,6b,3e,40,01,54,44,f7,21,de,8b,\
"??"=hex:6b,17,e5,79,7b,28,33,4c,05,ba,2a,9e,a9,42,7d,26

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000040c
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{B91B907B-3542-4DDB-84FA-55EDE3F13969}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.40.10"
"UniqueId"="0007876D4BD01B15"
"ScannerBuild"=dword:00001aeb
"ScannerVersionId"=dword:00001390
"ScannerVersion"="Open window for status."

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI04.00.00.01PRO"="9D8A793893C67688BABF2127E6827D4EDA27D0B11FE83A54D5B0D036F379505986151D5064A59CBDED6A2809C6A9A2B32649710525FAD4FDAAF876CF66BE1FBE69B863305159C752A70E9D905181A2C6BAA61FF21A7210CD84CF997A8EA3CA554F74747F000E9024F0AE12363A1108833BEF6AE6E052890245AD6FB21AC02A417AA7CBEA8A9820D3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB3452BA7FD869164D67945902353A9A01F6341CC2B6562780CCDEFA4EC48EE171B24A9828A0D10040AB7F217F0D4C04C8847EE2F78CC3B75F30A22FF2687BF86AF80E8E7E07AE568C832C493B1511FCE11C3838687F68F248D965E9703A3525380C85188F5A6542B37FCBEB03FD9CEA3E891B924E820A2A64EBE1200992D0C3DE040A46C8F77C4F31CCFA578D4907A7EF2EA19D465F71A4839C9379621FE8A8038B3B5EF712FD7D252C988FF1CD6BFEB2800DB852306A1B15373D5408DF1A1BF1627A5A522DF9BFD2F147492CB7E9B2E008E17857E445BC301962BF682987D5985AEDE7ED2503002385EE6F9E04A6F77DE3E6A39F41582A8F35CD01D5A5D4078BDD8067C5252E992063B9210C0748F6ACC3A936575EFA7A8F118C8F85D0AD5281E45FEEBA31965BFB9C97311D667B4D37EDF85E12260A3833486E1992FABECFD380FB490F1EDC8A88D3BAA4DE9D6E8B09BBE901C2D9665F9F080A7E7CC9B90903538E72EA15205FBFC39BB6C07B56B7B41A5436448CF3E39F123752A336D47E3194909DD8950B853C36F45718216ACAEE895447D2261D2BA03D14DED08C48A12590BE2E496F449C3D0DC5279C87E5301021CAB591E24C8FB47401A0ACEC535A4A259DBE8EC97E39A83C51FDEA7808CA1688DAB38451F35E11B5A346454E36032F46F09CE19E6963054C9DE40313956E9F7D6C2A9457085A9093E5B60FF6B7EB07FBC4C9DBB93C967ED8F79B4AC8D564F251ADB3112A023830B27309DE0521D6285F667BFDBF33C2E4126D9589E2146AF8E90C202A56DB2492CFBE8AEEE8C0FB0FA2E71BABA38A4C2CBC5277EAF920B03F3F3E73753D1A3AFC377BBBDEE6668458071FC6AA31060C6C31BE1C81FDCEDB75E0BAE26C123E8ED9CBA4CF3099E9914964274FA8856D4D62DB8B12BE31F40771EDBDDDEBDAD125B6837530496BA3B546265E3AB2138A4FEBBCD81DFD2BF03D2B1B480036746378C6E9707A749E71F55C4B66423E9DAB470E670BB17AD4A17FC0B41E9F708F8076DD9BD97DE0C73550B8E7A35322C1A2DCF105C6FC53EE6AC4F0164743242FC082F6CBBBBF21CF5532AFA1438F18EAC7ACE0D17ADA8E0BB2F3A3AF8FA53E2AB971B04163F62A72B9FD38B4B14DC1DBF545CC1E515F9411E6EADF8888"

[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(3136)
c:\docume~1\Dany\LOCALS~1\Temp\IadHide4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\IoctlSvc.exe
e:\xp\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Heure de fin: 2010-04-23 06:41:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-23 04:41
ComboFix2.txt 2010-04-22 20:02

Avant-CF: 28 628 656 128 octets libres
Après-CF: 28 673 585 152 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7FD5630B2E001D02DF100745F1A40DB2
v
0
Réponse 26 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
vu

firefox surement à desinstaller et à réinstaller

faire un nouveau rapport ZHPdiag et poster le lien stp

me dire ensuite comment va le pc...
0
Réponse 27 / 72
dbourgeo Messages postés 75 Statut Membre
 
