Sujet Précédent Sujet Suivant

Virus win 32:delf-hti trj

Résolu
lapin -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour, a tous !
petit problemes de virus [ win 32:delf-hti trj] impossible de l eradiquer besoin d aide merci d avance !!!!!
voici le rapport hijack this !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:41, on 22/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\perfs.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\routing.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4GGIH_frFR234FR239&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
A voir également:

58 réponses

Précédent
Réponse 21 / 58
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

tu as vu ma réponse poste 25 ?? ( en 1er page )

++
0
Réponse 22 / 58
cyril58
 
c qoui un combo ?
0
Réponse 23 / 58
cyril58
 
otMovelt
File move failed. C:\Windows\system32\perfs.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\routing.exe scheduled to be moved on reboot.
File/Folder not found.
File/Folder not found.

Created on 01/26/2008 18:30:15
0
Réponse 24 / 58
cyril58
 
comComboFix 08-01-23.1 - cyril 2008-01-26 18:53:27.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.270 [GMT 1:00]
Endroit: D:\firefox\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 12:59 . 2008-01-25 12:59 250,368 --a------ C:\Windows\System32\ndt2.sys
2008-01-24 18:43 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-22 19:30 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-22 15:37 . 2008-01-22 15:37 <REP> d-------- C:\Windows\BDOSCAN8
2008-01-22 13:34 . 2008-01-22 13:34 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 20:27 . 2007-02-27 19:36 221,215 --a------ C:\Windows\System32\divxdec.ax
2008-01-19 19:57 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-01-19 19:57 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-01-19 19:57 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-01-19 14:54 . 2005-11-14 05:23 1,228,800 --a------ C:\Windows\System32\FoxBurner.ocx
2008-01-19 14:54 . 2003-12-17 16:00 1,208,320 --a------ C:\Windows\System32\PTxSCP.ocx
2008-01-19 14:54 . 2007-07-31 12:57 1,164,728 --a------ C:\Windows\System32\NMSDVDXU.dll
2008-01-19 14:54 . 2004-02-08 15:53 856,064 --a------ C:\Windows\System32\mpgfiltr.ax
2008-01-19 14:54 . 2005-01-19 00:44 454,656 --a------ C:\Windows\System32\FoxDVDImager.ocx
2008-01-19 14:54 . 2002-03-25 03:03 380,928 --a------ C:\Windows\System32\CDRipperX.ocx
2008-01-19 14:54 . 2005-01-19 00:18 323,584 --a------ C:\Windows\System32\FoxImager.dll
2008-01-19 14:54 . 2007-04-06 00:08 196,608 --a------ C:\Windows\System32\VideoEdit.ocx
2008-01-19 14:54 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL
2008-01-19 14:54 . 2003-08-19 04:31 81,920 --a------ C:\Windows\System32\viscomwave.dll
2008-01-19 07:55 . 2007-09-26 13:30 996,648 --a------ C:\Windows\System32\ShellManager10E2D762.dll
2008-01-19 07:55 . 2007-09-13 16:26 641,024 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-01-19 00:01 . 2008-01-19 00:01 78,141 --a------ C:\Windows\System32\tmp0_22867651877.bk
2008-01-18 20:42 . 2008-01-19 11:07 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-01-11 23:19 . 2003-03-18 21:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-01-11 23:19 . 2000-08-02 20:50 1,056,768 --a------ C:\Windows\System32\ROBOEX32.DLL
2008-01-11 23:19 . 2003-03-18 20:14 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-01-11 23:19 . 2003-02-21 04:42 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-01-11 23:18 . 2008-01-11 23:19 <REP> d-------- C:\Program Files\Common Files\NewTech Infosystems
2008-01-11 23:18 . 2006-10-19 22:57 2,808,832 --------- C:\Windows\System32\LS_HSI.msi
2008-01-11 23:18 . 2006-08-29 03:30 226,816 --------- C:\Windows\System32\htvcdsvcd70.ax
2008-01-11 23:18 . 2006-08-29 03:30 13,952 --------- C:\Windows\System32\drivers\UBHelper.sys
2008-01-11 23:15 . 2008-01-11 23:15 6,144 --a------ C:\Windows\System32\drivers\NTIDrvr.sys
2008-01-11 11:38 . 2008-01-11 11:38 45,056 --a------ C:\Windows\System32\Indt2.sys
2008-01-11 11:38 . 2008-01-11 11:38 32,256 --a------ C:\Windows\System32\routing.exe
2008-01-11 11:38 . 2008-01-11 11:38 40 --a------ C:\Windows\System32\drmgs.sys
2008-01-09 09:24 . 2008-01-09 09:24 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 09:24 . 2008-01-09 09:24 217,272 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 09:24 . 2008-01-09 09:24 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 09:24 . 2008-01-09 09:24 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 09:24 . 2008-01-09 09:24 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 09:23 . 2008-01-09 09:23 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 10:06 . 2008-01-06 10:06 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-01-06 10:06 . 2004-05-11 08:14 719,872 --a------ C:\Windows\System32\devil.dll
2008-01-06 10:06 . 2006-11-12 13:44 306,688 --a------ C:\Windows\System32\avisynth.dll
