Sujet Précédent Sujet Suivant

Svchost

Meneha -  
 Meneha -
Bonjour,
J'ai fait bien des recherches sur internet, mais sans résultat probant.
svchost utilise toutes mes ressources depuis 2 jours : il est difficile de faire quoi que ce soit, surtout sur internet. Ca rame, ça rame... J'ai Vista, une ram de 2go et un processeur Intel Core 2 duo T5250. C'est un pc portable. J'ai 2 antivirus, norton 360 et avast. Les 2 n'ont détecté aucun virus. J'ai également zone alarm. Aidez-moi par pitié je suis désespérée :'(

59 réponses

Réponse 1 / 59
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu as des restes de Norton.

Pour les enlever :

Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Ensuite, nettoyage des outils :

* Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

* Clic droit et exécuter en tant qu'administrateur sur Recherche et laisse le scan se terminer.

* Clique, sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
1
Réponse 2 / 59
Utilisateur anonyme
 
Bonjour,

2 antis virus ?!!!!!!

Désinstalle Norton.
0
Réponse 3 / 59
plouf plouf Messages postés 5037 Date d'inscription   Statut Contributeur Dernière intervention   801
 
Bonjour ,
Pour commencer , je conseillerais simplement , de supprimer un antivirus car 2=conflits !
Bon courage
0
Réponse 4 / 59
Meneha
 
c'est ce qu'il me semblait. Norton est désinstallé, mais j'ai toujours le même problème. Et je n'ai pas seulement 5 ou 6 processus svchost, j'en ai une quinzaine :s
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 59
Utilisateur anonyme
 
C'est normal que tu as beaucoup de svchost, moi j'en ai 14 en ce moment, et j'ai 2 G de RAM comme toi. Mais ce que je comprend pas pourquoi ça rame.

Tu me fais un rapport hijackthis et je vais essayer de voir pourquoi ça cloche.

Pour plus d'info sur l'utilisation de hijackthis ==> http://pageperso.aol.fr/balltrap34/demohijack.htm
0
Réponse 6 / 59
Meneha
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:21, on 23/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Users\Elodie\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\Windows\system32\adssite_sidebar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\Windows\system32\nswB752.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [DSS] C:\Windows\WWWInsHost.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.sosordi.net/libs/KaspWebscanner/kavwebscan_unicode.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 7 / 59
Meneha
 
Je sais que Vista utilise beaucoup de RAM, mais est-ce normal que ce processus à lui seul en utilise plus d'1 Go ?
0
Réponse 8 / 59
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

on va poursuivre à 2, fadh_zboot et moi.

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 9 / 59
Meneha
 
Tout s'est bien déroulé, voilà le rapport :

ComboFix 08-05-21.3 - Elodie 2008-05-24 12:57:53.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1192 [GMT 2:00]
Endroit: D:\Elodie\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\Adssite Advanced Toolbar\buttons.xml
C:\Program Files\Adssite Advanced Toolbar\search.xml
C:\Program Files\Adssite Advanced Toolbar\uninstall.exe
C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\Users\Elodie\AppData\Roaming\Adssite Advanced Toolbar
C:\Users\Elodie\AppData\Roaming\Adssite Advanced Toolbar\advertbuttons.xml
C:\Users\Elodie\AppData\Roaming\Adssite Advanced Toolbar\selected.xml
C:\Windows\system32\ACER.exe
C:\Windows\system32\adssite-remove.exe
C:\Windows\system32\adssite_sidebar.dll
C:\Windows\system32\rightonadz-uninst.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 11:35 . 2008-05-24 11:36 <REP> d-------- C:\Users\Elodie\AppData\Roaming\Wormux
2008-05-24 11:06 . 2008-05-24 11:06 <REP> d-------- C:\Program Files\Wormux
2008-05-24 10:37 . 2008-05-24 10:37 <REP> d-------- C:\Users\Elodie\AppData\Roaming\RegistrySmart
2008-05-23 20:14 . 2008-05-23 20:14 <REP> d-------- C:\Program Files\Trend Micro
2008-05-23 13:48 . 2008-05-23 13:48 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-21 12:43 . 2008-05-21 12:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-19 16:53 . 2008-05-20 18:53 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-05-19 16:19 . 2008-05-19 16:19 <REP> d-------- C:\PerfLogs
2008-05-19 15:19 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-19 15:18 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-19 15:17 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-19 15:16 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-19 15:15 . 2008-05-19 15:15 <REP> d-------- C:\PacMan
2008-05-19 15:15 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-19 15:15 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-19 15:15 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-05-19 15:15 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-19 15:14 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-19 15:14 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-19 15:14 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-19 15:13 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-19 15:13 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-19 15:12 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-19 15:12 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-19 15:12 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-19 15:12 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-19 15:12 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-05-19 14:55 . 2008-05-19 14:55 <REP> d-------- C:\Program Files\Tetris
2008-05-19 14:53 . 1997-07-19 16:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
2008-05-14 23:10 . 2008-05-14 23:10 <REP> d-------- C:\Images
2008-05-14 23:09 . 2008-05-14 23:10 <REP> d-------- C:\ExpressionWeb
2008-04-26 17:18 . 2008-04-26 17:18 <REP> d-------- C:\Program Files\Konami
2008-04-26 17:11 . 2008-04-26 17:17 <REP> d-------- C:\Casino Inc
2008-04-26 15:36 . 2008-05-21 13:23 <REP> d-------- C:\Program Files\MagicISO