Bonjour moment de grace,

C'est bon je n'ai plus aucune menace et de plus mon PC semble plus fluide.
Par contre au démarrage du PC j'ai un message windows avec une croix rouge:

svchost.exe - Erreur d'application
L'instruction à "0x7c92b21a" emploie l'adresse mémoire "0x00000010". La mémoire ne peut pas être "written".
Cliquez sur OK pour terminer le programme.
Cliquez sur Annuler pour déboguer le programme.
OK Annuler

Mais ce n'est pas grave un coup de OK et tout marche et plus d'attaque.C'est le principal.

Je te remercie beaucoup pour tout ce que tu as fait et surtout le temps que tu m'as consacré pour résoudre mon problème. C'est vraiment sympa de consacré du temps comme cela et de la disponibilité.
Cordialement Daniel.
0
Réponse 28 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
svchost.exe - Erreur d'application

faudrait pas qu'il le fasse à chaque redémarrage

en attente d'un nouveau ZHP pour finaliser ainsi que ceci

télécharges Hijackthis
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Lancer HijackThis en double-cliquant sur l'icône du logiciel
Au menu principal, cliquer sur Do a system Scan only and Save a Logfile
Un rapport sera alors généré dans un fichier bloc-notes, il sera situé dans le dossier désinfection initialement créé pour l'installation.
Postes le ici





0
Réponse 29 / 72
dbourgeo Messages postés 75 Statut Membre
 
Si, si j'ai le message à chaque démarrage mais ce n'est pas grave je fais OK et le message disparait, le principal est de ne plus avoir toutes ces menaces.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16:42, on 23/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PrintCtrl.exe
C:\WINDOWS\srntservice.exe
E:\XP\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
F:\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Keyboard Driver\OEMDriver.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\XP\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KBDriver] "C:\Program Files\Keyboard Driver\OEMDriver.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WeatherWatcher] "C:\Program Files\Weather Watcher\ww.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RSRWin.exe] C:\Windows\RSRWin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [RSRWin.exe] C:\Windows\RSRWin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [RSRWin.exe] C:\Windows\RSRWin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [RSRWin.exe] C:\Windows\RSRWin.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RSRWin.exe] C:\Windows\RSRWin.exe (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E9D081D-EAA5-4C2C-ABA7-6BA4EE5C7653}: NameServer = 212.27.54.252,213.228.0.23
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c989c0d9b3d5dc) (gupdate1c989c0d9b3d5dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - https://www.all2pdf.com/ - C:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: RegServ - Unknown owner - C:\WINDOWS\srntservice.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\XP\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - F:\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 30 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
depuis quand as tu ce message, est ce depuis une manip ?

de plus

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier :

C:\WINDOWS\is-5NVC6.exe
C:\WINDOWS\System32\drivers\ethsrmex.sys
C:\WINDOWS\xgicode.ini
C:\WINDOWS\Nhegea.exe
C:\WINDOWS\System32\WinSys.exe



Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers :

Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK
0
Réponse 31 / 72
dbourgeo Messages postés 75 Statut Membre
 
