Interprétation du rapport (Vundo)

Résolu
DaoEros Messages postés 13 Date d'inscription   Statut Membre Dernière intervention   -  
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
Je reposte ce message parce que personne ne ma répondu après avoir fait ce qu'on m'avait demandé pour résoudre mon problème:
Voici tout dabord (après avoir désinstaller avast et spybot et réinstaler avast puis fait un scan qui a trouvé des trojans...) le compte rendu de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:19, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Windows\System32\oopmagentts.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0FE8DE88-5563-44E3-9EB4-9FA734FD5C23} - C:\Windows\system32\rqRKcaxU.dll
O2 - BHO: (no name) - {83D55000-0479-4D60-BDF6-5BF4CC69891E} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A29801E9-9FFF-4778-901A-33A9871840DE} - (no file)
O2 - BHO: (no name) - {aa396c42-04f0-4774-be12-10fe4d9bab2f} - (no file)
O2 - BHO: (no name) - {C13D4C5C-BC46-4A93-8666-90A5EC17A73C} - (no file)
O2 - BHO: (no name) - {E7ACF648-665D-4AAE-B5D0-8F3EE24AA926} - (no file)
O2 - BHO: (no name) - {E8265397-F5CE-447B-9057-D69C38E728C4} - (no file)
O2 - BHO: (no name) - {F2617680-0571-4A63-9D09-EF47523C841A} - (no file)
O2 - BHO: {a5cc0265-d48e-f5b8-87c4-a4f205914dff} - {ffd41950-2f4a-4c78-8b5f-e84d5620cc5a} - C:\Windows\system32\aytujuai.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\Windows\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [0278a7a3] rundll32.exe "C:\Windows\system32\ethvmgtm.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM014b943f] Rundll32.exe "C:\Windows\system32\sfwuuqaw.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

End of file - 12223 bytes


puis comme demandé navilog :

Search Navipromo version 3.5.7 commencé le 18/05/2008 à 16:40:38,69

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Jonathan"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16643
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\users\jonathan\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Jonathan\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\Jonathan\AppData\Roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos :

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Jonathan\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Jonathan\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Jonathan\AppData\Local\Microsoft" :


* Dans "C:\Users\Jonathan\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\Windows\system32\IjjlTvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\Windows\system32\UxacKRqr.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 18/05/2008 à 16:55:48,49 **

15 réponses

Réponse 1 / 15
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut a vous deux,

Daoeros,

Si tu n´as pas encore instalé avast instal plutot antivir beaucoup plus performant et meme si tu l´as instalé :

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

puis passe cet antispyware :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

puis post un nouveau rapport hijack this

ps . je te donnerais des consignes pour ne plus etre embeté de la sorte a la fin de la desinfection

ps2 : je suis une femme : jacques gache...

@+
1
jacques.gache Messages postés 33461 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 617
 
bonjour G!rly, désolé mais je n'avais pas remarqué ta féminité lol
0
Réponse 2 / 15
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post egalement un nouveau rapport hijack this

@+
0
Réponse 3 / 15
jacques.gache Messages postés 33461 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 617
 
bonjour je ne sais pas ce que tu as fais comme désinfection mais sur ton hijackthis tu as des infections combo et vundo perso je te proposerais de passer combofix http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#3eme methode combofix et vundofix http://sasi.xooit.fr/t48-Guide-d-utilisation-de-VundoFix.htm suivi de malwarebytes : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ ainsi que ccleaner dans ses deux modes nettoyeur et registre https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm prend le temps de lire installation, reglages, utilisation et après tous cela tu remets un nouveau hijackthis
0
Réponse 4 / 15
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Bonsoir jacques.gache ;-)
DaoEros tu y arrives ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
DaoEros Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
 
REe-bonjour,
Un peu de retard pour tester tout ce que vous m'avez dit mais voilà c'st fait ^^ :