2008-01-03 00:37 . 2008-01-03 00:37 <REP> d-------- C:\Program Files\RocketDock
2008-01-02 17:30 . 2008-01-02 17:30 32 --a------ C:\Windows\cmc2007.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 19:33 --------- d-----w C:\Program Files\vso
2008-01-19 19:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-19 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 22:19 --------- d-----w C:\Program Files\NewTech Infosystems
2008-01-11 11:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-09 08:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 18:00 --------- d-----w C:\Program Files\VideoLAN
2007-12-31 13:39 --------- d-----w C:\Program Files\Windows Mail
2007-12-12 11:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 11:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 11:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 11:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 11:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 11:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 11:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 11:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 11:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 11:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 11:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 11:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 11:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-12-03 20:23 --------- d-----w C:\Program Files\CCleaner
2007-12-01 15:21 --------- d-----w C:\Program Files\HP
2007-12-01 10:39 65,536 ----a-w C:\Windows\IFinst27.exe
2007-11-27 22:53 --------- d-----w C:\Program Files\QuickZip4
2007-11-19 01:42 81,984 ----a-w C:\Windows\System32\bdod.bin
2007-11-13 21:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-13 21:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-13 21:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-13 21:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-13 21:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-13 21:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-13 21:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-13 21:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-13 21:05 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-13 21:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-13 21:04 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-13 21:04 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-10 00:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-10 00:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-10 00:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-10 00:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-08-29 06:02 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 12:05 68856]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-01-17 10:40 816368]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 perfmons;perfmons Service;C:\Windows\system32\perfs.exe [2006-11-02 10:46]
R2 Routing;Routing Service;C:\Windows\system32\routing.exe [2008-01-11 11:38]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 19:05]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 07:22]
S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-05 17:55]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-26 16:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-01 18:51:33 C:\Windows\Tasks\Registry First Aid Platinum autoscan.job"
- C:\Program Files\RFA Platinum\reg1aid.exe
- C:\Program Files\RFA Platinum
"2008-01-26 14:03:10 C:\Windows\Tasks\User_Feed_Synchronization-{EF62FD5D-9132-4DAF-BA9C-93E4A60F18E2}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-01-26 17:35:05 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 18:56:27
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\RocketDock\RocketDock.dll
.
Temps d'accomplissement: 2008-01-26 18:57:48
.
2008-01-26 07:46:22 --- E O F ---
bo fix excuse moi ok le voila !!!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 58
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :

File::
C:\Windows\System32\ndt2.sys
C:\Windows\System32\routing.exe
C:\Windows\System32\bdod.bin
C:\Windows\cmc2007.ini

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

@+
0
Réponse 26 / 58
cyril58
 
SALUT !!!
impossible de lancer combo [erreur de nom CFScript] ?
0
Réponse 27 / 58
cyril58
 
excuse moi erreur de frappe dans cfs....
voici le rapport ......
ComboFix 08-01-23.1 - cyril 2008-01-28 0:51:53.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.200 [GMT 1:00]
Endroit: D:\firefox\ComboFix.exe
Command switches used :: C:\Users\cyril\Desktop\CFScript.txt.txt
* Création d'un nouveau point de restauration
.
/wow section - STAGE 6
/wow section - STAGE 7
/wow section - STAGE 8
/wow section - STAGE 9
/wow section - STAGE 10
/wow section - STAGE 30
/wow section - STAGE 31

((((((((((((((((((((((((((((( Fichiers créés 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
.