Fihier c;\Windows\is-5NVC6.exe

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.04.22 -
AhnLab-V3 5.0.0.2 2010.04.22 -
AntiVir 8.2.1.220 2010.04.22 -
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.22 -
Avast 4.8.1351.0 2010.04.22 -
Avast5 5.0.332.0 2010.04.22 -
AVG 9.0.0.787 2010.04.22 -
BitDefender 7.2 2010.04.22 -
CAT-QuickHeal 10.00 2010.04.22 -
ClamAV 0.96.0.3-git 2010.04.22 -
Comodo 4665 2010.04.22 -
DrWeb 5.0.2.03300 2010.04.22 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7443 2010.04.22 -
F-Prot 4.5.1.85 2010.04.21 -
F-Secure 9.0.15370.0 2010.04.22 -
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.22 -
Ikarus T3.1.1.80.0 2010.04.22 -
Jiangmin 13.0.900 2010.04.22 -
Kaspersky 7.0.0.125 2010.04.22 -
McAfee 5.400.0.1158 2010.04.22 -
McAfee-GW-Edition 6.8.5 2010.04.22 -
Microsoft 1.5703 2010.04.22 -
NOD32 5050 2010.04.22 -
Norman 6.04.11 2010.04.21 -
nProtect 2010-04-22.01 2010.04.22 -
Panda 10.0.2.7 2010.04.21 -
PCTools 7.0.3.5 2010.04.22 -
Rising 22.44.03.04 2010.04.22 -
Sophos 4.53.0 2010.04.22 -
Sunbelt 6207 2010.04.22 -
Symantec 20091.2.0.41 2010.04.22 -
TheHacker 6.5.2.0.267 2010.04.22 -
TrendMicro 9.120.0.1004 2010.04.22 -
VBA32 3.12.12.4 2010.04.22 -
ViRobot 2010.4.21.2288 2010.04.22 -
VirusBuster 5.0.27.0 2010.04.22 -
Information additionnelle
File size: 699904 bytes
MD5 : 0637235e56d68e8cdb1d204508434a05
SHA1 : 5f66a8bcd9cbca76b6cbccf5cd798eb3e2c31ea7
SHA256: c99beeab3a4d46deb4cdec5abf18fb4873b6e1194b694c2483980ecc569a8822
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x93D30
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x92F68 0x93000 6.58 ee865207fd1c9133909c151d2dfb581f
DATA 0x94000 0x1040 0x1200 4.11 b61bff6add72122582dccbd11daba273
BSS 0x96000 0x1494 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x98000 0x25A4 0x2600 5.03 466bb5755f9b35bcf5c5ea65669d018f
.tls 0x9B000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x9C000 0x18 0x200 0.20 c69afab126bf434e49f23fb46e4baac7
.reloc 0x9D000 0x87F4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xA6000 0x14000 0x14000 4.92 ead6495f7406d336a7511e9bff65f180

( 11 imports )

> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, AdjustTokenPrivileges
> comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls
> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA
> gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits, ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceA
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle, lstrcmpA, WriteProfileStringA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, TransactNamedPipe, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExA, LoadLibraryA, IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetComputerNameA, GetCommandLineA, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DeviceIoControl, DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime, CloseHandle
> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum
> ole32.dll: CoTaskMemFree, CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID, CoDisconnectObject
> oleaut32.dll: SafeArrayPutElement, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen, GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
> shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA, SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc
> user32.dll: MessageBoxA, WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA

( 0 exports )
TrID : File type identification
Windows OCX File (86.8%)
Win32 Executable Delphi generic (10.3%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 12288:m0QfKb+GlrPj37VzHEA6Yd2qKvJ4wyyrNQIRZCGkK3ch/bcXExy4:+fKb+GlrPj37VzHEA6B3vDaCCGkJ/bcQ
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: Setup/Uninstall
original name: n/a
internal name: n/a
file version.: 51.51.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
0
Réponse 32 / 72
dbourgeo Messages postés 75 Statut Membre
 
Fichier c:\Windows\xgicode.ini


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.04.23 -
AhnLab-V3 5.0.0.2 2010.04.23 -
AntiVir 8.2.1.220 2010.04.22 -
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.23 -
Avast 4.8.1351.0 2010.04.22 -
Avast5 5.0.332.0 2010.04.22 -
AVG 9.0.0.787 2010.04.22 -
BitDefender 7.2 2010.04.23 -
CAT-QuickHeal 10.00 2010.04.23 -
ClamAV 0.96.0.3-git 2010.04.23 -
Comodo 4669 2010.04.23 -
DrWeb 5.0.2.03300 2010.04.23 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7444 2010.04.22 -
F-Prot 4.5.1.85 2010.04.23 -
F-Secure 9.0.15370.0 2010.04.23 -
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.23 -
Ikarus T3.1.1.80.0 2010.04.23 -
Jiangmin 13.0.900 2010.04.23 -
Kaspersky 7.0.0.125 2010.04.23 -
McAfee 5.400.0.1158 2010.04.23 -
McAfee-GW-Edition 6.8.5 2010.04.22 -
Microsoft 1.5703 2010.04.23 -
NOD32 5051 2010.04.22 -
Norman 6.04.11 2010.04.22 -
nProtect 2010-04-22.01 2010.04.22 -
Panda 10.0.2.7 2010.04.22 -
PCTools 7.0.3.5 2010.04.23 -
Prevx 3.0 2010.04.23 -
Rising 22.44.04.03 2010.04.23 -
Sophos 4.53.0 2010.04.23 -
Sunbelt 6211 2010.04.23 -
Symantec 20091.2.0.41 2010.04.23 -
TheHacker 6.5.2.0.267 2010.04.22 -
TrendMicro 9.120.0.1004 2010.04.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.23 -
VBA32 3.12.12.4 2010.04.22 -
ViRobot 2010.4.22.2290 2010.04.22 -
VirusBuster 5.0.27.0 2010.04.22 -
Information additionnelle
File size: 18 bytes
MD5...: 116d5fdaddbf211444542b4bda64c596
SHA1..: 2d803bb940860d0b68b0eb862e50ed646ca44310
SHA256: bbcfd7e34c166ce1a1e7302533540abc9f95f0480522bdf01b1e7398a577f83f
ssdeep: 3:SYgM:rgM
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
0
Réponse 33 / 72
dbourgeo Messages postés 75 Statut Membre
 