ComboFix 08-05-20.5 - Jonathan 2008-05-21 21:24:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1142 [GMT 2:00]
Endroit: C:\Users\Jonathan\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\hgGwXrRI.dll
C:\Windows\System32\IjjlTvut.ini
C:\Windows\System32\IjjlTvut.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mtgmvhte.ini
C:\Windows\system32\pmNdDssq.dll
C:\Windows\system32\qdwlhkdr.ini
C:\Windows\System32\UxacKRqr.ini
C:\Windows\System32\UxacKRqr.ini2
C:\Windows\system32\ygktmdpn.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 19:15 35,666 ----a-w C:\Users\Jonathan\AppData\Roaming\nvModes.dat
2008-05-20 19:39 --------- d-----w C:\Program Files\CCleaner
2008-05-20 19:18 --------- d-----w C:\Users\Jonathan\AppData\Roaming\uTorrent
2008-05-20 18:40 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 18:38 --------- d-----w C:\Program Files\PokerStars
2008-05-20 17:02 --------- d-----w C:\Users\Jonathan\AppData\Roaming\OFFICEOne7
2008-05-18 15:02 --------- d-----w C:\Program Files\Navilog1
2008-05-18 10:58 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-17 10:43 --------- d-----w C:\Program Files\Panda Security
2008-05-17 09:54 --------- d-----w C:\Program Files\Windows Mail
2008-05-16 21:50 --------- d-----w C:\Program Files\Trend Micro
2008-05-16 21:09 --------- d-----w C:\Program Files\Lavasoft
2008-05-16 21:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-04 08:58 --------- d-----w C:\Program Files\Apple Software Update
2008-05-02 19:35 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Anthropics
2008-05-02 19:35 --------- d-----w C:\Program Files\Portrait Professional Max 6
2008-05-02 13:01 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Apple Computer
2008-05-01 11:35 99,024 ----a-w C:\Windows\MozillaUninstall.exe
2008-05-01 11:35 98,512 ----a-w C:\Windows\GREUninstall.exe
2008-05-01 11:35 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Talkback
2008-05-01 11:35 --------- d-----w C:\Program Files\Common Files\mozilla.org
2008-05-01 11:34 --------- d-----w C:\Program Files\mozilla.org
2008-04-18 13:49 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Nero
2008-04-18 13:47 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-18 13:43 --------- d-----w C:\ProgramData\Nero
2008-04-18 13:43 --------- d-----w C:\Program Files\Nero
2008-04-17 11:21 --------- d-----w C:\Program Files\NiBiTor.v3.5
2008-04-15 19:21 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Ahead
2008-04-15 19:21 --------- d-----w C:\ProgramData\LightScribe
2008-04-15 19:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-15 19:19 --------- d-----w C:\ProgramData\Ahead
2008-04-14 11:47 --------- d-----w C:\Users\Jonathan\AppData\Roaming\DivX
2008-04-13 21:28 --------- d-----w C:\Program Files\DivX
2008-04-13 21:28 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-07 11:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 11:26 --------- d-----w C:\Program Files\Panasonic
2008-04-06 15:20 --------- d-----w C:\ProgramData\Apple Computer
2008-04-06 15:20 --------- d-----w C:\Program Files\iPod
2008-04-06 15:19 --------- d-----w C:\Program Files\QuickTime
2008-04-04 19:36 --------- d-----w C:\Program Files\THQ
2008-04-04 19:24 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-04 19:20 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-04 19:20 --------- d-----w C:\Users\Jonathan\AppData\Roaming\DAEMON Tools
2008-03-31 17:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-31 16:53 --------- d-----w C:\Program Files\Windows Live
2008-03-31 16:48 --------- d-----w C:\ProgramData\WLInstaller
2008-03-30 18:42 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 15:11 --------- d-----w C:\Program Files\Google
2008-03-29 18:57 --------- d-----w C:\Users\Jonathan\AppData\Roaming\NCH Swift Sound
2008-03-29 18:52 --------- d-----w C:\ProgramData\NCH Swift Sound
2008-03-29 18:19 --------- d-----w C:\Program Files\uTorrent
2008-03-29 17:45 --------- d-----w C:\ProgramData\FLEXnet
2008-03-29 17:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 17:34 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-03-29 17:32 --------- d-----w C:\ProgramData\ALM
2008-03-29 16:56 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-24 15:57 --------- d-----w C:\Program Files\Bonjour
2008-03-24 15:54 --------- d-----w C:\ProgramData\Apple
2008-03-24 15:54 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-24 12:16 --------- d-----w C:\Users\Jonathan\AppData\Roaming\AdobeUM
2008-03-24 11:45 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-24 11:04 --------- d-----w C:\ProgramData\Lavasoft
2008-03-23 18:25 174 --sha-w C:\Program Files\desktop.ini
2008-03-23 18:20 --------- d-----w C:\Program Files\Windows Calendar
2008-03-23 18:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-23 18:19 --------- d-----w C:\Program Files\Windows Defender
2008-03-23 15:53 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-03-23 15:53 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-03-23 15:53 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-03-23 15:53 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-03-23 15:53 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-03-23 15:51 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-03-23 15:51 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-23 15:51 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-03-23 15:51 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-23 15:51 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-03-23 15:50 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-23 15:48 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-23 15:48 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-23 15:48 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-23 15:48 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-23 