File-Secure (malgrés les analyse) Fermé

Question

Bonjour, Une fenêtre windows (en apparence) me met un message d'erreur a chaque ouverture de page internet et aussi de dossier... Cette fenêtre m'averti d'avoir un Trojan et qu'il faut installer files secure. J'ai lu les autres messages a propos de ceci mais mon probleme n'est toujours pas réglé...




Clean Navipromo version 3.4.0 commencé le 14/01/2008 à  7:41:50,36

Outil exécuté depuis L:\Program Files
avilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000 
Internet Explorer : 7.0.6000.16546
Système de fichiers : NTFS

Mode suppression automatique 


Executé en mode sans échec

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans L:\Windows\System32 *


* Suppression dans L:\Users\mathieu\AppData\Local\Microsoft *


* Suppression dans L:\Users\mathieu\AppData\Local *



*** Suppression dossiers dans L:\Windows ***


*** Suppression dossiers dans L:\Program Files ***


*** Suppression dossiers dans L:\ProgramData ***


*** Suppression dossiers dans L:\ProgramData\Microsoft\Windows\Start Menu\Programs ***


*** Suppression dossiers dans L:\Users\mathieu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs ***


*** Suppression dossiers dans L:\Users\mathieu\AppData\Local\virtualstore\Program Files ***


*** Suppression dossiers dans L:\Users\mathieu\AppData\Roaming ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu L:\Windows\Temp effectué !
Nettoyage contenu L:\Users\mathieu\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans L:\Windows\system32 *


* Dans L:\Users\mathieu\AppData\Local\Microsoft *


* Dans L:\Users\mathieu\AppData\Local *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !

*** Nettoyage terminé le 14/01/2008 à  7:42:25,47 ***

mgremont · Answer

ComboFix 08-01-14.3 - mathieu 2008-01-14 7:54:44.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1293 [GMT 1:00]
Running from: L:\Users\mathieu\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))))))
.