Fichier C:\Windows\systeme32\drivers\ethsrmex.sys


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.04.23 -
AhnLab-V3 5.0.0.2 2010.04.23 -
AntiVir 8.2.1.220 2010.04.22 TR/Rootkit.Gen
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.23 -
Avast 4.8.1351.0 2010.04.22 -
Avast5 5.0.332.0 2010.04.22 -
AVG 9.0.0.787 2010.04.22 -
BitDefender 7.2 2010.04.23 -
CAT-QuickHeal 10.00 2010.04.23 -
ClamAV 0.96.0.3-git 2010.04.23 -
Comodo 4669 2010.04.23 -
DrWeb 5.0.2.03300 2010.04.23 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7444 2010.04.22 -
F-Prot 4.5.1.85 2010.04.23 -
F-Secure 9.0.15370.0 2010.04.23 -
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.23 -
Ikarus T3.1.1.80.0 2010.04.23 -
Jiangmin 13.0.900 2010.04.23 -
Kaspersky 7.0.0.125 2010.04.23 -
McAfee 5.400.0.1158 2010.04.23 -
McAfee-GW-Edition 6.8.5 2010.04.22 Trojan.Rootkit.Gen
Microsoft 1.5703 2010.04.23 -
NOD32 5051 2010.04.22 -
Norman 6.04.11 2010.04.22 -
nProtect 2010-04-22.01 2010.04.22 -
Panda 10.0.2.7 2010.04.22 -
PCTools 7.0.3.5 2010.04.23 -
Prevx 3.0 2010.04.23 -
Rising 22.44.04.03 2010.04.23 -
Sophos 4.53.0 2010.04.23 -
Sunbelt 6211 2010.04.23 -
Symantec 20091.2.0.41 2010.04.23 -
TheHacker 6.5.2.0.267 2010.04.22 -
TrendMicro 9.120.0.1004 2010.04.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.23 -
VBA32 3.12.12.4 2010.04.22 -
ViRobot 2010.4.22.2290 2010.04.22 -
VirusBuster 5.0.27.0 2010.04.22 -
Information additionnelle
File size: 140288 bytes
MD5...: 067ec9c052b80677e7858eb2df6942f6
SHA1..: e05b6a0a793696a0e39922c4bc779b5368ea6f8b
SHA256: 8e02e9298a6912e8f1d39076f0a95aca775f321662add9ae6422fe0789da8d3a
ssdeep: 1536:MypbS2JmPyIAWYD9brjv7cXCa91BrZth+qVOYzRl9Jb+unAvdpwHnDX2AyU
Sr7v4:lxakl9L4XN1BrV1VOYtlL7A1pAX2nV
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4bc2dca1 (Mon Apr 12 08:41:05 2010)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x21250 0x21400 7.84 3d4a7c053d81e8b6b95591f1cf3d9ca6
.data 0x23000 0x80 0x200 1.10 1baac95186969199e246a4df21c9ef14
.rdata 0x24000 0x8 0x200 0.14 32c48ea3b649412e20ffec7c17c058f6
.edata 0x25000 0x4d 0x200 0.93 ebebd773361e7f113e27d909051a7bc4
.idata 0x26000 0x298 0x400 3.54 72a32f02f600eadfc8a5b0e6ea69ee52
.reloc 0x27000 0x74 0x200 1.73 eb299c51152a50c271b27545c9e84720