15:48 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-23 15:48 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-23 15:48 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-23 15:45 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-23 15:45 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-23 15:44 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-23 15:44 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-23 15:44 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-23 15:43 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-23 15:43 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-23 15:43 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-23 15:43 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-23 15:43 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-23 15:43 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-23 15:41 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-03-23 15:41 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-23 15:41 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-23 15:38 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAA455D6-E290-4EE1-A391-572E908D9A86}]
C:\Windows\system32\rqRKcaxU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffd41950-2f4a-4c78-8b5f-e84d5620cc5a}]
C:\Windows\system32\aytujuai.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-23 17:46 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-28 13:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-28 13:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-28 13:05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 05:14 4444160 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-13 09:36 1822720 C:\Windows\SkyTel.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 11:45 174872]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 11:45 33048]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 19:10 778240]
"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2007-02-26 05:29 677408]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-03-23 10:14 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-03-23 10:14 37232]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:12 17920]
"ooquickpdfv7"="C:\Windows\system32\oopmagentts.exe" [2008-03-23 16:20 69632]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"BM014b943f"="C:\Windows\system32\sfwuuqaw.dll" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 23:16:38 39792]
OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2008-03-23 16:28:19 713728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-901798157-1012506015-217218529-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B25AB98E-B47D-4417-AA1D-27A7061F9B7E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{26BA2548-C02C-48E4-8A66-37015B33F642}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B80CCD02-E501-4C4F-BD7D-6897F562E210}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1E60F9A7-AB96-476B-9D75-A8401F65F7A1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{1D8F30CF-3F44-411A-813B-DA20BF0FB59C}"= UDP:3703:Adobe Version Cue CS3 Server
"{F132B7C7-5798-49DD-B44E-33BEF96614ED}"= UDP:3704:Adobe Version Cue CS3 Server
"{A07FC4D4-D436-4C81-A9FA-16359AB7F727}"= UDP:50900:Adobe Version Cue CS3 Server
"{95DB4051-B240-4D52-97C6-40BB05F13FB4}"= UDP:50901:Adobe Version Cue CS3 Server
"{1536B601-6D43-49B8-9475-6027BAA60A82}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{A94A1BD5-E8EB-46C2-B88C-D08CB625021E}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{19D78AA7-FC67-4007-A9D6-AC04E7A5AC72}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B0897190-2780-4533-9EDA-9EFF63AA3657}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{33901CF8-4DBE-4A66-BD29-B640EED36AB9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D18EE592-ABEA-4B11-9745-41094F79E6A9}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{4A37FD9B-1914-4792-A2D7-9613CFEB4229}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"{F292A3A8-0899-4619-AEB5-949A06AACEC4}"= UDP:D:\iTunes\iTunes.exe:iTunes
"{5BFFBBC8-590E-401C-8875-D020A3C34E6E}"= TCP:D:\iTunes\iTunes.exe:iTunes
"TCP Query User{EE61AD8C-8083-4E6D-B0B7-37E3A6438997}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{CAD10662-A543-4720-94ED-2B80447A3A92}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{0AD56E63-8B59-4EEE-B91A-A3E95D8BABCA}C:\\users\\jonathan\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\jonathan\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{81CEAF66-19B0-41E8-95BE-0E5FB4F6D86D}C:\\users\\jonathan\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\jonathan\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{9062483E-6ADE-4673-B3D8-D977E504923A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4D91F23C-D298-49C8-8766-8B95CBA91D7C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 05:21]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 19:14]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 14:07]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 00:42]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 08:41]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 04:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{612fd8aa-027c-11dd-857c-001bfcf0ab92}]
\shell\AutoRun\command - H:\Autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22fd8bd-160d-11dd-917a-001bfcf0ab92}]
\shell\AutoRun\command - J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 21:44:22
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
C:\Windows\System32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IfxPsdSv.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
C:\Windows\System32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-21 21:48:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 19:48:04