2008-01-14 07:53 . 2000-08-31 08:00 51,200 --a------ L:\Windows\NirCmd.exe
2008-01-13 20:26 . 2008-01-14 07:42 <REP> d-------- L:\Program Files\Navilog1
2008-01-13 15:59 . 2008-01-13 20:02 <REP> d-------- L:\Program Files\a-squared Free
2008-01-13 15:24 . 2008-01-13 15:53 <REP> d-------- L:\Users\All Users\Spybot - Search & Destroy
2008-01-13 15:24 . 2008-01-13 15:53 <REP> d-------- L:\ProgramData\Spybot - Search & Destroy
2008-01-13 13:23 . 2008-01-13 13:23 226,816 --a------ L:\Windows\sysosa.dll
2008-01-09 08:14 . 2008-01-09 08:14 144,384 --a------ L:\Windows\System32\miccyhook.dll
2008-01-05 22:21 . 2008-01-05 22:21 <REP> d-------- L:\Users\All Users\Trymedia
2008-01-05 22:21 . 2008-01-05 22:21 <REP> d-------- L:\ProgramData\Trymedia
2008-01-05 21:49 . 2008-01-05 21:49 <REP> d-------- L:\Users\mathieu\AppData\Roaming\Eidos
2008-01-05 10:22 . 2008-01-05 10:22 244 --ah----- L:\sqmnoopt00.sqm
2008-01-05 10:22 . 2008-01-05 10:22 232 --ah----- L:\sqmdata00.sqm
2008-01-05 09:48 . 2008-01-05 09:48 54,156 --ah----- L:\Windows\QTFont.qfn
2008-01-05 09:48 . 2008-01-05 09:48 1,409 --a------ L:\Windows\QTFont.for
2007-12-26 20:18 . 2007-12-26 20:18 <REP> d-------- L:\Users\Papa\AppData\Roaming\Autodesk
2007-12-26 20:18 . 2007-12-26 20:23 <REP> d-------- L:\Users\All Users\Autodesk
2007-12-26 20:18 . 2007-12-26 20:23 <REP> d-------- L:\ProgramData\Autodesk
2007-12-26 20:18 . 2007-12-26 20:21 <REP> d-------- L:\Program Files\AutoCAD 2008
2007-12-26 20:17 . 2007-12-26 20:21 <REP> d-------- L:\Program Files\Common Files\Autodesk Shared
2007-12-26 20:17 . 2007-12-26 20:17 <REP> d-------- L:\Program Files\Autodesk
2007-12-26 18:45 . 2007-12-26 18:45 <REP> d-------- L:\Program Files\SEGA
2007-12-21 22:01 . 2007-12-21 22:01 <REP> d-------- L:\Program Files\CCleaner
2007-12-17 21:03 . 2007-12-17 21:03 <REP> d-------- L:\Users\Papa\AppData\Roaming\GRETECH
2007-12-14 12:49 . 2008-01-13 13:31 <REP> d-------- L:\Users\All Users\Lavasoft
2007-12-14 12:49 . 2008-01-13 13:31 <REP> d-------- L:\ProgramData\Lavasoft
2007-12-14 12:49 . 2007-12-14 12:49 <REP> d-------- L:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 12:30 12,632 ----a-w L:\Windows\System32\lsdelete.exe
2008-01-12 16:58 --------- d-----w L:\Users\mathieu\AppData\Roaming\Xfire
2008-01-09 12:48 --------- d--h--w L:\Program Files\InstallShield Installation Information
2008-01-09 12:46 --------- d-----w L:\Users\mathieu\AppData\Roaming\Media Center Programs
2008-01-09 07:35 --------- d-----w L:\ProgramData\Media Center Programs
2008-01-09 07:19 --------- d-----w L:\Program Files\Electronic Arts
2008-01-03 21:26 22,328 ----a-w L:\Windows\system32\drivers\PnkBstrK.sys
2008-01-03 21:25 107,832 ----a-w L:\Windows\System32\PnkBstrB.exe
2007-12-26 20:42 --------- d-----w L:\Program Files\Common Files\Blizzard Entertainment
2007-12-26 15:06 --------- d-----w L:\Users\mathieu\AppData\Roaming\FileZilla
2007-12-26 14:34 --------- d-----w L:\Program Files\Steam
2007-12-25 21:19 --------- d-----w L:\Program Files\Common Files\Steam
2007-12-20 06:43 --------- d-----w L:\ProgramData\Xfire
2007-12-15 19:34 22,328 ----a-w L:\Users\mathieu\AppData\Roaming\PnkBstrK.sys
2007-12-15 19:33 669,184 ----a-w L:\Windows\System32\pbsvc.exe
2007-12-14 11:48 --------- d-----w L:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 10:44 --------- d-----w L:\Program Files\GIGABYTE
2007-12-12 06:28 --------- d-----w L:\Program Files\THQ
2007-12-12 06:21 --------- d-----w L:\Program Files\Xfire
2007-12-09 12:08 --------- d-----w L:\Users\mathieu\AppData\Roaming\Command & Conquer 3 Les guerres du Tiberium
2007-12-08 16:58 --------- d-----w L:\Users\mathieu\AppData\Roaming\IGN_DLM
2007-12-08 12:49 --------- d-----w L:\Program Files\CapCom
2007-12-08 07:43 413,696 ----a-w L:\Windows\System32\wrap_oal.dll
2007-12-08 07:43 110,592 ----a-w L:\Windows\System32\OpenAL32.dll
2007-12-08 07:43 --------- d-----w L:\Program Files\OpenAL
2007-12-07 16:56 15,600 ----a-w L:\Windows\gdrv.sys
2007-12-07 09:44 --------- d-----w L:\Program Files\NVIDIA Corporation
2007-12-07 09:43 --------- d-----w L:\Program Files\Common Files\InstallShield
2007-12-07 09:15 --------- d-----w L:\Program Files\RivaTuner v2.05
2007-12-05 15:15 --------- d-----w L:\Users\mathieu\AppData\Roaming\FrostWire
2007-12-05 09:41 --------- d-----w L:\Users\mathieu\AppData\Roaming\TuneUp Software
2007-12-05 09:41 --------- d-----w L:\Program Files\TuneUp Utilities 2007
2007-12-05 09:40 --------- d-----w L:\ProgramData\TuneUp Software
2007-12-05 07:46 --------- d-----w L:\Users\mathieu\AppData\Roaming\Todae
2007-12-04 16:23 --------- d-----w L:\Program Files\Futuremark
2007-12-04 14:53 23,152 ----a-w L:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w L:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w L:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w L:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w L:\Windows\System32\AvastSS.scr
2007-12-04 12:15 --------- d-----w L:\Program Files\Alice_Triway_WiFi
2007-12-03 18:57 --------- d-----w L:\Program Files\K-Lite Codec Pack
2007-12-02 20:29 --------- d-----w L:\Program Files\Razer
2007-12-02 20:28 --------- d-----w L:\Users\mathieu\AppData\Roaming\InstallShield
2007-11-26 12:09 66,872 ----a-w L:\Windows\System32\PnkBstrA.exe
2007-11-22 17:33 --------- d-----w L:\ProgramData\NVIDIA