( 2 imports )
> ntoskrnl.exe: DbgPrint, ExAllocatePoolWithTag, ExFreePoolWithTag, IoGetCurrentProcess, KeBugCheckEx, KeQueryTimeIncrement, KeTickCount, MmMapLockedPagesSpecifyCache, ObReferenceObjectByHandle, ObfReferenceObject, RtlAnsiCharToUnicodeChar, ZwQuerySystemInformation, _except_handler3, strncpy, strstr, wcsncpy
> ntoskrnl.exe: ExAllocatePoolWithTag

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win16/32 Executable Delphi generic (33.9%)
Generic Win/DOS Executable (32.7%)
DOS Executable Generic (32.7%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Symantec Reputation Network: Suspicious.Insight https://www.broadcom.com/support/security-center
0
Réponse 34 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
vu les trois premiers....
0
Réponse 35 / 72
dbourgeo Messages postés 75 Statut Membre
 
Bon désolé je ne trouve pas les fichiers C:\Windows\Nhegea.exe et C:\Windows\systeme32\WinSys.exe
J'ai fait tout le fichier windows et rien.
je vais faire une recherche avec la fonction rechercher.
0
Réponse 36 / 72
dbourgeo Messages postés 75 Statut Membre
 
Pour Nhgea.exe n(existe pas sur mon PC
Pour l'autre j'ai: WinSys.exe.vir C:\Qoobox\Quarantine\\WINDOWS\system32
ça se complique j'ai l'impression.
A+
0
Réponse 37 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
non on va y arriver

juste pour être sûr

Télécharge SEAF ( de C__XX ) sur ton bureau :

ici http://pagesperso-orange.fr/NosTools/C_XX/SEAF.exe


* Double clique sur "SEAF.exe" ( clique droit et "Exécuter en tant qu'administrateur" pour Vista / 7 ) pour lancer l'outil.

* Dans l'encardré blanc " Entrez ci dessous...." copie/colle ceci :


Nhegea.exe



* Au niveau des " options des fichiers ", fait les réglages suivant :
> A "Calculer le checksum" , choisis : MD5
> Coche la case devant " Info. supplémentaire ".
> Coche la case devant " Afficher les ADS "

* Au niveau des " options du registre " :
> coche " chercher également dans le registre "

( ne touche à aucun autre réglage )

* Clique sur " Lancer la recherche " et laisse travailler l'outil ...
( cela peut-être plus ou moins long suivant les cas ).

--> Une fois terminé, une fenêtre avec un log .txt va s'afficher. Enregistre ce rapport de façon à le retrouver facilement ( sur le bureau par exemple ). Sinon il sera en outre sauvegardé à la racine de ton disque dur ( ici > C:\SEAFLog.txt )
0
Réponse 38 / 72
dbourgeo Messages postés 75 Statut Membre
 
Voila le résultat suite à l'analyse.

1. ========================= SEAF 1.0.0.7 - C_XX
2.
3. Commencé à: 12:40:37 le 23/04/2010
4.
5. Valeur(s) recherchée(s):
6.
7. Nhegea.exe
8.
9. (!) --- Calcul du Hash "MD5"
10. (!) --- Affichage des ADS
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
15.
16. Aucun fichier trouvé
17.
18. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
19.
20. Aucun dossier trouvé
21.
22.
23. ====== Entrée(s) du registre ======
24.
25.
26.
27. [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
28. "000"="Nhegea.exe"
29.
30. [HKEY_USERS\S-1-5-21-1409082233-261903793-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
31. "000"="Nhegea.exe"
32.
33. =========================
34.
35. Fin à: 13:13:11 le 23/04/2010 ( E.O.F )
0
Réponse 39 / 72
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour dbourgeo, il n'est pas transposable sur un autre ordinateur !

crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScrip
Copies y ce texte dedans et enregistres le

KillAll::

Rootkit::


C:\Windows\systeme32\drivers\ethsrmex.sys

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-
[HKEY_USERS\S-1-5-21-1409082233-261903793-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-

SkipFix::



* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt


0
Réponse 40 / 72
dbourgeo Messages postés 75 Statut Membre
 
Partie 1


ComboFix 10-04-21.01 - Dany 23/04/2010 15:56:04.5.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1221 [GMT 2:00]
Lancé depuis: c:\documents and settings\Dany\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Dany\Bureau\CFScript.txt
AV: BitDefender Internet Security v10 *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Internet Security v10 *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
- Mode FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-23 au 2010-04-23 ))))))))))))))))))))))))))))))))))))
.