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

287 --- E O F --- 2008-05-20 18:40:29



J'obtient a présent un message a chaque fois que j'allume mon ordinateur me disant adkafalf.ddl n'a pas réussit a se connecter truc bidule manquant.Vundofix ne m'a rien trouvé.

et voilà le rapport Hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:38, on 21/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Windows\System32\oopmagentts.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AAA455D6-E290-4EE1-A391-572E908D9A86} - C:\Windows\system32\rqRKcaxU.dll (file missing)
O2 - BHO: {a5cc0265-d48e-f5b8-87c4-a4f205914dff} - {ffd41950-2f4a-4c78-8b5f-e84d5620cc5a} - C:\Windows\system32\aytujuai.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\Windows\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM014b943f] Rundll32.exe "C:\Windows\system32\sfwuuqaw.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
0
Réponse 6 / 15
jacques.gache Messages postés 33461 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 617
 
bonjour, déja l'infection combo et vundo sont parti mais tu as une infection sd et ce que je t'aurrais proposé sous XP ne marche pas sous vista alors essais malwarebytes et ccleaner comme je t'avais demander dans le message 2 et reposte un nouveau hijackthis mais avant de le lancer pour analyse rends toi sur ton pc ici : C:\Program Files\Hijackthis\HijackThis.exe <--- clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .
!!Déconnectes toi et fermes toute tes applications en cours !!
Double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...
car certaine infection se planque d'hijackthis
si elle est toujours la on essaira autre chose merci @+
0
Réponse 7 / 15
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
salut daoeros,

ton antivirus avast est toujours la !

la suite,

Copie le texte ci-dessous :

File::
C:\Windows\system32\sfwuuqaw.dll
C:\Windows\system32\oopmagentts.exe
C:\Windows\system32\rqRKcaxU.dll
C:\Windows\system32\aytujuai.dll

Folder::


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAA455D6-E290-4EE1-A391-572E908D9A86}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffd41950-2f4a-4c78-8b5f-e84d5620cc5a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooquickpdfv7"=-
"BM014b943f"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 8 / 15
DaoEros Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
 
