Svchost

Meneha -  
 Meneha -
Bonjour,
J'ai fait bien des recherches sur internet, mais sans résultat probant.
svchost utilise toutes mes ressources depuis 2 jours : il est difficile de faire quoi que ce soit, surtout sur internet. Ca rame, ça rame... J'ai Vista, une ram de 2go et un processeur Intel Core 2 duo T5250. C'est un pc portable. J'ai 2 antivirus, norton 360 et avast. Les 2 n'ont détecté aucun virus. J'ai également zone alarm. Aidez-moi par pitié je suis désespérée :'(

59 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le problème porte sur svchost qui monopolise les ressources sous Windows Vista, avec 2 Go de RAM, provoquant un ralentissement majeur malgré Norton 360 et Avast. La meilleure réponse indique que des restes de Norton perturbent le système et conseille de le désinstaller via un désinstalleur officiel puis d’outils de nettoyage (ToolsCleaner) et de poster le rapport TCleaner. D'autres réponses évoquent des outils de diagnostic (CatchMe, HiJackThis, ATF-Cleaner) pour identifier les éléments actifs et nettoyer les éventuels indésirables, tout en examinant les paramètres réseau afin d'établir un bilan plus fiable. Certaines interventions soulignent que le rapport d’analyse peut être dispersé entre outils et qu’il faut réunir les résultats dans un fichier unique, comme TCleaner.txt, pour faciliter le diagnostic.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    tu as des restes de Norton.

    Pour les enlever :

    Desinstalleur Norton:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

    Ensuite, nettoyage des outils :

    * Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

    * Clic droit et exécuter en tant qu'administrateur sur Recherche et laisse le scan se terminer.

    * Clique, sur Suppression pour finaliser.

    * Tu peux, si tu le souhaites, te servir des Options facultatives.

    * Clique sur Quitter, pour que le rapport puisse se créer.

    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
    1
  2. Utilisateur anonyme
     
    Bonjour,

    2 antis virus ?!!!!!!

    Désinstalle Norton.
    0
  3. plouf plouf Messages postés 25 Date d'inscription   Statut Contributeur Dernière intervention   801
     
    Bonjour ,
    Pour commencer , je conseillerais simplement , de supprimer un antivirus car 2=conflits !
    Bon courage
    0
  4. Meneha
     
    c'est ce qu'il me semblait. Norton est désinstallé, mais j'ai toujours le même problème. Et je n'ai pas seulement 5 ou 6 processus svchost, j'en ai une quinzaine :s
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    C'est normal que tu as beaucoup de svchost, moi j'en ai 14 en ce moment, et j'ai 2 G de RAM comme toi. Mais ce que je comprend pas pourquoi ça rame.

    Tu me fais un rapport hijackthis et je vais essayer de voir pourquoi ça cloche.

    Pour plus d'info sur l'utilisation de hijackthis ==> http://pageperso.aol.fr/balltrap34/demohijack.htm
    0
  7. Meneha
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:15:21, on 23/05/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Launch Manager\LManager.exe
    C:\Users\Elodie\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\Windows\system32\adssite_sidebar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\Windows\system32\nswB752.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [DSS] C:\Windows\WWWInsHost.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.sosordi.net/libs/KaspWebscanner/kavwebscan_unicode.cab
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  8. Meneha
     
    Je sais que Vista utilise beaucoup de RAM, mais est-ce normal que ce processus à lui seul en utilise plus d'1 Go ?
    0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    on va poursuivre à 2, fadh_zboot et moi.

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  10. Meneha
     
    Tout s'est bien déroulé, voilà le rapport :

    ComboFix 08-05-21.3 - Elodie 2008-05-24 12:57:53.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1192 [GMT 2:00]
    Endroit: D:\Elodie\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Adssite Advanced Toolbar
    C:\Program Files\Adssite Advanced Toolbar\buttons.xml
    C:\Program Files\Adssite Advanced Toolbar\search.xml
    C:\Program Files\Adssite Advanced Toolbar\uninstall.exe
    C:\Program Files\Adssite Games Collection
    C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
    C:\Program Files\Adssite Games Collection\BobAndBill.exe
    C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
    C:\Program Files\Adssite Games Collection\Lines.exe
    C:\Program Files\Adssite Games Collection\uninstall.exe
    C:\Program Files\Adssite Games Collection\VideoPool.exe
    C:\Users\Elodie\AppData\Roaming\Adssite Advanced Toolbar
    C:\Users\Elodie\AppData\Roaming\Adssite Advanced Toolbar\advertbuttons.xml
    C:\Users\Elodie\AppData\Roaming\Adssite Advanced Toolbar\selected.xml
    C:\Windows\system32\ACER.exe
    C:\Windows\system32\adssite-remove.exe
    C:\Windows\system32\adssite_sidebar.dll
    C:\Windows\system32\rightonadz-uninst.exe
    C:\Windows\system32\x64

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-24 11:35 . 2008-05-24 11:36 <REP> d-------- C:\Users\Elodie\AppData\Roaming\Wormux
    2008-05-24 11:06 . 2008-05-24 11:06 <REP> d-------- C:\Program Files\Wormux
    2008-05-24 10:37 . 2008-05-24 10:37 <REP> d-------- C:\Users\Elodie\AppData\Roaming\RegistrySmart
    2008-05-23 20:14 . 2008-05-23 20:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-23 13:48 . 2008-05-23 13:48 <REP> d-------- C:\Windows\System32\Kaspersky Lab
    2008-05-21 12:43 . 2008-05-21 12:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-05-19 16:53 . 2008-05-20 18:53 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-05-19 16:19 . 2008-05-19 16:19 <REP> d-------- C:\PerfLogs
    2008-05-19 15:19 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
    2008-05-19 15:18 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-05-19 15:17 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
    2008-05-19 15:16 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-19 15:15 . 2008-05-19 15:15 <REP> d-------- C:\PacMan
    2008-05-19 15:15 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-05-19 15:15 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
    2008-05-19 15:15 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
    2008-05-19 15:15 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-05-19 15:14 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-05-19 15:14 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-05-19 15:14 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-05-19 15:13 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-05-19 15:13 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-05-19 15:12 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-05-19 15:12 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-05-19 15:12 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-05-19 15:12 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-05-19 15:12 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
    2008-05-19 14:55 . 2008-05-19 14:55 <REP> d-------- C:\Program Files\Tetris
    2008-05-19 14:53 . 1997-07-19 16:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
    2008-05-14 23:10 . 2008-05-14 23:10 <REP> d-------- C:\Images
    2008-05-14 23:09 . 2008-05-14 23:10 <REP> d-------- C:\ExpressionWeb
    2008-04-26 17:18 . 2008-04-26 17:18 <REP> d-------- C:\Program Files\Konami
    2008-04-26 17:11 . 2008-04-26 17:17 <REP> d-------- C:\Casino Inc
    2008-04-26 15:36 . 2008-05-21 13:23 <REP> d-------- C:\Program Files\MagicISO

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-24 10:54 351,783 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-05-23 18:24 --------- d-----w C:\Program Files\AxBx
    2008-05-23 18:10 --------- d-----w C:\ProgramData\Symantec
    2008-05-23 18:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-23 18:08 --------- d-----w C:\Program Files\Symantec
    2008-05-23 18:08 --------- d-----w C:\Program Files\Norton 360
    2008-05-22 21:42 3,068,416 ----a-w C:\Windows\Internet Logs\xDB2B92.tmp
    2008-05-22 20:57 3,067,904 ----a-w C:\Windows\Internet Logs\xDB695C.tmp
    2008-05-22 18:01 --------- d-----w C:\Users\Elodie\AppData\Roaming\OpenOffice.org2
    2008-05-21 12:44 3,423,983 ----a-w C:\Windows\Internet Logs\tvDebug.zip
    2008-05-21 11:26 --------- d-----w C:\Program Files\Acer GameZone
    2008-05-21 11:21 --------- d-----w C:\Program Files\EA GAMES
    2008-05-19 14:37 174 --sha-w C:\Program Files\desktop.ini
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Mail
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Journal
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Defender
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Collaboration
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-19 13:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-05-19 13:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-05-17 19:27 --------- d-----w C:\Users\Elodie\AppData\Roaming\BitTorrent
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-14 20:59 2,780,672 ----a-w C:\Windows\Internet Logs\xDBF94C.tmp
    2008-05-14 20:56 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 20:47 --------- d-----w C:\Program Files\MSBuild
    2008-05-07 11:48 --------- d-----w C:\Program Files\DivX
    2008-05-03 18:36 2,668,032 ----a-w C:\Windows\Internet Logs\xDB6DFE.tmp
    2008-04-28 15:11 146,432 ----a-w C:\Windows\Internet Logs\xDB3745.tmp
    2008-04-28 15:10 2,639,872 ----a-w C:\Windows\Internet Logs\xDB4421.tmp
    2008-04-26 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-25 20:14 221,696 ----a-w C:\Windows\Internet Logs\xDB4C89.tmp
    2008-04-25 18:27 --------- d-----w C:\Program Files\Java
    2008-04-22 17:28 1,642,496 ----a-w C:\Windows\Internet Logs\xDB3E18.tmp
    2008-04-20 10:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\LimeWire
    2008-04-13 17:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\Symantec
    2008-04-10 21:47 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-04-10 21:47 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-04-10 21:47 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-04-10 21:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-04-10 21:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-04-10 21:47 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-04-10 21:47 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-04-10 21:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-04-10 21:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-04-10 21:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-04-10 21:45 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-04-10 21:45 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-04-10 21:39 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-04-05 17:47 --------- d-----w C:\Program Files\Lionhead Studios Ltd
    2008-04-05 14:21 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-02 09:23 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
    2008-04-01 17:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-03-31 20:36 704,512 ----a-w C:\Windows\Internet Logs\xDB3EF2.tmp
    2008-03-31 14:50 --------- d-----w C:\Program Files\Windows Live
    2008-03-31 12:37 --------- d-----w C:\Program Files\Common Files\BitDefender
    2008-03-31 12:36 --------- d-----w C:\Program Files\BitDefender
    2008-03-31 11:45 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
    2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2008-03-03 13:05 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
    2008-03-03 13:05 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
    "DSS"="C:\Windows\WWWInsHost.exe" [ ]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 22:27 171448]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
    "ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 11:36 1286144]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 18:42 457728]
    "Acer Tour"="" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:02 678672]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 11:16 206952]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 14:57 159744]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=eNetHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F4F6F825-4E89-486A-8B95-3192340F817A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{28276C90-044D-4DD6-8E4D-FC3B032F02B6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
    "{3B2A64A9-C232-4765-AE81-D5C8F5CE7259}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
    "{0F36CD92-4215-41E1-8427-8FDC82BC297D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
    "{E3AD86A2-0361-4E7B-9E46-FCC6BCEB485D}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
    "{7C578073-BC94-4EDE-A924-FECE6BBAD0E5}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
    "{39C06FEE-5F60-49E4-B8C0-F352F179BFFD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
    "{3642B44C-4B38-4D7A-9CDA-5D2585D3B1D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{EE3AD914-083E-4A42-9965-B5A6506B50CD}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{55F9393F-D67E-4615-8A3A-356EC0EC5578}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 18:43]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-12 18:43]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 18:43]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 15:24]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 18:43]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 20:36]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 15:05]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 23:15]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-04 16:19]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-04-10 05:17]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-09-23 14:10]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\autorun.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-24 10:13:12 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart.Elodie.Runs RegistrySmart to optimize your registry.
    "2008-05-24 10:16:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-24 13:03:54
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-24 13:04:50
    ComboFix-quarantined-files.txt 2008-05-24 11:04:41

    Pre-Run: 34,044,715,008 octets libres
    Post-Run: 34,888,069,120 octets libres

    274 --- E O F --- 2008-05-23 08:20:56
    0
  11. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    Copie ou imprime les instructions avant

    Déconnecte toi d'internet et ferme toutes tes applications.

    Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Windows\WWWInsHost.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DSS"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

    Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Réactive ton parefeu, ton antivirus, la garde de ton antispyware

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
    0
  12. Meneha
     
    ComboFix 08-05-21.3 - Elodie 2008-05-24 15:14:14.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1215 [GMT 2:00]
    Endroit: D:\Elodie\Desktop\ComboFix.exe
    Command switches used :: D:\Elodie\Desktop\CFscript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\WWWInsHost.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-24 15:13 . 2008-05-24 15:13 <REP> d-------- C:\327882R2FWJFW
    2008-05-24 11:35 . 2008-05-24 11:36 <REP> d-------- C:\Users\Elodie\AppData\Roaming\Wormux
    2008-05-24 11:06 . 2008-05-24 11:06 <REP> d-------- C:\Program Files\Wormux
    2008-05-24 10:37 . 2008-05-24 10:37 <REP> d-------- C:\Users\Elodie\AppData\Roaming\RegistrySmart
    2008-05-23 20:14 . 2008-05-23 20:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-23 13:48 . 2008-05-23 13:48 <REP> d-------- C:\Windows\System32\Kaspersky Lab
    2008-05-21 12:43 . 2008-05-21 12:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-05-19 16:53 . 2008-05-20 18:53 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-05-19 16:19 . 2008-05-19 16:19 <REP> d-------- C:\PerfLogs
    2008-05-19 15:19 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
    2008-05-19 15:18 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-05-19 15:17 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
    2008-05-19 15:16 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-19 15:15 . 2008-05-19 15:15 <REP> d-------- C:\PacMan
    2008-05-19 15:15 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-05-19 15:15 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
    2008-05-19 15:15 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
    2008-05-19 15:15 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-05-19 15:14 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-05-19 15:14 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-05-19 15:14 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-05-19 15:13 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-05-19 15:13 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-05-19 15:12 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-05-19 15:12 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-05-19 15:12 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-05-19 15:12 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-05-19 15:12 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
    2008-05-19 14:55 . 2008-05-19 14:55 <REP> d-------- C:\Program Files\Tetris
    2008-05-19 14:53 . 1997-07-19 16:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
    2008-05-14 23:10 . 2008-05-14 23:10 <REP> d-------- C:\Images
    2008-05-14 23:09 . 2008-05-14 23:10 <REP> d-------- C:\ExpressionWeb
    2008-04-26 17:18 . 2008-04-26 17:18 <REP> d-------- C:\Program Files\Konami
    2008-04-26 17:11 . 2008-04-26 17:17 <REP> d-------- C:\Casino Inc
    2008-04-26 15:36 . 2008-05-21 13:23 <REP> d-------- C:\Program Files\MagicISO

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-24 11:09 351,783 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-05-23 18:24 --------- d-----w C:\Program Files\AxBx
    2008-05-23 18:10 --------- d-----w C:\ProgramData\Symantec
    2008-05-23 18:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-23 18:08 --------- d-----w C:\Program Files\Symantec
    2008-05-23 18:08 --------- d-----w C:\Program Files\Norton 360
    2008-05-22 21:42 3,068,416 ----a-w C:\Windows\Internet Logs\xDB2B92.tmp
    2008-05-22 20:57 3,067,904 ----a-w C:\Windows\Internet Logs\xDB695C.tmp
    2008-05-22 18:01 --------- d-----w C:\Users\Elodie\AppData\Roaming\OpenOffice.org2
    2008-05-21 12:44 3,423,983 ----a-w C:\Windows\Internet Logs\tvDebug.zip
    2008-05-21 11:26 --------- d-----w C:\Program Files\Acer GameZone
    2008-05-21 11:21 --------- d-----w C:\Program Files\EA GAMES
    2008-05-19 14:37 174 --sha-w C:\Program Files\desktop.ini
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Mail
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Journal
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Defender
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Collaboration
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-19 13:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-05-19 13:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-05-17 19:27 --------- d-----w C:\Users\Elodie\AppData\Roaming\BitTorrent
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-14 20:59 2,780,672 ----a-w C:\Windows\Internet Logs\xDBF94C.tmp
    2008-05-14 20:56 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 20:47 --------- d-----w C:\Program Files\MSBuild
    2008-05-07 11:48 --------- d-----w C:\Program Files\DivX
    2008-05-03 18:36 2,668,032 ----a-w C:\Windows\Internet Logs\xDB6DFE.tmp
    2008-04-28 15:11 146,432 ----a-w C:\Windows\Internet Logs\xDB3745.tmp
    2008-04-28 15:10 2,639,872 ----a-w C:\Windows\Internet Logs\xDB4421.tmp
    2008-04-26 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-25 20:14 221,696 ----a-w C:\Windows\Internet Logs\xDB4C89.tmp
    2008-04-25 18:27 --------- d-----w C:\Program Files\Java
    2008-04-22 17:28 1,642,496 ----a-w C:\Windows\Internet Logs\xDB3E18.tmp
    2008-04-20 10:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\LimeWire
    2008-04-13 17:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\Symantec
    2008-04-10 21:47 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-04-10 21:47 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-04-10 21:47 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-04-10 21:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-04-10 21:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-04-10 21:47 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-04-10 21:47 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-04-10 21:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-04-10 21:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-04-10 21:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-04-10 21:45 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-04-10 21:45 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-04-10 21:39 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-04-05 17:47 --------- d-----w C:\Program Files\Lionhead Studios Ltd
    2008-04-05 14:21 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-02 09:23 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
    2008-04-01 17:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-03-31 20:36 704,512 ----a-w C:\Windows\Internet Logs\xDB3EF2.tmp
    2008-03-31 14:50 --------- d-----w C:\Program Files\Windows Live
    2008-03-31 12:37 --------- d-----w C:\Program Files\Common Files\BitDefender
    2008-03-31 12:36 --------- d-----w C:\Program Files\BitDefender
    2008-03-31 11:45 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
    2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2008-03-03 13:05 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
    2008-03-03 13:05 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-24_13.04.33,08 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-24 10:54:20 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-24 13:04:00 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-24 10:54:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-24 11:09:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-05-24 10:54:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-05-24 11:09:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-05-24 10:56:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-24 11:10:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-24 11:10:10 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-05-24 10:55:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-24 11:10:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-24 11:10:05 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-05-24 10:55:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-24 11:14:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-24 10:55:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-24 11:14:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-24 10:55:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-24 11:14:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-24 11:02:01 102,094 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-05-24 13:12:01 102,094 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-05-24 11:02:01 124,400 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-05-24 13:12:01 124,400 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-05-24 11:02:01 590,082 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-05-24 13:12:01 590,082 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-05-24 11:02:01 672,482 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-05-24 13:12:01 672,482 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-05-24 10:56:40 14,590 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3602491064-3196357041-2211815272-1000_UserData.bin
    + 2008-05-24 11:11:13 14,590 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3602491064-3196357041-2211815272-1000_UserData.bin
    - 2008-05-24 10:56:40 81,776 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-24 11:11:13 81,792 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-24 10:56:39 62,654 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-24 11:11:12 62,718 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-05-22 21:06:12 221,640 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-05-24 13:04:01 222,162 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 22:27 171448]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
    "ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 11:36 1286144]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 18:42 457728]
    "Acer Tour"="" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:02 678672]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 11:16 206952]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 14:57 159744]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=eNetHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F4F6F825-4E89-486A-8B95-3192340F817A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{28276C90-044D-4DD6-8E4D-FC3B032F02B6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
    "{3B2A64A9-C232-4765-AE81-D5C8F5CE7259}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
    "{0F36CD92-4215-41E1-8427-8FDC82BC297D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
    "{E3AD86A2-0361-4E7B-9E46-FCC6BCEB485D}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
    "{7C578073-BC94-4EDE-A924-FECE6BBAD0E5}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
    "{39C06FEE-5F60-49E4-B8C0-F352F179BFFD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
    "{3642B44C-4B38-4D7A-9CDA-5D2585D3B1D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{EE3AD914-083E-4A42-9965-B5A6506B50CD}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{55F9393F-D67E-4615-8A3A-356EC0EC5578}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 18:43]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-12 18:43]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 18:43]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 15:24]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 18:43]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 20:36]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 15:05]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 23:15]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-04 16:19]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-04-10 05:17]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-09-23 14:10]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-24 10:13:12 C:\Windows\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart.Elodie.Runs RegistrySmart to optimize your registry.
    "2008-05-24 13:16:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-24 15:16:28
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-24 15:17:43
    ComboFix-quarantined-files.txt 2008-05-24 13:17:28
    ComboFix2.txt 2008-05-24 11:04:51

    Pre-Run: 34,680,074,240 octets libres
    Post-Run: 34,532,773,888 octets libres

    293 --- E O F --- 2008-05-23 08:20:56
    0
  13. Meneha
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:15:21, on 23/05/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Launch Manager\LManager.exe
    C:\Users\Elodie\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\Windows\system32\adssite_sidebar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\Windows\system32\nswB752.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [DSS] C:\Windows\WWWInsHost.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.sosordi.net/libs/KaspWebscanner/kavwebscan_unicode.cab
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  14. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    ouvre l'explorateur Windows et cherche :

    C:\Windows\system32\ActiveToolBand.dll

    Clic droit, propriétés.

    Donne moi la taille du fichier (tu la trouves dans l'onglet "Général") et le nom de l'éditeur (onglet "Entreprise", Entreprise)

    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton Bureau

    Clique droit sur le fichier OAD.exe et sur Propriétés, dans l'onglet Compatibilité, Cadre "Niveau de privilège" il faut cocher "Exécuter ce programme en tant qu'administrateur".

    - nom de fichier à rechercher tape ou fais un copier coller de : WWWInsHost.exe
    - Type de recherche : sélectionne l'option 6 puis valide [entree]

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
    Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.

    Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)

    Clique droit sur le fichier OAD.exe et sur Propriétés, dans l'onglet Compatibilité, Cadre "Niveau de privilège" il faut cocher "Exécuter ce programme en tant qu'administrateur".
    0
  15. Meneha
     
    Le fichier fait 292ko. Il n'y a pas le nom de l'éditeur.

    24/05/2008 ---- 16:27:31,47

    ----------------------------------
    §§§§§§ [WWWInsHost.exe] §§§§§§
    ----------------------------------
    [X] Registre

    -------------- [ ] rapide
    -- Fichier --- [ ] disque systeme
    ------------- [X] complete

    ********************
    [Registre]
    ********************

    Aucune entrée détectée

    *******************
    [Fichier]
    *******************

    *********************
    [Même date]
    *********************

    Aucun fichier créé à la même date détecté

    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§
    ----------------------------------
    0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    je sens que ce fichier va nous ennuyer un max.

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\Windows\WWWInsHost.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

    Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
    et télécharge SmitfraudFix.exe.

    Regarde le tuto
    Exécute le en choisissant l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.
    0
  17. Meneha
     
    Il y a un petit problème... Je n'ai visiblement pas ce fichier ! Il n'est pas à l'emplacement indiqué. j'ai fait une recherche, aucun résultat...
    0
  18. Meneha
     
    J'ai en revanche InsHost.exe. Je te transmets le rapport à tout hasard :

    0 bytes size received / Se ha recibido un archivo vacio.

    Voilà le rapport :

    SmitFraudFix v2.322

    Scan done at 19:06:20,13, 24/05/2008
    Run from D:\Elodie\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\System32\ZoneLabs\vsmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\cmd.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Elodie

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Elodie\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Elodie\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="eNetHook.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{068FE806-8D6D-4806-BB2B-2CBA5BD83982}: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  19. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    Copie ou imprime les instructions avant

    Déconnecte toi d'internet et ferme toutes tes applications.

    Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Folder::
    C:\Users\Elodie\AppData\Roaming\RegistrySmart

    File::
    c:\windows\system32\adssite_sidebar.dll
    c:\windows\system32\activetoolband.dll
    c:\windows\system32\nswb752.dll
    C:\Windows\Tasks\RegistrySmart Scheduled Scan.job
    C:\Program Files\RegistrySmart\RegistrySmart.ex
    C:\Program Files\RegistrySmart.Elodie.Runs RegistrySmart to optimize your registry.
    C:\Windows\WWWInsHost.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A568E-4201-478a-8536-526CF371D2E2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DSS"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

    Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Réactive ton parefeu, ton antivirus, la garde de ton antispyware

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

    @+
    N'acceptez jamais une désinfection par mp.
    0
  20. Meneha
     
    ComboFix 08-05-21.3 - Elodie 2008-05-25 12:11:00.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1183 [GMT 2:00]
    Endroit: D:\Elodie\Desktop\ComboFix.exe
    Command switches used :: D:\Elodie\Desktop\CFscript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Program Files\RegistrySmart.Elodie.Runs RegistrySmart to optimize your registry.
    C:\Program Files\RegistrySmart\RegistrySmart.ex
    c:\windows\system32\activetoolband.dll
    c:\windows\system32\adssite_sidebar.dll
    c:\windows\system32\nswb752.dll
    C:\Windows\Tasks\RegistrySmart Scheduled Scan.job
    C:\Windows\WWWInsHost.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\Elodie\AppData\Roaming\RegistrySmart
    C:\Users\Elodie\AppData\Roaming\RegistrySmart\Log\2008 May 24 - 10_37_19 AM_667.log
    c:\windows\system32\activetoolband.dll
    C:\Windows\Tasks\RegistrySmart Scheduled Scan.job

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-24 19:06 . 2008-05-24 19:06 4,164 --a------ C:\Windows\System32\tmp.reg
    2008-05-24 11:35 . 2008-05-24 11:36 <REP> d-------- C:\Users\Elodie\AppData\Roaming\Wormux
    2008-05-24 11:06 . 2008-05-24 11:06 <REP> d-------- C:\Program Files\Wormux
    2008-05-23 20:14 . 2008-05-23 20:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-23 13:48 . 2008-05-23 13:48 <REP> d-------- C:\Windows\System32\Kaspersky Lab
    2008-05-21 12:43 . 2008-05-21 12:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-05-19 16:53 . 2008-05-20 18:53 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-05-19 16:19 . 2008-05-19 16:19 <REP> d-------- C:\PerfLogs
    2008-05-19 15:19 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
    2008-05-19 15:18 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-05-19 15:17 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
    2008-05-19 15:16 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-19 15:15 . 2008-05-19 15:15 <REP> d-------- C:\PacMan
    2008-05-19 15:15 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-05-19 15:15 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
    2008-05-19 15:15 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
    2008-05-19 15:15 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-05-19 15:14 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-05-19 15:14 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-05-19 15:14 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-05-19 15:13 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-05-19 15:13 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-05-19 15:12 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-05-19 15:12 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-05-19 15:12 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-05-19 15:12 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-05-19 15:12 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
    2008-05-19 14:55 . 2008-05-19 14:55 <REP> d-------- C:\Program Files\Tetris
    2008-05-19 14:53 . 1997-07-19 16:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
    2008-05-14 23:10 . 2008-05-14 23:10 <REP> d-------- C:\Images
    2008-05-14 23:09 . 2008-05-14 23:10 <REP> d-------- C:\ExpressionWeb
    2008-04-26 17:18 . 2008-04-26 17:18 <REP> d-------- C:\Program Files\Konami
    2008-04-26 17:11 . 2008-04-26 17:17 <REP> d-------- C:\Casino Inc
    2008-04-26 15:36 . 2008-05-21 13:23 <REP> d-------- C:\Program Files\MagicISO

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-25 09:42 351,783 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-05-23 18:24 --------- d-----w C:\Program Files\AxBx
    2008-05-23 18:10 --------- d-----w C:\ProgramData\Symantec
    2008-05-23 18:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-23 18:08 --------- d-----w C:\Program Files\Symantec
    2008-05-23 18:08 --------- d-----w C:\Program Files\Norton 360
    2008-05-22 21:42 3,068,416 ----a-w C:\Windows\Internet Logs\xDB2B92.tmp
    2008-05-22 20:57 3,067,904 ----a-w C:\Windows\Internet Logs\xDB695C.tmp
    2008-05-22 18:01 --------- d-----w C:\Users\Elodie\AppData\Roaming\OpenOffice.org2
    2008-05-21 12:44 3,423,983 ----a-w C:\Windows\Internet Logs\tvDebug.zip
    2008-05-21 11:26 --------- d-----w C:\Program Files\Acer GameZone
    2008-05-21 11:21 --------- d-----w C:\Program Files\EA GAMES
    2008-05-19 14:37 174 --sha-w C:\Program Files\desktop.ini
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Mail
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Journal
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Defender
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Collaboration
    2008-05-19 14:23 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-19 13:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-05-19 13:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-05-17 19:27 --------- d-----w C:\Users\Elodie\AppData\Roaming\BitTorrent
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-14 20:59 2,780,672 ----a-w C:\Windows\Internet Logs\xDBF94C.tmp
    2008-05-14 20:56 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 20:47 --------- d-----w C:\Program Files\MSBuild
    2008-05-07 11:48 --------- d-----w C:\Program Files\DivX
    2008-05-03 18:36 2,668,032 ----a-w C:\Windows\Internet Logs\xDB6DFE.tmp
    2008-04-28 15:11 146,432 ----a-w C:\Windows\Internet Logs\xDB3745.tmp
    2008-04-28 15:10 2,639,872 ----a-w C:\Windows\Internet Logs\xDB4421.tmp
    2008-04-26 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-25 20:14 221,696 ----a-w C:\Windows\Internet Logs\xDB4C89.tmp
    2008-04-25 18:27 --------- d-----w C:\Program Files\Java
    2008-04-22 17:28 1,642,496 ----a-w C:\Windows\Internet Logs\xDB3E18.tmp
    2008-04-20 10:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\LimeWire
    2008-04-13 17:12 --------- d-----w C:\Users\Elodie\AppData\Roaming\Symantec
    2008-04-10 21:47 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-04-10 21:47 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-04-10 21:47 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-04-10 21:47 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-04-10 21:47 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-04-10 21:47 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-04-10 21:47 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-04-10 21:47 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-04-10 21:47 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-04-10 21:47 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-04-10 21:45 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-04-10 21:45 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-04-10 21:39 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-04-05 17:47 --------- d-----w C:\Program Files\Lionhead Studios Ltd
    2008-04-05 14:21 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-02 09:23 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 1
    2008-04-01 17:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-03-31 20:36 704,512 ----a-w C:\Windows\Internet Logs\xDB3EF2.tmp
    2008-03-31 14:50 --------- d-----w C:\Program Files\Windows Live
    2008-03-31 12:37 --------- d-----w C:\Program Files\Common Files\BitDefender
    2008-03-31 12:36 --------- d-----w C:\Program Files\BitDefender
    2008-03-31 11:45 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
    2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2008-03-03 13:05 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
    2008-03-03 13:05 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot_2008-05-24_15.17.09,91 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-24 13:04:00 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-25 09:41:40 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-24 11:09:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-25 09:41:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-05-24 11:09:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-05-25 09:41:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-05-24 11:10:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-25 09:43:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-25 09:43:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-05-24 11:10:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-25 09:43:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-25 09:43:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-05-24 11:14:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-25 09:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-24 11:14:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-25 09:47:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-24 11:14:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-25 09:47:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-24 13:12:01 102,094 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-05-25 09:46:49 102,094 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-05-24 13:12:01 124,400 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-05-25 09:46:49 124,400 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-05-24 13:12:01 590,082 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-05-25 09:46:49 590,082 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-05-24 13:12:01 672,482 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-05-25 09:46:49 672,482 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-05-24 11:11:13 14,590 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3602491064-3196357041-2211815272-1000_UserData.bin
    + 2008-05-25 09:44:01 14,606 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3602491064-3196357041-2211815272-1000_UserData.bin
    - 2008-05-24 11:11:13 81,792 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-25 09:44:01 81,942 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-24 11:11:12 62,718 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-25 09:44:00 62,766 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-05-24 13:04:01 222,162 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-05-24 17:57:37 225,864 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-28 22:27 171448]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
    "ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 11:36 1286144]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 18:42 457728]
    "Acer Tour"="" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:02 678672]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 11:16 206952]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 19:39 151552]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 14:57 159744]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=eNetHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F4F6F825-4E89-486A-8B95-3192340F817A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{28276C90-044D-4DD6-8E4D-FC3B032F02B6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
    "{3B2A64A9-C232-4765-AE81-D5C8F5CE7259}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
    "{0F36CD92-4215-41E1-8427-8FDC82BC297D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
    "{E3AD86A2-0361-4E7B-9E46-FCC6BCEB485D}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
    "{7C578073-BC94-4EDE-A924-FECE6BBAD0E5}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
    "{39C06FEE-5F60-49E4-B8C0-F352F179BFFD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
    "{3642B44C-4B38-4D7A-9CDA-5D2585D3B1D4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{EE3AD914-083E-4A42-9965-B5A6506B50CD}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{55F9393F-D67E-4615-8A3A-356EC0EC5578}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 18:43]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-12 18:43]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 18:43]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 15:24]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 18:43]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 20:36]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 15:05]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 23:15]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-04 16:19]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-04-10 05:17]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-09-23 14:10]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-24 17:16:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-25 12:12:46
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-25 12:13:34
    ComboFix-quarantined-files.txt 2008-05-25 10:13:27
    ComboFix2.txt 2008-05-24 13:17:43
    ComboFix3.txt 2008-05-24 11:04:51

    Pre-Run: 33,827,565,568 octets libres
    Post-Run: 33,681,281,024 octets libres

    299 --- E O F --- 2008-05-23 08:20:56
    0
  21. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    le rapport hijackthis qui va avec, merci.
    0
  • 1
  • 2
  • 3