2010-04-23 10:39 . 2010-04-23 11:13 -------- d-----w- c:\program files\SEAF
2010-04-22 18:56 . 2010-04-23 06:05 -------- d-----w- c:\program files\ZHPDiag
2010-04-22 16:36 . 2010-04-22 18:20 -------- d-----w- C:\Kill'em
2010-04-22 16:35 . 2010-04-22 18:29 -------- d-----w- c:\program files\List_Kill'em
2010-04-22 11:05 . 2010-04-23 06:15 -------- d-----w- c:\program files\trend micro
2010-04-22 11:05 . 2010-04-22 11:05 -------- d-----w- C:\rsit
2010-04-22 09:46 . 2010-04-22 09:46 -------- d-----w- c:\program files\ESET
2010-04-21 11:07 . 2010-04-21 11:07 388096 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-19 16:12 . 2010-04-19 16:12 -------- d-----w- c:\program files\TomTom International B.V
2010-04-18 09:39 . 2010-04-18 09:39 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-18 09:23 . 2010-04-18 09:23 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-04-18 07:46 . 2010-04-18 07:46 -------- d-----w- c:\program files\Microsoft.NET
2010-04-18 07:43 . 2010-04-18 07:43 -------- d-----w- c:\windows\SHELLNEW
2010-04-18 07:42 . 2010-04-18 07:42 -------- d-----r- C:\MSOCache
2010-04-17 21:46 . 2010-04-17 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-04-17 19:27 . 2010-04-17 19:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-17 19:17 . 2010-04-17 21:47 53248 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-04-17 19:16 . 2010-04-17 19:16 -------- d-----w- c:\documents and settings\Dany\Local Settings\Application Data\Logishrd
2010-04-17 19:10 . 2010-04-17 19:11 -------- d-----w- c:\documents and settings\Dany\Application Data\Logishrd
2010-04-16 18:00 . 2010-04-16 18:00 -------- d-----w- c:\program files\TrendMicro
2010-04-14 05:15 . 2010-04-14 05:53 -------- d-----w- c:\program files\Trojan Killer
2010-04-13 12:26 . 2010-04-21 09:01 193872 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
2010-04-13 12:26 . 2010-04-21 09:01 1000784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
2010-04-13 06:36 . 2010-04-22 07:57 -------- d-----w- C:\Ad-Remover
2010-04-12 23:11 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-12 11:57 . 2010-04-12 19:51 -------- d-----w- c:\documents and settings\Dany\Local Settings\Application Data\Google
2010-04-12 10:37 . 2010-04-12 10:37 699904 ----a-w- c:\windows\is-5NVC6.exe
2010-04-12 08:59 . 2010-04-12 08:59 140288 ----a-w- c:\windows\system32\drivers\ethsrmex.sys
2010-04-07 19:08 . 2010-04-07 19:08 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:22 . 2010-04-03 17:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-02 14:30 . 2010-04-02 14:30 -------- d-----w- c:\program files\DIFX
2010-04-02 14:30 . 2006-12-21 22:11 40576 ------w- c:\windows\system32\drivers\VCommUSB.sys
2010-04-02 09:29 . 2010-04-02 09:29 516480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
2010-04-02 09:29 . 2010-04-02 09:29 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 10:31 . 2007-03-19 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-23 06:07 . 2010-02-02 19:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-23 04:41 . 2009-03-07 14:21 -------- d-----w- c:\documents and settings\Dany\Application Data\WeatherWatcher
2010-04-22 20:21 . 2010-02-20 21:16 -------- d-----w- c:\documents and settings\Dany\Application Data\vlc
2010-04-22 18:49 . 2004-08-05 12:00 546120 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-22 18:49 . 2004-08-05 12:00 99178 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-22 12:02 . 2004-08-05 12:00 42112 ----a-w- c:\windows\system32\drivers\Imapi.sys
2010-04-22 08:54 . 2007-03-20 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-19 16:58 . 2007-03-19 16:56 58136 ----a-w- c:\documents and settings\Dany\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 16:43 . 2007-03-20 13:02 117248 ----a-w- c:\windows\system32\drivers\SSIDRV.sys
2010-04-19 16:39 . 2007-03-21 13:35 -------- d-----w- c:\program files\TechniSat DVB
2010-04-19 16:39 . 2007-03-19 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 16:38 . 2007-03-19 16:12 -------- d-----w- c:\program files\Smartione
2010-04-19 16:37 . 2009-09-26 15:12 -------- d-----w- c:\program files\ProgFinder
2010-04-19 16:36 . 2009-08-12 11:06 -------- d-----w- c:\program files\Panda Security
2010-04-19 16:34 . 2007-03-21 13:35 -------- d-----w- c:\program files\DVBViewerTE