Merci de ta réponse g!rly , sympa ton animation ^^, combofix lance tout seul son scan meme pas besoin de taper 1, j'ai eu un redémarrage et comme demander voici mes deux rapports :
ComboFix 08-05-21.2 - Jonathan 2008-05-22 9:38:32.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1190 [GMT 2:00]
Endroit: C:\Users\Jonathan\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jonathan\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\system32\aytujuai.dll
C:\Windows\system32\oopmagentts.exe
C:\Windows\system32\rqRKcaxU.dll
C:\Windows\system32\sfwuuqaw.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\oopmagentts.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 07:20 35,666 ----a-w C:\Users\Jonathan\AppData\Roaming\nvModes.dat
2008-05-21 20:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-21 20:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-21 20:21 --------- d-----w C:\Program Files\PokerStars
2008-05-21 19:44 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-05-20 19:39 --------- d-----w C:\Program Files\CCleaner
2008-05-20 19:18 --------- d-----w C:\Users\Jonathan\AppData\Roaming\uTorrent
2008-05-20 18:40 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 17:02 --------- d-----w C:\Users\Jonathan\AppData\Roaming\OFFICEOne7
2008-05-18 15:02 --------- d-----w C:\Program Files\Navilog1
2008-05-17 10:43 --------- d-----w C:\Program Files\Panda Security
2008-05-17 09:54 --------- d-----w C:\Program Files\Windows Mail
2008-05-16 21:50 --------- d-----w C:\Program Files\Trend Micro
2008-05-16 21:09 --------- d-----w C:\Program Files\Lavasoft
2008-05-16 21:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 08:58 --------- d-----w C:\Program Files\Apple Software Update
2008-05-02 19:35 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Anthropics
2008-05-02 19:35 --------- d-----w C:\Program Files\Portrait Professional Max 6
2008-05-02 13:01 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Apple Computer
2008-05-01 11:35 99,024 ----a-w C:\Windows\MozillaUninstall.exe
2008-05-01 11:35 98,512 ----a-w C:\Windows\GREUninstall.exe
2008-05-01 11:35 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Talkback
2008-05-01 11:35 --------- d-----w C:\Program Files\Common Files\mozilla.org
2008-05-01 11:34 --------- d-----w C:\Program Files\mozilla.org
2008-04-18 13:49 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Nero
2008-04-18 13:47 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-18 13:43 --------- d-----w C:\ProgramData\Nero
2008-04-18 13:43 --------- d-----w C:\Program Files\Nero
2008-04-17 11:21 --------- d-----w C:\Program Files\NiBiTor.v3.5
2008-04-15 19:21 --------- d-----w C:\Users\Jonathan\AppData\Roaming\Ahead
2008-04-15 19:21 --------- d-----w C:\ProgramData\LightScribe
2008-04-15 19:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-15 19:19 --------- d-----w C:\ProgramData\Ahead
2008-04-14 11:47 --------- d-----w C:\Users\Jonathan\AppData\Roaming\DivX
2008-04-13 21:28 --------- d-----w C:\Program Files\DivX
2008-04-13 21:28 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-07 11:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 11:26 --------- d-----w C:\Program Files\Panasonic
2008-04-06 15:20 --------- d-----w C:\ProgramData\Apple Computer
2008-04-06 15:20 --------- d-----w C:\Program Files\iPod
2008-04-06 15:19 --------- d-----w C:\Program Files\QuickTime
2008-04-04 19:36 --------- d-----w C:\Program Files\THQ
2008-04-04 19:24 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-04 19:20 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-04 19:20 --------- d-----w C:\Users\Jonathan\AppData\Roaming\DAEMON Tools
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 17:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-31 16:53 --------- d-----w C:\Program Files\Windows Live
2008-03-31 16:48 --------- d-----w C:\ProgramData\WLInstaller
2008-03-30 18:42 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 15:11 --------- d-----w C:\Program Files\Google
2008-03-29 18:57 --------- d-----w C:\Users\Jonathan\AppData\Roaming\NCH Swift Sound
2008-03-29 18:52 --------- d-----w C:\ProgramData\NCH Swift Sound
2008-03-29 18:19 --------- d-----w C:\Program Files\uTorrent
2008-03-29 17:45 --------- d-----w C:\ProgramData\FLEXnet
2008-03-29 17:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 17:34 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-03-29 17:32 --------- d-----w C:\ProgramData\ALM
2008-03-29 16:56 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-24 15:57 --------- d-----w C:\Program Files\Bonjour
2008-03-24 15:54 --------- d-----w C:\ProgramData\Apple
2008-03-24 15:54 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-24 12:16 --------- d-----w C:\Users\Jonathan\AppData\Roaming\AdobeUM
2008-03-24 11:45 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-24 11:04 --------- d-----w C:\ProgramData\Lavasoft
2008-03-23 18:25 174 --sha-w C:\Program Files\desktop.ini
2008-03-23 18:20 --------- d-----w C:\Program Files\Windows Calendar
2008-03-23 18:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-23 18:19 --------- d-----w C:\Program Files\Windows Defender
2008-03-23 15:52 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-23 15:52 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-23 15:52 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-23 15:52 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-23 15:51 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-23 15:51 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-23 15:51 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-23 15:51 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-23 15:51 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-23 15:51 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-23 15:51 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-03-23 15:51 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-23 15:51 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-23 15:51 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-03-23 15:51 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-23 15:51 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-03-23 15:50 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-23 15:50 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-23 15:49 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-23 15:49 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-23 15:45 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-23 15:45 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-23 15:45 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-23 15:45 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-23 15:43 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-23 15:43 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-21_21.47.42.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 19:43:29 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-22 07:19:34 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-22 07:19:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-22 07:19:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-21 19:44:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-22 07:21:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-21 19:44:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-22 07:21:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-22 07:21:54 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-21 19:16:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-22 07:21:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-21 19:16:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-22 07:21:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-21 19:16:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-22 07:21:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-21 19:24:49 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-05-22 07:38:28 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-05-21 19:21:16 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-22 07:26:48 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-21 19:21:16 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-22 07:26:48 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-21 19:21:16 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-22 07:26:48 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-21 19:21:17 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-22 07:26:48 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-21 19:16:38 8,944 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-901798157-1012506015-217218529-1000_UserData.bin
+ 2008-05-22 07:22:11 9,340 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-901798157-1012506015-217218529-1000_UserData.bin
- 2008-05-21 19:16:38 82,150 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 07:22:11 82,382 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-21 19:16:35 63,422 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-22 07:22:09 63,438 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-23 17:46 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-28 13:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-28 13:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-28 13:05 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 05:14 4444160 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-13 09:36 1822720 C:\Windows\SkyTel.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 11:45 174872]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 11:45 33048]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 19:10 778240]
"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2007-02-26 05:29 677408]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-03-23 10:14 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-03-23 10:14 37232]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:12 17920]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 23:16:38 39792]
OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2008-03-23 16:28:19 713728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-901798157-1012506015-217218529-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B25AB98E-B47D-4417-AA1D-27A7061F9B7E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{26BA2548-C02C-48E4-8A66-37015B33F642}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B80CCD02-E501-4C4F-BD7D-6897F562E210}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1E60F9A7-AB96-476B-9D75-A8401F65F7A1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{1D8F30CF-3F44-411A-813B-DA20BF0FB59C}"= UDP:3703:Adobe Version Cue CS3 Server
"{F132B7C7-5798-49DD-B44E-33BEF96614ED}"= UDP:3704:Adobe Version Cue CS3 Server
"{A07FC4D4-D436-4C81-A9FA-16359AB7F727}"= UDP:50900:Adobe Version Cue CS3 Server
"{95DB4051-B240-4D52-97C6-40BB05F13FB4}"= UDP:50901:Adobe Version Cue CS3 Server
"{1536B601-6D43-49B8-9475-6027BAA60A82}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{A94A1BD5-E8EB-46C2-B88C-D08CB625021E}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{19D78AA7-FC67-4007-A9D6-AC04E7A5AC72}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B0897190-2780-4533-9EDA-9EFF63AA3657}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{33901CF8-4DBE-4A66-BD29-B640EED36AB9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D18EE592-ABEA-4B11-9745-41094F79E6A9}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{4A37FD9B-1914-4792-A2D7-9613CFEB4229}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"{F292A3A8-0899-4619-AEB5-949A06AACEC4}"= UDP:D:\iTunes\iTunes.exe:iTunes
"{5BFFBBC8-590E-401C-8875-D020A3C34E6E}"= TCP:D:\iTunes\iTunes.exe:iTunes
"TCP Query User{EE61AD8C-8083-4E6D-B0B7-37E3A6438997}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{CAD10662-A543-4720-94ED-2B80447A3A92}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{0AD56E63-8B59-4EEE-B91A-A3E95D8BABCA}C:\\users\\jonathan\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\jonathan\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{81CEAF66-19B0-41E8-95BE-0E5FB4F6D86D}C:\\users\\jonathan\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\jonathan\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{9062483E-6ADE-4673-B3D8-D977E504923A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4D91F23C-D298-49C8-8766-8B95CBA91D7C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 05:21]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 19:14]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 14:07]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 00:42]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 08:41]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 04:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{612fd8aa-027c-11dd-857c-001bfcf0ab92}]
\shell\AutoRun\command - H:\Autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22fd8bd-160d-11dd-917a-001bfcf0ab92}]
\shell\AutoRun\command - J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 09:49:39
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-22 9:50:52
ComboFix-quarantined-files.txt 2008-05-22 07:50:04
ComboFix2.txt 2008-05-21 19:48:44

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

272 --- E O F --- 2008-05-20 18:40:29


et l'autre :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:04, on 22/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
0
Réponse 9 / 15
jacques.gache Messages postés 33461 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 617
 
bonjour, perso plus rien sur hijackthis mais attend confirmation de G!rly puisque c'est lui qui te suit mais parcontre tu n'as pas d'anti-virus?? mais deux anti-spyware " windows défender et Ad-Aware"
0
DaoEros Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
 
comme je ne trouvais plus l'icone avast j'ai désinstallé se qui rester et réinstaller a partir de l'heure ou je te parle avast. Vous n'auriez pas quelques conseils a me donner pour ne plus chopper ste *****, car apparament je n'avais pas assez de protection...
0
Réponse 10 / 15
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
y a pas de mal ;-)
puis je ne peux t´en vouloir car c´est plus ou moins en cours...
bonne soirée`
@+
0
Réponse 11 / 15
DaoEros Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
 
J'étais encore infecté apparament , voici le rapport
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 779

Type de recherche: Examen complet (C:\|D:\|E:\|I:\|)
Eléments examinés: 229874
Temps écoulé: 51 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


et Hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:46:41, on 23/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
0
Réponse 12 / 15
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut daoEros,

de rien, merci pour le compliment ,-)

oui malwarebytes a trouvé des cles pas tres catholiques...

maintenant que tu as antivir ;-) tu vas pouvoir faire un scan complet de ta machine avec les reglages suivants :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

fais le scan en mode sans echec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

post le rapport généré.

je sais c´est long, mais courage ;-)

@+
0
Réponse 13 / 15
DaoEros Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
 
Je n'avais pas trop le temps pour le faire mais sa y est j'ai fait le scan en mode sans échec, voici le résultat :
defc

Avira AntiVir Personal
Report file date: samedi 24 mai 2008 14:00

Scanning for 1285667 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Save mode
Username: Jonathan
Computer name: PC-DE-JONATHAN

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 20:29:04
ANTIVIR3.VDF : 7.0.4.85 148480 Bytes 23/05/2008 09:41:22
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 22/05/2008 20:29:53
AESCN.DLL : 8.1.0.18 119156 Bytes 22/05/2008 20:29:50
AERDL.DLL : 8.1.0.20 418165 Bytes 22/05/2008 20:29:48
AEPACK.DLL : 8.1.1.5 364918 Bytes 22/05/2008 20:29:42
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 22/05/2008 20:29:36
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 22/05/2008 20:29:33
AEHELP.DLL : 8.1.0.14 115063 Bytes 22/05/2008 20:29:19
AEGEN.DLL : 8.1.0.21 303477 Bytes 22/05/2008 20:29:17
AEEMU.DLL : 8.1.0.6 430451 Bytes 22/05/2008 20:29:13
AECORE.DLL : 8.1.0.29 168311 Bytes 22/05/2008 20:29:08
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: samedi 24 mai 2008 14:00

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
21 processes with 21 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).


Starting the file scan:

Begin scan in 'C:\' <VistaOS>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>
Begin scan in 'E:\' <Documents>
Begin scan in 'I:\' <DATA2>


End of the scan: samedi 24 mai 2008 14:33
Used time: 33:00 min

The scan has been done completely.

21890 Scanning directories
474597 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
474597 Files not concerned
1903 Archives were scanned
2 Warnings
0 Notes
0
Réponse 14 / 15
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
cool daoEros ;-)

tu post un dernier hijack this pour voir...

@+
0
DaoEros Messages postés 13 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:00, on 26/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
0
Réponse 15 / 15
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut,

instale ceci :

comodo 32 bit :

http://soft.softoogle.com/

tuto :https://www.malekal.com/tutorial-comodo-firewall/

anti spyware resident :

https://www.usitility.com

pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins : ad block plus, no script ect...

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

Avec l´aide de hijack this coche et fix :

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

puis pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

@+
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Tableau croisé dynamique
Joh67 -
Joh67 -

2 réponses