2008-01-27 12:01 . 2008-01-27 12:01 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-27 12:01 . 2008-01-27 12:01 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-24 18:43 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-22 19:30 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-22 15:37 . 2008-01-22 15:37 <REP> d-------- C:\Windows\BDOSCAN8
2008-01-22 13:34 . 2008-01-22 13:34 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 20:27 . 2007-02-27 19:36 221,215 --a------ C:\Windows\System32\divxdec.ax
2008-01-19 19:57 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-01-19 19:57 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-01-19 19:57 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-01-19 14:54 . 2005-11-14 05:23 1,228,800 --a------ C:\Windows\System32\FoxBurner.ocx
2008-01-19 14:54 . 2003-12-17 16:00 1,208,320 --a------ C:\Windows\System32\PTxSCP.ocx
2008-01-19 14:54 . 2007-07-31 12:57 1,164,728 --a------ C:\Windows\System32\NMSDVDXU.dll
2008-01-19 14:54 . 2004-02-08 15:53 856,064 --a------ C:\Windows\System32\mpgfiltr.ax
2008-01-19 14:54 . 2005-01-19 00:44 454,656 --a------ C:\Windows\System32\FoxDVDImager.ocx
2008-01-19 14:54 . 2002-03-25 03:03 380,928 --a------ C:\Windows\System32\CDRipperX.ocx
2008-01-19 14:54 . 2005-01-19 00:18 323,584 --a------ C:\Windows\System32\FoxImager.dll
2008-01-19 14:54 . 2007-04-06 00:08 196,608 --a------ C:\Windows\System32\VideoEdit.ocx
2008-01-19 14:54 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL
2008-01-19 14:54 . 2003-08-19 04:31 81,920 --a------ C:\Windows\System32\viscomwave.dll
2008-01-19 07:55 . 2007-09-26 13:30 996,648 --a------ C:\Windows\System32\ShellManager10E2D762.dll
2008-01-19 07:55 . 2007-09-13 16:26 641,024 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-01-19 00:01 . 2008-01-19 00:01 78,141 --a------ C:\Windows\System32\tmp0_22867651877.bk
2008-01-18 20:42 . 2008-01-19 11:07 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-01-11 23:19 . 2003-03-18 21:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-01-11 23:19 . 2000-08-02 20:50 1,056,768 --a------ C:\Windows\System32\ROBOEX32.DLL
2008-01-11 23:19 . 2003-03-18 20:14 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-01-11 23:19 . 2003-02-21 04:42 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-01-11 23:18 . 2008-01-11 23:19 <REP> d-------- C:\Program Files\Common Files\NewTech Infosystems
2008-01-11 23:18 . 2006-10-19 22:57 2,808,832 --------- C:\Windows\System32\LS_HSI.msi
2008-01-11 23:18 . 2006-08-29 03:30 226,816 --------- C:\Windows\System32\htvcdsvcd70.ax
2008-01-11 23:18 . 2006-08-29 03:30 13,952 --------- C:\Windows\System32\drivers\UBHelper.sys
2008-01-11 23:15 . 2008-01-11 23:15 6,144 --a------ C:\Windows\System32\drivers\NTIDrvr.sys
2008-01-11 11:38 . 2008-01-11 11:38 45,056 --a------ C:\Windows\System32\Indt2.sys
2008-01-11 11:38 . 2008-01-11 11:38 32,256 --a------ C:\Windows\System32\routing.exe
2008-01-11 11:38 . 2008-01-11 11:38 40 --a------ C:\Windows\System32\drmgs.sys
2008-01-09 09:24 . 2008-01-09 09:24 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 09:24 . 2008-01-09 09:24 217,272 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 09:24 . 2008-01-09 09:24 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 09:24 . 2008-01-09 09:24 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 09:24 . 2008-01-09 09:24 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 09:23 . 2008-01-09 09:23 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 10:06 . 2008-01-06 10:06 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-01-06 10:06 . 2004-05-11 08:14 719,872 --a------ C:\Windows\System32\devil.dll
2008-01-06 10:06 . 2006-11-12 13:44 306,688 --a------ C:\Windows\System32\avisynth.dll
2008-01-03 00:37 . 2008-01-03 00:37 <REP> d-------- C:\Program Files\RocketDock
2008-01-02 17:30 . 2008-01-02 17:30 32 --a------ C:\Windows\cmc2007.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:07 --------- d-----w C:\Program Files\Windows Mail
2008-01-27 11:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-27 11:01 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-27 11:01 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-27 11:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-19 19:33 --------- d-----w C:\Program Files\vso
2008-01-19 19:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-19 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 22:19 --------- d-----w C:\Program Files\NewTech Infosystems
2008-01-11 11:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-09 08:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 18:00 --------- d-----w C:\Program Files\VideoLAN
2007-12-12 11:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 11:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 11:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 11:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 11:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 11:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 11:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 11:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 11:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 11:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 11:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 11:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 11:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-12-03 20:23 --------- d-----w C:\Program Files\CCleaner
2007-12-01 15:21 --------- d-----w C:\Program Files\HP
2007-12-01 10:39 65,536 ----a-w C:\Windows\IFinst27.exe
2007-11-27 22:53 --------- d-----w C:\Program Files\QuickZip4
2007-11-19 01:42 81,984 ----a-w C:\Windows\System32\bdod.bin
2007-11-13 21:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-13 21:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-13 21:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-13 21:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-13 21:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-13 21:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-13 21:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-13 21:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-13 21:05 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-13 21:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-13 21:04 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-13 21:04 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-10 00:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-10 00:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-10 00:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-10 00:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-08-29 06:02 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 12:05 68856]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-01-17 10:40 816368]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 perfmons;perfmons Service;C:\Windows\system32\perfs.exe [2006-11-02 10:46]
R2 Routing;Routing Service;C:\Windows\system32\routing.exe [2008-01-11 11:38]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 19:05]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 07:22]
S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-05 17:55]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-27 08:00:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-01 18:51:33 C:\Windows\Tasks\Registry First Aid Platinum autoscan.job"
- C:\Program Files\RFA Platinum\reg1aid.ex
- C:\Program Files\RFA Platinum
"2008-01-27 23:05:04 C:\Windows\Tasks\User_Feed_Synchronization-{EF62FD5D-9132-4DAF-BA9C-93E4A60F18E2}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-01-27 23:35:01 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 00:54:01
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\RocketDock\RocketDock.dll
.
Temps d'accomplissement: 2008-01-28 0:55:19
ComboFix-quarantined-files.txt 2008-01-27 23:55:12
.
2008-01-27 11:01:56 --- E O F ---
0
Réponse 28 / 58
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
salut