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 10:54 351,783 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-05-23 18:24 --------- d-----w C:\Program Files\AxBx
2008-05-23 18:10 --------- d-----w C:\ProgramData\Symantec
2008-05-23 18:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 18:08 --------- d-----w C:\Program Files\Symantec
2008-05-23 18:08 --------- d-----w C:\Program Files\Norton 360
2008-05-22 21:42 3,068,416 ----a-w C:\Windows\Internet Logs\xDB2B92.tmp
2008-05-22 20:57 3,067,904 ----a-w C:\Windows\Internet Logs\xDB695C.tmp
2008-05-22 18:01 --------- d-----w C:\Users\Elodie\AppData\Roaming\OpenOffice.org2
2008-05-21 12:44 3,423,983 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-05-21 11:26 --------- d-----w C:\Program Files\Acer GameZone
2008-05-21 11:21 --------- d-----w C:\Program Files\EA GAMES
2008-05-19 14:37 174 --sha-w C:\Program Files\desktop.ini
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Mail
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Journal
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Defender
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Calendar
2008-05-19 13:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-19 13:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-17 19:27 --------- d-----w C:\Users\Elodie\AppData\Roaming\BitTorrent
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 20:59 2,780,672 ----a-w C:\Windows\Internet Logs\xDBF94C.tmp
2008-05-14 20:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 20:47 --------- d-----w C:\Program Files\MSBuild
2008-05-07 11:48 --------- d-----w C:\Program Files\DivX
2008-05-03 18:36 2,668,032 ----a-w C:\Windows\Internet Logs\xDB6DFE.tmp
2008-04-28 15:11 146,432 ----a-w C:\Windows\Internet Logs\xDB3745.tmp
2008-04-28 15:10 2,639,872 ----a-w C:\Windows\Internet Logs\xDB4421.tmp
2008-04-26 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 20:14 221,696 ----a-w C:\Windows\Internet Logs\xDB4C89.tmp
2008-04-25 18:27 --------- d-----w C:\Program Files\Java
2008-04-22 17:28 1,642,496 ----a-w C:\Windows\Internet Logs\xDB3E18.tmp
2008-04-20 10:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\LimeWire
2008-04-13 17:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\Symantec
2008-04-10 21:47 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-10 21:47 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-10 21:47 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-10 21:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 21:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-10 21:47 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 21:47 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 21:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 21:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 21:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 21:45 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 21:45 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 21:39 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-05 17:47 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-04-05 14:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-02 09:23 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
2008-04-01 17:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 20:36 704,512 ----a-w C:\Windows\Internet Logs\xDB3EF2.tmp
2008-03-31 14:50 --------- d-----w C:\Program Files\Windows Live
2008-03-31 12:37 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-03-31 12:36 --------- d-----w C:\Program Files\BitDefender
2008-03-31 11:45 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-03 13:05 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-03-03 13:05 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
"DSS"="C:\Windows\WWWInsHost.exe" [ ]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 22:27 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
"Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 11:36 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 18:42 457728]
"Acer Tour"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:02 678672]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 11:16 206952]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 14:57 159744]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4F6F825-4E89-486A-8B95-3192340F817A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{28276C90-044D-4DD6-8E4D-FC3B032F02B6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{3B2A64A9-C232-4765-AE81-D5C8F5CE7259}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{0F36CD92-4215-41E1-8427-8FDC82BC297D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{E3AD86A2-0361-4E7B-9E46-FCC6BCEB485D}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{7C578073-BC94-4EDE-A924-FECE6BBAD0E5}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{39C06FEE-5F60-49E4-B8C0-F352F179BFFD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{3642B44C-4B38-4D7A-9CDA-5D2585D3B1D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EE3AD914-083E-4A42-9965-B5A6506B50CD}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{55F9393F-D67E-4615-8A3A-356EC0EC5578}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 18:43]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-12 18:43]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 18:43]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 15:24]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 18:43]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 20:36]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 15:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 23:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-04 16:19]
R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-04-10 05:17]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-09-23 14:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\autorun.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-24 10:13:12 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.Elodie.Runs RegistrySmart to optimize your registry.
"2008-05-24 10:16:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 13:03:54
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-24 13:04:50
ComboFix-quarantined-files.txt 2008-05-24 11:04:41