2010-04-19 16:22 . 2007-04-05 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-04-19 15:46 . 2009-09-19 17:52 4945232 ----a-w- c:\documents and settings\Dany\Application Data\TomTom\HOME\Profiles\w3c08jqu.default\extensions\Navcore.8.413.1237@tomtom.com\8-413-1237-1.dll
2010-04-17 21:47 . 2007-12-10 07:36 -------- d-----w- c:\program files\Fichiers communs\Logishrd
2010-04-17 19:15 . 2007-03-19 14:55 -------- d-----w- c:\program files\Logitech
2010-04-17 19:14 . 2007-03-19 14:55 -------- d-----w- c:\program files\Fichiers communs\Logitech
2010-04-15 15:49 . 2009-02-08 07:42 -------- d-----w- c:\program files\Google
2010-04-12 10:40 . 2008-10-01 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 10:37 . 2008-10-01 13:10 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-12 07:29 . 2007-04-30 20:15 -------- d-----w- c:\program files\BitTorrent_DNA
2010-04-12 05:34 . 2010-03-19 10:27 3757392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-04-12 05:34 . 2010-03-19 10:27 259408 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
2010-04-12 05:33 . 2010-03-19 10:27 226640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
2010-04-12 05:33 . 2010-03-19 10:27 390480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
2010-04-12 05:33 . 2010-03-19 10:27 173392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
2010-04-12 05:33 . 2010-03-19 10:27 296272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
2010-04-12 05:33 . 2010-03-19 10:27 345424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
2010-04-12 05:33 . 2010-03-19 10:27 206160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
2010-04-12 05:33 . 2010-03-19 10:27 177488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
2010-04-12 05:33 . 2010-03-19 10:27 283984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
2010-04-12 05:33 . 2010-03-19 10:27 206160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll
2010-04-09 09:29 . 2010-03-19 10:27 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-09 09:29 . 2010-03-19 10:27 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-08 10:10 . 2007-05-18 12:30 -------- d-----w- c:\program files\FastStone Capture
2010-04-02 14:42 . 2008-06-18 10:05 335 -c--a-w- c:\windows\nsreg.dat
2010-03-29 22:46 . 2008-10-01 13:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2008-10-01 13:10 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 19:36 . 2007-03-20 12:36 -------- d-----w- c:\program files\CCleaner
2010-03-20 16:00 . 2007-06-23 13:34 -------- d-----w- c:\documents and settings\Dany\Application Data\Canon
2010-03-19 10:27 . 2010-03-19 10:27 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 13:51 . 2008-12-19 06:37 -------- d-----w- c:\documents and settings\Dany\Application Data\dvdcss
2010-03-03 09:23 . 2007-03-19 15:54 -------- d-----w- c:\program files\IZArc
2010-02-25 20:47 . 2007-03-19 16:26 -------- d-----w- c:\documents and settings\Dany\Application Data\HARVEST S.A
2010-02-25 20:46 . 2010-02-25 20:46 -------- d-----w- c:\program files\ClickImpots plus SCI 2010
2010-02-25 18:11 . 2007-05-04 20:42 -------- d-----w- c:\program files\AM-DeadLink
2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2004-08-05 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2004-08-04 00:49 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-02-24 22:13 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-03-19 10:16 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2010-03-19 10:27 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-01 09:45 . 2010-02-01 09:45 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-02-01 09:45 . 2010-02-01 09:45 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-02-01 09:44 . 2010-02-01 09:44 10134 ----a-r- c:\documents and settings\Dany\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2006-05-03 09:06 . 2009-10-09 15:07 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-10-09 15:07 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-10-09 15:07 216064 --sh--r- c:\windows\system32\nbDX.dll
.
0

Discussions similaires

Y a t-il une âme charitable pour m'aider ??
Rochat1 -
Rochat1 -

3 réponses
Aide svp modification mot de passe impossible attaque par dictionnaire
marvi1 -
marvi1 -

4 réponses
expressions francaises
bifaka -
lanonyme -

4 réponses
Formulaire VBA bloqué à la saisie
Anouchka2586 -
f894009 -

1 réponse
j'ai le même probleme... si quelqu'un peut m'aider
Deborah -
georges97 -

1 réponse