effectivement, il y a un soucis là : CFScript.txt.txt

le nom du fichier comporte deux fois l'extension .txt !

refais la manip stp

++

0
Réponse 29 / 58
cyril58
 
ok !!

ComboFix 08-01-23.1 - cyril 2008-01-28 15:34:10.6 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.138 [GMT 1:00]
Endroit: D:\firefox\ComboFix.exe
Command switches used :: C:\Users\cyril\Desktop\CFScript.txt.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-28 ))))))))))))))))))))))))))))))))))))
.

2008-01-28 12:01 . 2007-10-04 17:10 79,688 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-28 12:01 . 2007-10-04 17:10 62,280 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-28 12:01 . 2007-10-04 17:10 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-28 12:01 . 2007-10-04 17:11 29,000 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-28 12:00 . 2008-01-28 12:28 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-27 12:01 . 2008-01-27 12:01 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-27 12:01 . 2008-01-27 12:01 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-24 18:43 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-22 19:30 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-22 15:37 . 2008-01-22 15:37 <REP> d-------- C:\Windows\BDOSCAN8
2008-01-22 13:34 . 2008-01-22 13:34 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 20:27 . 2007-02-27 19:36 221,215 --a------ C:\Windows\System32\divxdec.ax
2008-01-19 19:57 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-01-19 19:57 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-01-19 19:57 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-01-19 14:54 . 2005-11-14 05:23 1,228,800 --a------ C:\Windows\System32\FoxBurner.ocx
2008-01-19 14:54 . 2003-12-17 16:00 1,208,320 --a------ C:\Windows\System32\PTxSCP.ocx
2008-01-19 14:54 . 2007-07-31 12:57 1,164,728 --a------ C:\Windows\System32\NMSDVDXU.dll
2008-01-19 14:54 . 2004-02-08 15:53 856,064 --a------ C:\Windows\System32\mpgfiltr.ax
2008-01-19 14:54 . 2005-01-19 00:44 454,656 --a------ C:\Windows\System32\FoxDVDImager.ocx
2008-01-19 14:54 . 2002-03-25 03:03 380,928 --a------ C:\Windows\System32\CDRipperX.ocx
2008-01-19 14:54 . 2005-01-19 00:18 323,584 --a------ C:\Windows\System32\FoxImager.dll
2008-01-19 14:54 . 2007-04-06 00:08 196,608 --a------ C:\Windows\System32\VideoEdit.ocx
2008-01-19 14:54 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL
2008-01-19 14:54 . 2003-08-19 04:31 81,920 --a------ C:\Windows\System32\viscomwave.dll
2008-01-19 07:55 . 2007-09-26 13:30 996,648 --a------ C:\Windows\System32\ShellManager10E2D762.dll
2008-01-19 07:55 . 2007-09-13 16:26 641,024 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-01-19 00:01 . 2008-01-19 00:01 78,141 --a------ C:\Windows\System32\tmp0_22867651877.bk
2008-01-18 20:42 . 2008-01-19 11:07 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-01-11 23:19 . 2003-03-18 21:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-01-11 23:19 . 2000-08-02 20:50 1,056,768 --a------ C:\Windows\System32\ROBOEX32.DLL
2008-01-11 23:19 . 2003-03-18 20:14 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-01-11 23:19 . 2003-02-21 04:42 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-01-11 23:18 . 2008-01-11 23:19 <REP> d-------- C:\Program Files\Common Files\NewTech Infosystems
2008-01-11 23:18 . 2006-10-19 22:57 2,808,832 --------- C:\Windows\System32\LS_HSI.msi
2008-01-11 23:18 . 2006-08-29 03:30 226,816 --------- C:\Windows\System32\htvcdsvcd70.ax
2008-01-11 23:18 . 2006-08-29 03:30 13,952 --------- C:\Windows\System32\drivers\UBHelper.sys
2008-01-11 23:15 . 2008-01-11 23:15 6,144 --a------ C:\Windows\System32\drivers\NTIDrvr.sys
2008-01-11 11:38 . 2008-01-11 11:38 45,056 --a------ C:\Windows\System32\Indt2.sys
2008-01-11 11:38 . 2008-01-11 11:38 32,256 --a------ C:\Windows\System32\routing.exe
2008-01-11 11:38 . 2008-01-11 11:38 40 --a------ C:\Windows\System32\drmgs.sys
2008-01-09 09:24 . 2008-01-09 09:24 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 09:24 . 2008-01-09 09:24 217,272 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 09:24 . 2008-01-09 09:24 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 09:24 . 2008-01-09 09:24 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 09:24 . 2008-01-09 09:24 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 09:23 . 2008-01-09 09:23 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 10:06 . 2008-01-06 10:06 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-01-06 10:06 . 2004-05-11 08:14 719,872 --a------ C:\Windows\System32\devil.dll
2008-01-06 10:06 . 2006-11-12 13:44 306,688 --a------ C:\Windows\System32\avisynth.dll
2008-01-03 00:37 . 2008-01-03 00:37 <REP> d-------- C:\Program Files\RocketDock
2008-01-02 17:30 . 2008-01-02 17:30 32 --a------ C:\Windows\cmc2007.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:07 --------- d-----w C:\Program Files\Windows Mail