Pre-Run: 34,044,715,008 octets libres
Post-Run: 34,888,069,120 octets libres

274 --- E O F --- 2008-05-23 08:20:56
0
Réponse 10 / 59
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Windows\WWWInsHost.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSS"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 11 / 59
Meneha
 
ComboFix 08-05-21.3 - Elodie 2008-05-24 15:14:14.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1215 [GMT 2:00]
Endroit: D:\Elodie\Desktop\ComboFix.exe
Command switches used :: D:\Elodie\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\WWWInsHost.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 15:13 . 2008-05-24 15:13 <REP> d-------- C:\327882R2FWJFW
2008-05-24 11:35 . 2008-05-24 11:36 <REP> d-------- C:\Users\Elodie\AppData\Roaming\Wormux
2008-05-24 11:06 . 2008-05-24 11:06 <REP> d-------- C:\Program Files\Wormux
2008-05-24 10:37 . 2008-05-24 10:37 <REP> d-------- C:\Users\Elodie\AppData\Roaming\RegistrySmart
2008-05-23 20:14 . 2008-05-23 20:14 <REP> d-------- C:\Program Files\Trend Micro
2008-05-23 13:48 . 2008-05-23 13:48 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-21 12:43 . 2008-05-21 12:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-19 16:53 . 2008-05-20 18:53 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-05-19 16:19 . 2008-05-19 16:19 <REP> d-------- C:\PerfLogs
2008-05-19 15:19 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-19 15:18 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-19 15:17 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-19 15:16 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-19 15:15 . 2008-05-19 15:15 <REP> d-------- C:\PacMan
2008-05-19 15:15 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-19 15:15 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-19 15:15 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-05-19 15:15 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-19 15:14 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-19 15:14 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-19 15:14 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-19 15:13 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-19 15:13 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-19 15:12 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-19 15:12 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-19 15:12 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-19 15:12 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-19 15:12 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-05-19 14:55 . 2008-05-19 14:55 <REP> d-------- C:\Program Files\Tetris
2008-05-19 14:53 . 1997-07-19 16:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
2008-05-14 23:10 . 2008-05-14 23:10 <REP> d-------- C:\Images
2008-05-14 23:09 . 2008-05-14 23:10 <REP> d-------- C:\ExpressionWeb
2008-04-26 17:18 . 2008-04-26 17:18 <REP> d-------- C:\Program Files\Konami
2008-04-26 17:11 . 2008-04-26 17:17 <REP> d-------- C:\Casino Inc
2008-04-26 15:36 . 2008-05-21 13:23 <REP> d-------- C:\Program Files\MagicISO

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 11:09 351,783 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-05-23 18:24 --------- d-----w C:\Program Files\AxBx
2008-05-23 18:10 --------- d-----w C:\ProgramData\Symantec
2008-05-23 18:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 18:08 --------- d-----w C:\Program Files\Symantec
2008-05-23 18:08 --------- d-----w C:\Program Files\Norton 360
2008-05-22 21:42 3,068,416 ----a-w C:\Windows\Internet Logs\xDB2B92.tmp
2008-05-22 20:57 3,067,904 ----a-w C:\Windows\Internet Logs\xDB695C.tmp
2008-05-22 18:01 --------- d-----w C:\Users\Elodie\AppData\Roaming\OpenOffice.org2
2008-05-21 12:44 3,423,983 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-05-21 11:26 --------- d-----w C:\Program Files\Acer GameZone
2008-05-21 11:21 --------- d-----w C:\Program Files\EA GAMES
2008-05-19 14:37 174 --sha-w C:\Program Files\desktop.ini
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Mail
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Journal
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Defender
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Calendar
2008-05-19 13:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-19 13:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-17 19:27 --------- d-----w C:\Users\Elodie\AppData\Roaming\BitTorrent
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 20:59 2,780,672 ----a-w C:\Windows\Internet Logs\xDBF94C.tmp
2008-05-14 20:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 20:47 --------- d-----w C:\Program Files\MSBuild
2008-05-07 11:48 --------- d-----w C:\Program Files\DivX
2008-05-03 18:36 2,668,032 ----a-w C:\Windows\Internet Logs\xDB6DFE.tmp
2008-04-28 15:11 146,432 ----a-w C:\Windows\Internet Logs\xDB3745.tmp
2008-04-28 15:10 2,639,872 ----a-w C:\Windows\Internet Logs\xDB4421.tmp
2008-04-26 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 20:14 221,696 ----a-w C:\Windows\Internet Logs\xDB4C89.tmp
2008-04-25 18:27 --------- d-----w C:\Program Files\Java
2008-04-22 17:28 1,642,496 ----a-w C:\Windows\Internet Logs\xDB3E18.tmp
2008-04-20 10:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\LimeWire
2008-04-13 17:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\Symantec
2008-04-10 21:47 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-10 21:47 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-10 21:47 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-10 21:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 21:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-10 21:47 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 21:47 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 21:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 21:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 21:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 21:45 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 21:45 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 21:39 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-05 17:47 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-04-05 14:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-02 09:23 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
2008-04-01 17:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 20:36 704,512 ----a-w C:\Windows\Internet Logs\xDB3EF2.tmp
2008-03-31 14:50 --------- d-----w C:\Program Files\Windows Live
2008-03-31 12:37 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-03-31 12:36 --------- d-----w C:\Program Files\BitDefender
2008-03-31 11:45 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-03 13:05 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-03-03 13:05 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-24_13.04.33,08 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-24 10:54:20 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-24 13:04:00 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-24 10:54:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-24 11:09:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-24 10:54:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-24 11:09:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-24 10:56:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-24 11:10:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-24 11:10:10 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-24 10:55:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-24 11:10:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-24 11:10:05 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-24 10:55:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-24 11:14:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-24 10:55:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-24 11:14:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-24 10:55:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-24 11:14:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-24 11:02:01 102,094 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-24 13:12:01 102,094 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-24 11:02:01 124,400 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-24 13:12:01 124,400 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-24 11:02:01 590,082 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-24 13:12:01 590,082 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-24 11:02:01 672,482 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-24 13:12:01 672,482 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-24 10:56:40 14,590 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3602491064-3196357041-2211815272-1000_UserData.bin
+ 2008-05-24 11:11:13 14,590 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3602491064-3196357041-2211815272-1000_UserData.bin
- 2008-05-24 10:56:40 81,776 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 11:11:13 81,792 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-24 10:56:39 62,654 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 11:11:12 62,718 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-22 21:06:12 221,640 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-05-24 13:04:01 222,162 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 22:27 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
"Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 11:36 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 18:42 457728]
"Acer Tour"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:02 678672]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 11:16 206952]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 14:57 159744]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4F6F825-4E89-486A-8B95-3192340F817A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{28276C90-044D-4DD6-8E4D-FC3B032F02B6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{3B2A64A9-C232-4765-AE81-D5C8F5CE7259}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{0F36CD92-4215-41E1-8427-8FDC82BC297D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{E3AD86A2-0361-4E7B-9E46-FCC6BCEB485D}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{7C578073-BC94-4EDE-A924-FECE6BBAD0E5}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{39C06FEE-5F60-49E4-B8C0-F352F179BFFD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{3642B44C-4B38-4D7A-9CDA-5D2585D3B1D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EE3AD914-083E-4A42-9965-B5A6506B50CD}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{55F9393F-D67E-4615-8A3A-356EC0EC5578}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 18:43]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-12 18:43]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 18:43]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 15:24]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 18:43]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 20:36]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 15:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 23:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-04 16:19]
R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-04-10 05:17]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-09-23 14:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-24 10:13:12 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.Elodie.Runs RegistrySmart to optimize your registry.
"2008-05-24 13:16:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 15:16:28
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-24 15:17:43
ComboFix-quarantined-files.txt 2008-05-24 13:17:28
ComboFix2.txt 2008-05-24 11:04:51

Pre-Run: 34,680,074,240 octets libres
Post-Run: 34,532,773,888 octets libres

293 --- E O F --- 2008-05-23 08:20:56
0
Réponse 12 / 59
Meneha
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:21, on 23/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Users\Elodie\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\Windows\system32\adssite_sidebar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\Windows\system32\nswB752.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [DSS] C:\Windows\WWWInsHost.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.sosordi.net/libs/KaspWebscanner/kavwebscan_unicode.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 13 / 59
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

ouvre l'explorateur Windows et cherche :

C:\Windows\system32\ActiveToolBand.dll

Clic droit, propriétés.

Donne moi la taille du fichier (tu la trouves dans l'onglet "Général") et le nom de l'éditeur (onglet "Entreprise", Entreprise)

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton Bureau

Clique droit sur le fichier OAD.exe et sur Propriétés, dans l'onglet Compatibilité, Cadre "Niveau de privilège" il faut cocher "Exécuter ce programme en tant qu'administrateur".

- nom de fichier à rechercher tape ou fais un copier coller de : WWWInsHost.exe
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)

Clique droit sur le fichier OAD.exe et sur Propriétés, dans l'onglet Compatibilité, Cadre "Niveau de privilège" il faut cocher "Exécuter ce programme en tant qu'administrateur".
0
Réponse 14 / 59
Meneha
 
Le fichier fait 292ko. Il n'y a pas le nom de l'éditeur.

24/05/2008 ---- 16:27:31,47

----------------------------------
§§§§§§ [WWWInsHost.exe] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 15 / 59
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

je sens que ce fichier va nous ennuyer un max.

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Windows\WWWInsHost.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
0
Réponse 16 / 59
Meneha
 
Il y a un petit problème... Je n'ai visiblement pas ce fichier ! Il n'est pas à l'emplacement indiqué. j'ai fait une recherche, aucun résultat...
0
Réponse 17 / 59
Meneha
 
J'ai en revanche InsHost.exe. Je te transmets le rapport à tout hasard :

0 bytes size received / Se ha recibido un archivo vacio.

Voilà le rapport :

SmitFraudFix v2.322

Scan done at 19:06:20,13, 24/05/2008
Run from D:\Elodie\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\cmd.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Elodie

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Elodie\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Elodie\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="eNetHook.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{068FE806-8D6D-4806-BB2B-2CBA5BD83982}: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 18 / 59
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Folder::
C:\Users\Elodie\AppData\Roaming\RegistrySmart

File::
c:\windows\system32\adssite_sidebar.dll
c:\windows\system32\activetoolband.dll
c:\windows\system32\nswb752.dll
C:\Windows\Tasks\RegistrySmart Scheduled Scan.job
C:\Program Files\RegistrySmart\RegistrySmart.ex
C:\Program Files\RegistrySmart.Elodie.Runs RegistrySmart to optimize your registry.
C:\Windows\WWWInsHost.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A568E-4201-478a-8536-526CF371D2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSS"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

@+
N'acceptez jamais une désinfection par mp.
0
Réponse 19 / 59
Meneha
 
ComboFix 08-05-21.3 - Elodie 2008-05-25 12:11:00.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1183 [GMT 2:00]
Endroit: D:\Elodie\Desktop\ComboFix.exe
Command switches used :: D:\Elodie\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\RegistrySmart.Elodie.Runs RegistrySmart to optimize your registry.
C:\Program Files\RegistrySmart\RegistrySmart.ex
c:\windows\system32\activetoolband.dll
c:\windows\system32\adssite_sidebar.dll
c:\windows\system32\nswb752.dll
C:\Windows\Tasks\RegistrySmart Scheduled Scan.job
C:\Windows\WWWInsHost.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Elodie\AppData\Roaming\RegistrySmart
C:\Users\Elodie\AppData\Roaming\RegistrySmart\Log\2008 May 24 - 10_37_19 AM_667.log
c:\windows\system32\activetoolband.dll
C:\Windows\Tasks\RegistrySmart Scheduled Scan.job

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 19:06 . 2008-05-24 19:06 4,164 --a------ C:\Windows\System32\tmp.reg
2008-05-24 11:35 . 2008-05-24 11:36 <REP> d-------- C:\Users\Elodie\AppData\Roaming\Wormux
2008-05-24 11:06 . 2008-05-24 11:06 <REP> d-------- C:\Program Files\Wormux
2008-05-23 20:14 . 2008-05-23 20:14 <REP> d-------- C:\Program Files\Trend Micro
2008-05-23 13:48 . 2008-05-23 13:48 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-21 12:43 . 2008-05-21 12:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-19 16:53 . 2008-05-20 18:53 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-05-19 16:19 . 2008-05-19 16:19 <REP> d-------- C:\PerfLogs
2008-05-19 15:19 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-19 15:18 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-19 15:17 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-19 15:16 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-19 15:15 . 2008-05-19 15:15 <REP> d-------- C:\PacMan
2008-05-19 15:15 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-19 15:15 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-19 15:15 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-05-19 15:15 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-19 15:14 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-19 15:14 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-19 15:14 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-19 15:13 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-19 15:13 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-19 15:12 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-19 15:12 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-19 15:12 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-19 15:12 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-19 15:12 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-05-19 14:55 . 2008-05-19 14:55 <REP> d-------- C:\Program Files\Tetris
2008-05-19 14:53 . 1997-07-19 16:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
2008-05-14 23:10 . 2008-05-14 23:10 <REP> d-------- C:\Images
2008-05-14 23:09 . 2008-05-14 23:10 <REP> d-------- C:\ExpressionWeb
2008-04-26 17:18 . 2008-04-26 17:18 <REP> d-------- C:\Program Files\Konami
2008-04-26 17:11 . 2008-04-26 17:17 <REP> d-------- C:\Casino Inc
2008-04-26 15:36 . 2008-05-21 13:23 <REP> d-------- C:\Program Files\MagicISO

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 09:42 351,783 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-05-23 18:24 --------- d-----w C:\Program Files\AxBx
2008-05-23 18:10 --------- d-----w C:\ProgramData\Symantec
2008-05-23 18:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 18:08 --------- d-----w C:\Program Files\Symantec
2008-05-23 18:08 --------- d-----w C:\Program Files\Norton 360
2008-05-22 21:42 3,068,416 ----a-w C:\Windows\Internet Logs\xDB2B92.tmp
2008-05-22 20:57 3,067,904 ----a-w C:\Windows\Internet Logs\xDB695C.tmp
2008-05-22 18:01 --------- d-----w C:\Users\Elodie\AppData\Roaming\OpenOffice.org2
2008-05-21 12:44 3,423,983 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-05-21 11:26 --------- d-----w C:\Program Files\Acer GameZone
2008-05-21 11:21 --------- d-----w C:\Program Files\EA GAMES
2008-05-19 14:37 174 --sha-w C:\Program Files\desktop.ini
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Mail
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Journal
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Defender
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Calendar
2008-05-19 13:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-19 13:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-17 19:27 --------- d-----w C:\Users\Elodie\AppData\Roaming\BitTorrent
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 20:59 2,780,672 ----a-w C:\Windows\Internet Logs\xDBF94C.tmp
2008-05-14 20:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 20:47 --------- d-----w C:\Program Files\MSBuild
2008-05-07 11:48 --------- d-----w C:\Program Files\DivX
2008-05-03 18:36 2,668,032 ----a-w C:\Windows\Internet Logs\xDB6DFE.tmp
2008-04-28 15:11 146,432 ----a-w C:\Windows\Internet Logs\xDB3745.tmp
2008-04-28 15:10 2,639,872 ----a-w C:\Windows\Internet Logs\xDB4421.tmp
2008-04-26 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 20:14 221,696 ----a-w C:\Windows\Internet Logs\xDB4C89.tmp
2008-04-25 18:27 --------- d-----w C:\Program Files\Java
2008-04-22 17:28 1,642,496 ----a-w C:\Windows\Internet Logs\xDB3E18.tmp
2008-04-20 10:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\LimeWire
2008-04-13 17:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\Symantec
2008-04-10 21:47 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-10 21:47 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-10 21:47 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-10 21:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 21:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-10 21:47 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 21:47 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 21:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 21:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 21:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 21:45 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 21:45 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 21:39 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-05 17:47 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-04-05 14:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-02 09:23 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
2008-04-01 17:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-31 20:36 704,512 ----a-w C:\Windows\Internet Logs\xDB3EF2.tmp
2008-03-31 14:50 --------- d-----w C:\Program Files\Windows Live
2008-03-31 12:37 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-03-31 12:36 --------- d-----w C:\Program Files\BitDefender
2008-03-31 11:45 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-03 13:05 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-03-03 13:05 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-24_15.17.09,91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-24 13:04:00 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-25 09:41:40 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-24 11:09:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-25 09:41:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-24 11:09:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-25 09:41:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-24 11:10:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-25 09:43:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-25 09:43:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-24 11:10:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-25 09:43:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-25 09:43:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-24 11:14:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-25 09:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-24 11:14:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-25 09:47:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-24 11:14:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-25 09:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-24 13:12:01 102,094 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-25 09:46:49 102,094 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-24 13:12:01 124,400 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-25 09:46:49 124,400 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-24 13:12:01 590,082 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-25 09:46:49 590,082 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-24 13:12:01 672,482 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-25 09:46:49 672,482 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-24 11:11:13 14,590 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3602491064-3196357041-2211815272-1000_UserData.bin
+ 2008-05-25 09:44:01 14,606 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3602491064-3196357041-2211815272-1000_UserData.bin
- 2008-05-24 11:11:13 81,792 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 09:44:01 81,942 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-24 11:11:12 62,718 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 09:44:00 62,766 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-24 13:04:01 222,162 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-05-24 17:57:37 225,864 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 22:27 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
"Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 11:36 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 18:42 457728]
"Acer Tour"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:02 678672]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 11:16 206952]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 14:57 159744]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4F6F825-4E89-486A-8B95-3192340F817A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{28276C90-044D-4DD6-8E4D-FC3B032F02B6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{3B2A64A9-C232-4765-AE81-D5C8F5CE7259}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{0F36CD92-4215-41E1-8427-8FDC82BC297D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{E3AD86A2-0361-4E7B-9E46-FCC6BCEB485D}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{7C578073-BC94-4EDE-A924-FECE6BBAD0E5}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{39C06FEE-5F60-49E4-B8C0-F352F179BFFD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{3642B44C-4B38-4D7A-9CDA-5D2585D3B1D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EE3AD914-083E-4A42-9965-B5A6506B50CD}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{55F9393F-D67E-4615-8A3A-356EC0EC5578}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 18:43]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-12 18:43]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 18:43]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 15:24]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 18:43]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 20:36]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 15:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 23:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-04 16:19]
R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-04-10 05:17]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-09-23 14:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-24 17:16:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 12:12:46
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-25 12:13:34
ComboFix-quarantined-files.txt 2008-05-25 10:13:27
ComboFix2.txt 2008-05-24 13:17:43
ComboFix3.txt 2008-05-24 11:04:51

Pre-Run: 33,827,565,568 octets libres
Post-Run: 33,681,281,024 octets libres

299 --- E O F --- 2008-05-23 08:20:56
0
Réponse 20 / 59
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

le rapport hijackthis qui va avec, merci.
0

Discussions similaires

problème de virus
Laurentc49 -
Utilisateur anonyme -

13 réponses
Comment éliminer win32.rungbu.a ?
K!Ll3r m@N -
jacques.gache -

11 réponses
cheval de troie et formatage
élisettekl -
azerty -

21 réponses
virus ?!
maxxii -
maxxii -

11 réponses
Svchost.exe bouffe 100% du DD
maiden123 -
Cesel45 -

3 réponses