2007-11-21 12:57 --------- d-----w L:\Program Files\GameSpy
2007-11-17 11:24 356,352 ----a-w L:\Windows\System32\nvuninst.exe
2007-11-17 09:42 86,016 ----a-w L:\Windows\System32\nvsvc.dll
2007-11-17 09:42 81,920 ----a-w L:\Windows\System32\nvmctray.dll
2007-11-17 09:42 8,530,464 ----a-w L:\Windows\System32\nvcpl.dll
2007-11-17 09:42 8,236,704 ----a-w L:\Windows\system32\drivers\nvlddmkm.sys
2007-11-17 09:42 795,104 ----a-w L:\Windows\System32\dpinst.exe
2007-11-17 09:42 757,760 ----a-w L:\Windows\System32\nvcplui.exe
2007-11-17 09:42 7,098,368 ----a-w L:\Windows\System32\nvoglv32.dll
2007-11-17 09:42 6,537,216 ----a-w L:\Windows\System32\nvdisps.dll
2007-11-17 09:42 5,611,520 ----a-w L:\Windows\System32\nvdispsr.dll
2007-11-17 09:42 5,263,360 ----a-w L:\Windows\System32\nvd3dum.dll
2007-11-17 09:42 458,752 ----a-w L:\Windows\System32\nvmccssr.dll
2007-11-17 09:42 45,056 ----a-w L:\Windows\System32\nvmccsrs.dll
2007-11-17 09:42 385,024 ----a-w L:\Windows\System32\nvapi.dll
2007-11-17 09:42 356,352 ----a-w L:\Windows\System32\nvudisp.exe
2007-11-17 09:42 35,328 ----a-w L:\Windows\System32\nvcod100.dll
2007-11-17 09:42 35,328 ----a-w L:\Windows\System32\nvcod.dll
2007-11-17 09:42 307,200 ----a-w L:\Windows\System32\nvexpbar.dll
2007-11-17 09:42 3,715,072 ----a-w L:\Windows\System32\nvvitvsr.dll
2007-11-17 09:42 3,698,688 ----a-w L:\Windows\System32\nvvitvs.dll
2007-11-17 09:42 3,407,872 ----a-w L:\Windows\System32\nvgames.dll
2007-11-17 09:42 3,330,048 ----a-w L:\Windows\System32\nvgamesr.dll
2007-11-17 09:42 229,376 ----a-w L:\Windows\System32\nvmccs.dll
2007-11-17 09:42 2,854,912 ----a-w L:\Windows\System32\nvmoblsr.dll
2007-11-17 09:42 2,519,040 ----a-w L:\Windows\System32\nvwssr.dll
2007-11-17 09:42 2,486,272 ----a-w L:\Windows\System32\nvwss.dll
2007-11-17 09:42 188,416 ----a-w L:\Windows\System32\nvmccss.dll
2007-11-17 09:42 147,456 ----a-w L:\Windows\System32\nvcolor.exe
2007-11-17 09:42 1,829,376 ----a-w L:\Windows\System32\nvwgf2um.dll
2007-11-17 09:42 1,212,416 ----a-w L:\Windows\System32\nvmobls.dll
2007-11-17 09:42 1,073,152 ----a-w L:\Windows\System32\nvcpluir.dll
2007-11-17 07:09 --------- d-----w L:\Program Files\Activision
2007-11-08 17:15 36,864 ----a-w L:\Windows\System32\cdd.dll
2007-10-24 17:14 108,144 ----a-w L:\Windows\System32\CmdLineExt.dll
2007-10-24 11:42 174 --sha-w L:\Program Files\desktop.ini
2007-10-24 11:39 87,040 ----a-w L:\Windows\System32\msoert2.dll
2007-10-24 11:39 8,192 ----a-w L:\Windows\System32\riched32.dll
2007-10-24 11:39 77,824 ----a-w L:\Windows\System32\rascfg.dll
2007-10-24 11:39 694,784 ----a-w L:\Windows\System32\localspl.dll
2007-10-24 11:39 52,736 ----a-w L:\Windows\System32\rasdiag.dll
2007-10-24 11:39 39,424 ----a-w L:\Windows\System32\ACCTRES.dll
2007-10-24 11:39 384,000 ----a-w L:\Windows\System32\netcfgx.dll
2007-10-24 11:39 33,280 ----a-w L:\Windows\System32\traffic.dll
2007-10-24 11:39 32,768 ----a-w L:\Windows\System32\rasmxs.dll
2007-10-24 11:39 286,208 ----a-w L:\Windows\System32\ipnathlp.dll
2007-10-24 11:39 22,016 ----a-w L:\Windows\System32\rasser.dll
2007-10-24 11:39 205,824 ----a-w L:\Windows\System32\msoeacct.dll
2007-10-24 11:39 15,360 ----a-w L:\Windows\System32\pacerprf.dll
2007-10-24 11:39 134,656 ----a-w L:\Windows\System32\dps.dll
2007-10-24 11:39 13,824 ----a-w L:\Windows\System32\wshqos.dll
2007-10-24 11:39 13,824 ----a-w L:\Windows\System32\icsunattend.exe
2007-10-24 11:37 374,456 ----a-w L:\Windows\System32\mcupdate_GenuineIntel.dll
2007-10-24 11:36 86,016 ----a-w L:\Windows\System32\icfupgd.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26121617-90C5-41D3-B52D-133D49A36AE7}]
2008-01-13 13:23 226816 --a------ L:\Windows\sysosa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="L:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:33 1196032]
"MsnMsgr"="L:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ehTray.exe"="L:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="L:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"igndlm.exe"="L:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57 1103480]
"NVIDIA nTune"="L:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 81920]
"WMPNSCFG"="L:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:33 201728]
"SpybotSD TeaTimer"="L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="L:\Program Files\Windows Defender\MSASCui.exe" [2007-10-24 12:38 1006264]
"Launch LCDMon"="L:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-18 10:34 774168]
"Launch LGDCore"="L:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-18 10:55 1132056]
"avast!"="L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="L:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"DAEMON Tools"="L:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"NeroFilterCheck"="L:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="L:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"Adobe Reader Speed Launcher"="L:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvSvc"="L:\Windows\system32\nvsvc.dll" [2007-11-17 10:42 86016]
"NvCplDaemon"="L:\Windows\system32\NvCpl.dll" [2007-11-17 10:42 8530464]
"NvMediaCenter"="L:\Windows\system32\NvMcTray.dll" [2007-11-17 10:42 81920]
"Habu"="L:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 11:58 176128]
"JMB36X IDE Setup"="L:\Windows\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]

L:\Users\mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - L:\Program Files\Xfire\xfire.exe [2007-12-05 03:25:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

R2 aswMonFlt;aswMonFlt;L:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;L:\Program Files\Spybot []
R2 UxTuneUp;TuneUp Extension de thème;L:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 HabuFltr;Habu Mouse;L:\Windows\system32\drivers\habu.sys [2006-10-23 11:09]
R3 RTL8169;Pilote Realtek 8169 NT;L:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 08:30]
S0 OemBiosDevice;Royalty OEM Bios Extension;L:\Windows\system32\drivers\royal.sys [2007-11-09 19:42]
S3 gdrv;gdrv;L:\Windows\gdrv.sys [2007-12-07 17:56]
S3 Steam Client Service;Steam Client Service;L:\Program Files\Common Files\Steam\SteamService.exe [2007-12-25 22:17]
S3 uisp;Freescale USB JW32 driver;L:\Windows\system32\Drivers\usbicp.sys [2005-12-21 11:23]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a49f79f-8666-11dc-bd5f-001a4d4957df}]
\shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74693518-a16b-11dc-9bdf-001a4d4957df}]
\shell\AutoRun\command - H:\start.exe
\shell\iledefrance\command - H:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b15e2b58-81f6-11dc-8441-806e6f6e6963}]
\shell\AutoRun\command - F:\AutoRunCD.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 16:16:42 L:\Windows\Tasks\Maintenance en 1 clic.job"
- L:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-13 15:25:28 L:\Windows\Tasks\User_Feed_Synchronization-{05A34D02-20E8-4198-9089-331FB81CC825}.job"
- L:\Windows\system32\msfeedssync.exe
"2008-01-14 06:55:00 L:\Windows\Tasks\User_Feed_Synchronization-{6BFD71CF-16F0-4BDA-8601-C9E79A80C566}.job"
- L:\Windows\system32\msfeedssync.exe
"2007-10-24 07:05:28 L:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- L:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 07:57:09
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 7:58:04
ComboFix-quarantined-files.txt 2008-01-14 06:58:01
.
2007-10-28 21:58:09 --- E O F ---

mgremont · Answer

BTFix 1.070 (par bibi26) - 14/01/2008 08:07:55 - Analyse
Lancé depuis L:\Users\mathieu\Desktop\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés


---> Analyse terminée



Toutes ces analyse n'ont pas l'air d'avoir trouver le problème et ne l'on donc pas résolu. Merci de bien vouloir m'aider...

mgremont · Answer

Logfile of HijackThis v1.99.1
Scan saved at 09:00:18, on 14/01/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
L:\Windows\system32	askeng.exe
L:\Windows\system32\Dwm.exe
L:\Windows\Explorer.EXE
L:\Program Files\Windows Defender\MSASCui.exe
L:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
L:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
L:\Program Files\Alwil Software\Avast4\ashDisp.exe
L:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
L:\Program Files\DAEMON Tools\daemon.exe
L:\Windows\System32undll32.exe
L:\Program Files\Razer\Habuazerhid.exe
L:\Program Files\Windows Sidebar\sidebar.exe
L:\Windows\System32undll32.exe
L:\Program Files\MSN Messenger\msnmsgr.exe
L:\Windows\ehome\ehtray.exe
L:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
L:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
L:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
L:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
L:\Program Files\Windows Media Player\wmpnscfg.exe
L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
L:\Windows\ehome\ehmsas.exe
L:\Program Files\Xfire\xfire.exe
L:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
L:\Program Files\Razer\Habuazertra.exe
L:\Program Files\Razer\Habuazerofa.exe
L:\Program Files\Internet Explorer\iexplore.exe
L:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
L:\Windows\system32\SearchFilterHost.exe
L:\Users\mathieu\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Office toolbar - {26121617-90C5-41D3-B52D-133D49A36AE7} - L:\Windows\sysosa.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - l:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - L:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - L:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - l:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Launch LCDMon] "L:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "L:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avast!] L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "L:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "L:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] L:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "L:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "L:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE L:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE L:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE L:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Habu] L:\Program Files\Razer\Habuazerhid.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] L:\Windows\JM\JMInsIDE.exe
O4 - HKCU\..\Run: [Sidebar] L:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "L:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] L:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "L:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] L:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "L:\Program Files\NVIDIA Corporation
Tune
TuneCmd.exe" clear
O4 - HKCU\..\Run: [WMPNSCFG] L:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = L:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://L:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://L:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://L:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - L:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - L:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - L:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: l:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix: 
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - L:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - L:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - L:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - L:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - L:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - L:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - L:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - L:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - L:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - L:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - L:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - L:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - L:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - L:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - L:\Program Files\NVIDIA Corporation
Tune
TuneService.exe
O23 - Service: PnkBstrA - Unknown owner - L:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - L:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - L:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - L:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - L:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

File-Secure (malgrés les analyse)

3 réponses

Discussions similaires