2008-01-27 11:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-27 11:01 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-27 11:01 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-27 11:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-19 19:33 --------- d-----w C:\Program Files\vso
2008-01-19 19:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-19 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 22:19 --------- d-----w C:\Program Files\NewTech Infosystems
2008-01-11 11:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-09 08:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 18:00 --------- d-----w C:\Program Files\VideoLAN
2007-12-12 11:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 11:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 11:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 11:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 11:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 11:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 11:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 11:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 11:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 11:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 11:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 11:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 11:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-12-03 20:23 --------- d-----w C:\Program Files\CCleaner
2007-12-01 15:21 --------- d-----w C:\Program Files\HP
2007-12-01 10:39 65,536 ----a-w C:\Windows\IFinst27.exe
2007-11-19 01:42 81,984 ----a-w C:\Windows\System32\bdod.bin
2007-11-13 21:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-13 21:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-13 21:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-13 21:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-13 21:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-13 21:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-13 21:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-13 21:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-13 21:05 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-13 21:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-13 21:04 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-13 21:04 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-10 00:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-10 00:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-10 00:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-10 00:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-08-29 06:02 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-01-28_13.25.18.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-28 12:20:23 1,265,664 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000001\ntuser.dat
+ 2008-01-28 14:33:23 1,265,664 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000001\ntuser.dat
- 2008-01-28 12:20:23 1,269,760 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000002\ntuser.dat
+ 2008-01-28 14:33:24 1,269,760 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000002\ntuser.dat
- 2008-01-28 12:20:24 3,891,200 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000003\ntuser.dat
+ 2008-01-28 14:33:24 3,891,200 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000003\ntuser.dat
- 2008-01-28 12:20:25 2,969,600 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000004\UsrClass.dat
+ 2008-01-28 14:33:25 2,969,600 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000004\UsrClass.dat
- 2008-01-28 12:20:25 8,192 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000005\UsrClass.dat
+ 2008-01-28 14:33:26 8,192 ----a-w C:\Windows\erdnt\Hiv-backup\Users\[u]0/u0000005\UsrClass.dat
- 2008-01-28 11:22:17 114,688 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-28 13:10:39 114,688 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-28 11:22:17 245,760 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-28 13:10:39 245,760 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-28 11:22:17 32,768 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-28 13:10:39 32,768 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 12:05 68856]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-01-17 10:40 816368]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 19:05]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 07:22]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-27 08:00:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-01 18:51:33 C:\Windows\Tasks\Registry First Aid Platinum autoscan.job"
- C:\Program Files\RFA Platinum\reg1aid.ex
- C:\Program Files\RFA Platinum
"2008-01-27 23:05:04 C:\Windows\Tasks\User_Feed_Synchronization-{EF62FD5D-9132-4DAF-BA9C-93E4A60F18E2}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-01-28 14:35:13 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 15:40:45
Windows 6.0.6000 NTFS

Balayage processus cachés ...

? [6376]
? [7552]
? [13168]
? [13196]
Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\RocketDock\RocketDock.dll
.
Temps d'accomplissement: 2008-01-28 15:43:44
ComboFix-quarantined-files.txt 2008-01-28 14:43:30
.
2008-01-27 11:01:56 --- E O F ---
0
Réponse 30 / 58
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
re

toujours pas bon ! :p

CFScript.txt.txt

cette fois, en refaisant la manip nomme le fichier "CFScript" seulement, puisqu'il semble ajouter l'extension tout seul !

++
0
Réponse 31 / 58
cyril58
 
ok !!

ComboFix 08-01-23.1 - cyril 2008-01-28 21:55:40.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.241 [GMT 1:00]
Endroit: D:\firefox\ComboFix.exe
Command switches used :: C:\Users\cyril\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-28 ))))))))))))))))))))))))))))))))))))
.

2008-01-28 20:58 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-28 12:01 . 2007-10-04 17:10 79,688 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-28 12:01 . 2007-10-04 17:10 62,280 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-28 12:01 . 2007-10-04 17:10 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-28 12:01 . 2007-10-04 17:11 29,000 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-28 12:00 . 2008-01-28 19:27 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-27 12:01 . 2008-01-27 12:01 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-27 12:01 . 2008-01-27 12:01 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-24 18:43 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-22 15:37 . 2008-01-22 15:37 <REP> d-------- C:\Windows\BDOSCAN8
2008-01-22 13:34 . 2008-01-22 13:34 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 20:27 . 2007-02-27 19:36 221,215 --a------ C:\Windows\System32\divxdec.ax
2008-01-19 19:57 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-01-19 19:57 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-01-19 19:57 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-01-19 14:54 . 2005-11-14 05:23 1,228,800 --a------ C:\Windows\System32\FoxBurner.ocx
2008-01-19 14:54 . 2003-12-17 16:00 1,208,320 --a------ C:\Windows\System32\PTxSCP.ocx
2008-01-19 14:54 . 2007-07-31 12:57 1,164,728 --a------ C:\Windows\System32\NMSDVDXU.dll
2008-01-19 14:54 . 2004-02-08 15:53 856,064 --a------ C:\Windows\System32\mpgfiltr.ax
2008-01-19 14:54 . 2005-01-19 00:44 454,656 --a------ C:\Windows\System32\FoxDVDImager.ocx
2008-01-19 14:54 . 2002-03-25 03:03 380,928 --a------ C:\Windows\System32\CDRipperX.ocx
2008-01-19 14:54 . 2005-01-19 00:18 323,584 --a------ C:\Windows\System32\FoxImager.dll
2008-01-19 14:54 . 2007-04-06 00:08 196,608 --a------ C:\Windows\System32\VideoEdit.ocx
2008-01-19 14:54 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL
2008-01-19 14:54 . 2003-08-19 04:31 81,920 --a------ C:\Windows\System32\viscomwave.dll
2008-01-19 07:55 . 2007-09-26 13:30 996,648 --a------ C:\Windows\System32\ShellManager10E2D762.dll
2008-01-19 07:55 . 2007-09-13 16:26 641,024 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-01-19 00:01 . 2008-01-19 00:01 78,141 --a------ C:\Windows\System32\tmp0_22867651877.bk
2008-01-18 20:42 . 2008-01-19 11:07 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-01-11 23:19 . 2003-03-18 21:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-01-11 23:19 . 2000-08-02 20:50 1,056,768 --a------ C:\Windows\System32\ROBOEX32.DLL
2008-01-11 23:19 . 2003-03-18 20:14 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-01-11 23:19 . 2003-02-21 04:42 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-01-11 23:18 . 2008-01-11 23:19 <REP> d-------- C:\Program Files\Common Files\NewTech Infosystems
2008-01-11 23:18 . 2006-10-19 22:57 2,808,832 --------- C:\Windows\System32\LS_HSI.msi
2008-01-11 23:18 . 2006-08-29 03:30 226,816 --------- C:\Windows\System32\htvcdsvcd70.ax
2008-01-11 23:18 . 2006-08-29 03:30 13,952 --------- C:\Windows\System32\drivers\UBHelper.sys
2008-01-11 23:15 . 2008-01-11 23:15 6,144 --a------ C:\Windows\System32\drivers\NTIDrvr.sys
2008-01-11 11:38 . 2008-01-11 11:38 45,056 --a------ C:\Windows\System32\Indt2.sys
2008-01-11 11:38 . 2008-01-11 11:38 32,256 --a------ C:\Windows\System32\routing.exe
2008-01-11 11:38 . 2008-01-11 11:38 40 --a------ C:\Windows\System32\drmgs.sys
2008-01-09 09:24 . 2008-01-09 09:24 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 09:24 . 2008-01-09 09:24 217,272 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 09:24 . 2008-01-09 09:24 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 09:24 . 2008-01-09 09:24 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 09:24 . 2008-01-09 09:24 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 09:23 . 2008-01-09 09:23 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 10:06 . 2008-01-06 10:06 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-01-06 10:06 . 2004-05-11 08:14 719,872 --a------ C:\Windows\System32\devil.dll
2008-01-06 10:06 . 2006-11-12 13:44 306,688 --a------ C:\Windows\System32\avisynth.dll
2008-01-03 00:37 . 2008-01-03 00:37 <REP> d-------- C:\Program Files\RocketDock
2008-01-02 17:30 . 2008-01-02 17:30 32 --a------ C:\Windows\cmc2007.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 11:07 --------- d-----w C:\Program Files\Windows Mail
2008-01-27 11:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-27 11:01 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-27 11:01 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-27 11:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-19 19:33 --------- d-----w C:\Program Files\vso
2008-01-19 19:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-19 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 22:19 --------- d-----w C:\Program Files\NewTech Infosystems
2008-01-11 11:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-09 08:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 18:00 --------- d-----w C:\Program Files\VideoLAN
2007-12-12 11:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 11:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 11:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 11:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 11:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 11:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 11:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 11:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 11:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 11:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 11:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 11:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 11:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-12-03 20:23 --------- d-----w C:\Program Files\CCleaner
2007-12-01 15:21 --------- d-----w C:\Program Files\HP
2007-12-01 10:39 65,536 ----a-w C:\Windows\IFinst27.exe
2007-11-19 01:42 81,984 ----a-w C:\Windows\System32\bdod.bin
2007-11-13 21:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-13 21:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-13 21:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-13 21:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-13 21:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-13 21:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-13 21:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-13 21:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-13 21:05 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-13 21:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-13 21:04 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-13 21:04 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-10 00:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-10 00:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-10 00:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-10 00:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-08-29 06:02 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 12:05 68856]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-01-17 10:40 816368]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 Routing;Routing Service;C:\Windows\system32\routing.exe [2008-01-11 11:38]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 19:05]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 07:22]
S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-05 17:55]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-28 16:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-01 18:51:33 C:\Windows\Tasks\Registry First Aid Platinum autoscan.job"
- C:\Program Files\RFA Platinum\reg1aid.ex
- C:\Program Files\RFA Platinum
"2008-01-27 23:05:04 C:\Windows\Tasks\User_Feed_Synchronization-{EF62FD5D-9132-4DAF-BA9C-93E4A60F18E2}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-01-28 19:35:11 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 21:58:36
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\RocketDock\RocketDock.dll
.
Temps d'accomplissement: 2008-01-28 22:00:05
ComboFix-quarantined-files.txt 2008-01-28 20:59:56
.
2008-01-27 11:01:56 --- E O F ---
0
Réponse 32 / 58
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

on va faire autrement :

télécharge OTMoveIt (de Old_Timer) sur ton Bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Windows\System32\ndt2.sys
C:\Windows\System32\routing.exe
C:\Windows\System32\bdod.bin
C:\Windows\cmc2007.ini


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

++

0
Réponse 33 / 58
cyril58
 
Salut !!!

voici le rapport :

File/Folder C:\Windows\System32\ndt2.sys not found.
File move failed. C:\Windows\System32\routing.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\bdod.bin scheduled to be moved on reboot.
C:\Windows\cmc2007.ini moved successfully.

Created on 01/29/2008 23:14:29
0
Réponse 34 / 58
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

ok,

fais ceci stp :

# Dans la fenêtre d'HijackThis, clique sur le bouton à droite Config
# Clique sur le bouton Misc Tools Button
# Clique sur le boutton ADS Spy
# Dans la nouvelle fenêtre, clique sur le bouton Scan
# Enregistre le rapport et poste le stp

++
0
Réponse 35 / 58
cyril58
 
salut !
desole , [ cela me marque scan complete.] et je n ais pas de rapport ?
0
Réponse 36 / 58
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
salut

tu n'as pas " save a log" ??

++
0
Réponse 37 / 58
cyril58
 
j ais save a log ! mais je ne le trouve pas le rapport!
0
Réponse 38 / 58
cyril58
 
je lance le scan et puis plus rien pas un message et pas de rapport !!!!
0
Réponse 39 / 58
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

tu ne te souviens pas où tu l'as enregistré ?? :/

regarde sous la racine, est-ce qu'il avait trouvé quelque chose ??

++
0
Réponse 40 / 58
cyril58
 
salut :
desole je suis vraiment mauvais , le seul rapport que je trouve est celui la ????

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:50, on 31/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&rlz=1T4GGIH_frFR234FR239&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses