Besoin d'aide SVP win32:vundo.dll

Résolu
amandaaa Messages postés 14 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
je suis infecté par vundo.dll, j'ai déjà tenté d'utiliser vundofix mais il ne trouve rien...
je suis sous vista et j'utiise avast et spybot.
Pouvez vous m'aider s'il vous plait, je ne sais vraiment pas quoi faire

voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:05, on 27/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe
C:\Users\TREX\Desktop\eden.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\TREX\Desktop\even.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AbsoluteTransfer module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\TREX\AppData\Local\Temp\urqQhHAT.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\TREX\AppData\Local\Temp\xxywWmnL.dll,c
O4 - HKCU\..\Run: [BM47bf75e3] Rundll32.exe "C:\Users\TREX\AppData\Local\Temp\gegnrgpi.dll",s
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2136072797-1602712831-2798085456-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Amandine')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

24 réponses

  • 1
  • 2
Réponse 1 / 24
Utilisateur anonyme
 
salut :


Telecharge malwarebytes

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
amandaaa Messages postés 14 Statut Membre
 
Bonjour,

merci de m'aider.
j'ai fait ce que tu m'as demandé
voici le rapport:

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 789

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 185192
Temps écoulé: 31 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM47bf75e3 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\TREX\AppData\Local\Temp\iifccccB.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\cbXQhICt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\geBtTKDv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 2 / 24
Utilisateur anonyme
 
de rien

redémarre le pc si ça n a pas été fais

puis réouvre malewarebyte
va sur quarantaine et supprime tout

Télécharge clean.zip, de Malekal
http://www.malekal.com/download/clean.zip

comment l'utiliser
Tuto
http://mickael.barroux.free.fr/securite/clean.php

(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd

une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

(3) Choisis l'option 1 puis patiente
Poste le rapport obtenu


pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt.
et copie/colle le sur ta prochaine réponse .

Ne passe pas à l'option 2 sans notre avis !
0
amandaaa Messages postés 14 Statut Membre
 
quand je lance l'option1 je vois accès refusé plusieurs fois et une fenêtre "run-time error 75 Path/File access error" s'affiche...
0
Réponse 3 / 24
Utilisateur anonyme
 
ok refais un scan hijackthis et poste le rapport stp (clean supporte mal vista en effet)
0
Réponse 4 / 24
amandaaa Messages postés 14 Statut Membre
 
rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:27, on 28/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\TREX\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
Utilisateur anonyme
 
y a cette ligne :

O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun

désinstal : WinSpywareProtect

va dans pannea de configuration
affichage classique
programmes et fonctionnalité
désinstal le

ensuite :


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe


-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 6 / 24
amandaaa Messages postés 14 Statut Membre
 
petit souci avec winspyware protect, je ne l'ai jamais installé, et il ne figure pas dans ma liste des programmes du panneau de config, je ne peux donc pas le desinstaller.
Avant il se lançait toujours au démarrage, je croyait m'en être débarrassée avec cc cleaner
0
Réponse 7 / 24
Utilisateur anonyme
 
ok fais combofix stp
0
Réponse 8 / 24
amandaaa Messages postés 14 Statut Membre
 
ComboFix 08-05-27.4 - TREX 2008-05-28 11:55:43.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1182 [GMT 2:00]
Endroit: C:\Users\TREX\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\p4p
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 15:57 . 2008-05-27 15:57 <REP> d-------- C:\Users\TREX\AppData\Roaming\Malwarebytes
2008-05-27 15:57 . 2008-05-27 15:57 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-27 15:57 . 2008-05-27 15:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 15:57 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-27 15:57 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-26 13:11 . 2008-05-26 13:11 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-25 18:43 . 2008-05-25 18:43 <REP> d-------- C:\Program Files\Weight Watchers
2008-05-25 15:26 . 2008-05-25 15:26 <REP> d-------- C:\Program Files\Weight Watchers FlexiPoints
2008-05-25 15:23 . 2008-05-25 15:23 <REP> d-------- C:\Users\Amandine.PC-de-TREX\Zero G Registry
2008-05-25 15:23 . 2008-05-25 15:26 <REP> d--h----- C:\Program Files\Zero G Registry
2008-05-23 15:22 . 2008-05-23 15:22 <REP> d-------- C:\VundoFix Backups
2008-05-23 12:27 . 2008-05-23 15:32 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-23 12:27 . 2008-05-23 12:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-23 10:06 . 2008-05-28 11:06 <REP> d-------- C:\Program Files\AbsoluteTransfer
2008-05-22 14:35 . 2008-05-22 14:35 <REP> d-------- C:\Program Files\Alwil Software
2008-05-22 14:35 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-05-21 11:41 . 2008-05-21 11:41 <REP> d-------- C:\Program Files\Navilog1
2008-05-19 21:12 . 2008-05-19 21:12 <REP> d-------- C:\WatchNow
2008-05-19 18:13 . 2008-05-19 18:13 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\Grisoft
2008-05-19 12:31 . 2008-05-19 12:31 <REP> d-------- C:\ProgramData\Grisoft
2008-05-19 12:24 . 2008-05-19 12:24 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-19 12:10 . 2008-05-19 12:10 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 11:38 . 2008-05-16 11:38 249,856 --------- C:\Windows\Setup1.exe
2008-05-16 11:38 . 2008-05-16 11:38 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-05-16 11:35 . 2008-05-16 11:35 <REP> d-------- C:\Program Files\MagicISO
2008-05-16 11:16 . 2008-05-16 11:16 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\DAEMON Tools
2008-05-16 10:05 . 2008-05-16 10:05 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-15 11:08 . 2008-05-15 11:08 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-05-15 11:07 . 2008-05-15 11:07 <REP> d-------- C:\Users\TREX\AppData\Roaming\DAEMON Tools
2008-05-14 17:33 . 2008-05-14 17:33 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\vlc
2008-05-14 17:28 . 2008-05-14 17:28 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\DivX
2008-05-13 19:17 . 2008-05-13 19:18 <REP> d-------- C:\Program Files\Java
2008-05-13 19:16 . 2008-05-13 19:16 <REP> d-------- C:\Program Files\Common Files\Java
2008-05-11 17:48 . 2008-05-27 16:59 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\uTorrent
2008-05-11 16:18 . 2008-05-11 16:27 <REP> d-------- C:\Program Files\Windows Live
2008-05-11 16:18 . 2008-05-11 16:23 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 16:17 . 2008-05-11 16:17 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-11 16:15 . 2008-05-11 16:15 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\ATI
2008-05-11 16:14 . 2008-05-11 16:14 <REP> d-------- C:\Users\Amandine.PC-de-TREX\P4P
2008-05-11 16:14 . 2008-05-11 16:14 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\Infineon
2008-05-11 16:13 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Searches
2008-05-11 16:13 . 2008-05-25 04:16 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Contacts
2008-05-11 16:12 . 2008-05-19 21:12 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Videos
2008-05-11 16:12 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Saved Games
2008-05-11 16:12 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Pictures
2008-05-11 16:12 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Music
2008-05-11 16:12 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Links
2008-05-11 16:12 . 2008-05-26 22:22 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Downloads
2008-05-11 16:12 . 2008-05-11 16:41 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Documents
2008-05-11 16:12 . 2006-11-02 14:37 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\Media Center Programs
2008-05-11 16:12 . 2008-05-11 16:13 <REP> d--h----- C:\Users\Amandine.PC-de-TREX\AppData
2008-05-11 16:12 . 2008-05-25 15:23 <REP> d-------- C:\Users\Amandine.PC-de-TREX
2008-05-09 21:41 . 2008-05-09 21:41 <REP> d-------- C:\Users\TREX\Zero G Registry
2008-05-09 21:39 . 2008-05-09 21:39 <REP> d-------- C:\Users\TREX\AppData\Roaming\Ahead
2008-05-09 21:39 . 2008-05-09 21:39 <REP> d-------- C:\ProgramData\LightScribe
2008-05-08 00:46 . 2008-05-08 00:46 <REP> d-------- C:\Users\TREX\AppData\Roaming\vlc
2008-05-08 00:46 . 2008-05-08 00:46 <REP> d-------- C:\Program Files\VideoLAN
2008-05-06 19:55 . 2008-05-06 19:55 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-05-06 19:54 . 2008-05-06 19:54 <REP> d-------- C:\Program Files\Real
2008-05-06 19:54 . 2008-05-06 19:54 <REP> d-------- C:\Program Files\Common Files\Real
2008-05-06 19:41 . 2008-05-06 19:41 <REP> d-------- C:\Users\TREX\AppData\Roaming\DivX
2008-05-05 20:01 . 2008-05-19 11:27 <REP> d-------- C:\Users\TREX\AppData\Roaming\uTorrent
2008-05-05 20:01 . 2008-05-11 17:58 <REP> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 14:56 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-05-23 08:14 --------- d-----w C:\ProgramData\Symantec
2008-05-23 08:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 01:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-02 14:38 --------- d-----w C:\Users\TREX\AppData\Roaming\Classes de site
2008-04-28 13:17 --------- d-----w C:\ProgramData\FLEXnet
2008-04-21 18:57 --------- d-----w C:\Users\TREX\AppData\Roaming\Anvil Studio
2008-04-21 12:34 --------- d-----w C:\Users\TREX\AppData\Roaming\Sites
2008-04-21 12:32 --------- d-----w C:\Users\TREX\AppData\Roaming\Dynamique
2008-04-21 12:32 --------- d-----w C:\Program Files\Visicom Media
2008-04-21 12:00 --------- d-----w C:\Users\TREX\AppData\Roaming\SmartFTP
2008-04-21 11:59 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-21 11:59 --------- d-----w C:\Program Files\SmartFTP Client
2008-04-16 12:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-13 09:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 21:46 --------- d-----w C:\Program Files\Veoh Networks
2008-04-11 23:01 --------- d-----w C:\Program Files\DivX
2008-04-11 23:01 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-04 12:02 --------- d-----w C:\Users\TREX\AppData\Roaming\Apple Computer
2008-04-04 12:02 --------- d-----w C:\ProgramData\Apple Computer
2008-04-04 12:02 --------- d-----w C:\Program Files\iTunes
2008-04-04 12:02 --------- d-----w C:\Program Files\iPod
2008-04-04 12:00 --------- d-----w C:\Program Files\QuickTime
2008-04-04 12:00 --------- d-----w C:\Program Files\Bonjour
2008-04-04 11:58 --------- d-----w C:\ProgramData\Apple
2008-04-04 11:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-03 09:21 --------- d-----w C:\ProgramData\ALM
2008-04-03 08:24 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-04-03 08:15 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-02 18:37 --------- d-----w C:\Users\Amandine\AppData\Roaming\Infineon
2008-04-02 18:37 --------- d-----w C:\Users\Amandine\AppData\Roaming\ATI
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-11 13:08 1,048,576 ---h--r C:\F7SR.BIN
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2007-11-30 13:40 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 03:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872]
"WinSpywareProtect (ver. 5.1)"="C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-02-21 20:55 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:05 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:44 1826816 C:\Windows\SkyTel.exe]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2007-02-26 05:29 677408]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-11-30 16:27 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-11-30 16:27 37232]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-06 19:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9A9FCA6-577C-4D3C-9970-C3B0F1C5740C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{16F379D8-9EBE-4D95-97FE-DA0ABA067C65}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9028902A-D64A-48F5-9AD1-DE12DFA71960}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{61244F5C-0B46-45D9-836E-41DA0EDA866F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{334B6942-E0BB-4CDF-B71D-7F90436AAAC8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3ED93E29-58B4-45D0-AA95-AE70B4CB7A59}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{960CEA30-9C15-4B14-9B10-10817B8FE965}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{06E9FA6A-7A43-4CD2-9379-AF71EB8EC37D}"= UDP:24001:torrent
"{D44D8ADF-17F4-4CAE-9465-3CAF8E18CFF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{95CABF26-9FDC-4582-86F9-C8D1F263AA3E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5A5900F8-14CB-48CA-A966-598A2BFB18EB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{1609E3A3-093E-4532-9259-64C42D08B94F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{DBEC6C3F-9F78-4628-86D5-AEA597DC3AED}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 14:07]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 09:28]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 04:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-27 10:12:12 C:\Windows\Tasks\User_Feed_Synchronization-{5020675F-98F3-40EC-9DBF-0FFBCEA85667}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-28 10:10:00 C:\Windows\Tasks\User_Feed_Synchronization-{AD1415A7-6F68-48FE-8997-4EBCBEB071CA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 12:10:33
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


C:\ADSM_PData_0150

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
Temps d'accomplissement: 2008-05-28 12:12:00
ComboFix-quarantined-files.txt 2008-05-28 10:11:28

Pre-Run: 49,347,297,280 octets libres
Post-Run: 48,882,466,816 octets libres

244 --- E O F --- 2008-05-16 01:02:26
0
Réponse 9 / 24
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
C:\Windows\Setup1.exe
C:\Windows\ST6UNST.EXE
C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\system32\ifxspmgt.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe


Folder::
C:\F7SR.BIN
C:\VundoFix Backups
C:\ProgramData\Adsl Software Limited\WinSpywareProtect
C:\Program Files\Enigma Software Group\SpyHunter


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=-
"WinSpywareProtect (ver. 5.1)"=-
"SpybotSD TeaTimer"=-
"Sidebar"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]





Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 10 / 24
amandaaa Messages postés 14 Statut Membre
 
voici le rapport combofix

ComboFix 08-05-27.4 - TREX 2008-05-28 13:02:05.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1184 [GMT 2:00]
Endroit: C:\Users\TREX\Desktop\ComboFix.exe
Command switches used :: C:\Users\TREX\Desktop\CFScript.txt

FILE ::
C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
C:\Program Files\P4P\P4P.exe
C:\ProgramData\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Windows\Setup1.exe
C:\Windows\ST6UNST.EXE
C:\Windows\system32\ifxspmgt.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\F7SR.BIN\
C:\Program Files\Enigma Software Group\SpyHunter
C:\Program Files\Enigma Software Group\SpyHunter\def.dat.bak
C:\Program Files\Enigma Software Group\SpyHunter\scan.log
C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterInstance.lock
C:\Program Files\Enigma Software Group\SpyHunter\support.log
C:\VundoFix Backups
C:\Windows\Setup1.exe
C:\Windows\ST6UNST.EXE
C:\Windows\system32\ifxspmgt.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 15:57 . 2008-05-27 15:57 <REP> d-------- C:\Users\TREX\AppData\Roaming\Malwarebytes
2008-05-27 15:57 . 2008-05-27 15:57 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-27 15:57 . 2008-05-27 15:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 15:57 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-27 15:57 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-26 13:11 . 2008-05-26 13:11 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-25 18:43 . 2008-05-25 18:43 <REP> d-------- C:\Program Files\Weight Watchers
2008-05-25 15:26 . 2008-05-25 15:26 <REP> d-------- C:\Program Files\Weight Watchers FlexiPoints
2008-05-25 15:23 . 2008-05-25 15:23 <REP> d-------- C:\Users\Amandine.PC-de-TREX\Zero G Registry
2008-05-25 15:23 . 2008-05-25 15:26 <REP> d--h----- C:\Program Files\Zero G Registry
2008-05-23 12:27 . 2008-05-23 15:32 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-23 12:27 . 2008-05-23 12:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-23 10:06 . 2008-05-28 11:06 <REP> d-------- C:\Program Files\AbsoluteTransfer
2008-05-22 14:35 . 2008-05-22 14:35 <REP> d-------- C:\Program Files\Alwil Software
2008-05-22 14:35 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-05-21 11:41 . 2008-05-21 11:41 <REP> d-------- C:\Program Files\Navilog1
2008-05-19 21:12 . 2008-05-19 21:12 <REP> d-------- C:\WatchNow
2008-05-19 18:13 . 2008-05-19 18:13 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\Grisoft
2008-05-19 12:31 . 2008-05-19 12:31 <REP> d-------- C:\ProgramData\Grisoft
2008-05-19 12:24 . 2008-05-28 13:10 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-19 12:10 . 2008-05-19 12:10 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 11:35 . 2008-05-16 11:35 <REP> d-------- C:\Program Files\MagicISO
2008-05-16 11:16 . 2008-05-16 11:16 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\DAEMON Tools
2008-05-16 10:05 . 2008-05-16 10:05 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-15 11:08 . 2008-05-15 11:08 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-05-15 11:07 . 2008-05-15 11:07 <REP> d-------- C:\Users\TREX\AppData\Roaming\DAEMON Tools
2008-05-14 17:33 . 2008-05-14 17:33 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\vlc
2008-05-14 17:28 . 2008-05-14 17:28 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\DivX
2008-05-13 19:17 . 2008-05-13 19:18 <REP> d-------- C:\Program Files\Java
2008-05-13 19:16 . 2008-05-13 19:16 <REP> d-------- C:\Program Files\Common Files\Java
2008-05-11 17:48 . 2008-05-27 16:59 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\uTorrent
2008-05-11 16:18 . 2008-05-11 16:27 <REP> d-------- C:\Program Files\Windows Live
2008-05-11 16:18 . 2008-05-11 16:23 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 16:17 . 2008-05-11 16:17 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-11 16:15 . 2008-05-11 16:15 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\ATI
2008-05-11 16:14 . 2008-05-11 16:14 <REP> d-------- C:\Users\Amandine.PC-de-TREX\P4P
2008-05-11 16:14 . 2008-05-11 16:14 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\Infineon
2008-05-11 16:13 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Searches
2008-05-11 16:13 . 2008-05-25 04:16 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Contacts
2008-05-11 16:12 . 2008-05-19 21:12 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Videos
2008-05-11 16:12 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Saved Games
2008-05-11 16:12 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Pictures
2008-05-11 16:12 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Music
2008-05-11 16:12 . 2008-05-11 16:13 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Links
2008-05-11 16:12 . 2008-05-26 22:22 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Downloads
2008-05-11 16:12 . 2008-05-11 16:41 <REP> dr------- C:\Users\Amandine.PC-de-TREX\Documents
2008-05-11 16:12 . 2006-11-02 14:37 <REP> d-------- C:\Users\Amandine.PC-de-TREX\AppData\Roaming\Media Center Programs
2008-05-11 16:12 . 2008-05-11 16:13 <REP> d--h----- C:\Users\Amandine.PC-de-TREX\AppData
2008-05-11 16:12 . 2008-05-25 15:23 <REP> d-------- C:\Users\Amandine.PC-de-TREX
2008-05-09 21:41 . 2008-05-09 21:41 <REP> d-------- C:\Users\TREX\Zero G Registry
2008-05-09 21:39 . 2008-05-09 21:39 <REP> d-------- C:\Users\TREX\AppData\Roaming\Ahead
2008-05-09 21:39 . 2008-05-09 21:39 <REP> d-------- C:\ProgramData\LightScribe
2008-05-08 00:46 . 2008-05-08 00:46 <REP> d-------- C:\Users\TREX\AppData\Roaming\vlc
2008-05-08 00:46 . 2008-05-08 00:46 <REP> d-------- C:\Program Files\VideoLAN
2008-05-06 19:55 . 2008-05-06 19:55 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-05-06 19:54 . 2008-05-06 19:54 <REP> d-------- C:\Program Files\Real
2008-05-06 19:54 . 2008-05-06 19:54 <REP> d-------- C:\Program Files\Common Files\Real
2008-05-06 19:41 . 2008-05-06 19:41 <REP> d-------- C:\Users\TREX\AppData\Roaming\DivX
2008-05-05 20:01 . 2008-05-19 11:27 <REP> d-------- C:\Users\TREX\AppData\Roaming\uTorrent
2008-05-05 20:01 . 2008-05-11 17:58 <REP> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 14:56 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-05-23 08:14 --------- d-----w C:\ProgramData\Symantec
2008-05-23 08:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 01:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-02 14:38 --------- d-----w C:\Users\TREX\AppData\Roaming\Classes de site
2008-04-28 13:17 --------- d-----w C:\ProgramData\FLEXnet
2008-04-21 18:57 --------- d-----w C:\Users\TREX\AppData\Roaming\Anvil Studio
2008-04-21 12:34 --------- d-----w C:\Users\TREX\AppData\Roaming\Sites
2008-04-21 12:32 --------- d-----w C:\Users\TREX\AppData\Roaming\Dynamique
2008-04-21 12:32 --------- d-----w C:\Program Files\Visicom Media
2008-04-21 12:00 --------- d-----w C:\Users\TREX\AppData\Roaming\SmartFTP
2008-04-21 11:59 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-21 11:59 --------- d-----w C:\Program Files\SmartFTP Client
2008-04-16 12:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-13 09:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 21:46 --------- d-----w C:\Program Files\Veoh Networks
2008-04-11 23:01 --------- d-----w C:\Program Files\DivX
2008-04-11 23:01 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-04 12:02 --------- d-----w C:\Users\TREX\AppData\Roaming\Apple Computer
2008-04-04 12:02 --------- d-----w C:\ProgramData\Apple Computer
2008-04-04 12:02 --------- d-----w C:\Program Files\iTunes
2008-04-04 12:02 --------- d-----w C:\Program Files\iPod
2008-04-04 12:00 --------- d-----w C:\Program Files\QuickTime
2008-04-04 12:00 --------- d-----w C:\Program Files\Bonjour
2008-04-04 11:58 --------- d-----w C:\ProgramData\Apple
2008-04-04 11:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-03 09:21 --------- d-----w C:\ProgramData\ALM
2008-04-03 08:24 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-04-03 08:15 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-02 18:37 --------- d-----w C:\Users\Amandine\AppData\Roaming\Infineon
2008-04-02 18:37 --------- d-----w C:\Users\Amandine\AppData\Roaming\ATI
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-11 13:08 1,048,576 ---h--r C:\F7SR.BIN
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2007-11-30 13:40 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-28_12.11.18,78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 09:10:23 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-28 10:18:59 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-28 09:10:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-28 10:19:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-28 09:10:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-28 10:19:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-28 09:11:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-28 10:21:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-28 10:21:08 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-28 09:11:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-28 10:21:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-28 10:21:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-28 09:10:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-28 10:21:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-28 09:10:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-28 10:21:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-28 09:10:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-28 10:21:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-28 09:12:33 6,870 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2136072797-1602712831-2798085456-1000_UserData.bin
+ 2008-05-28 10:21:29 6,902 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2136072797-1602712831-2798085456-1000_UserData.bin
- 2008-05-28 09:12:33 78,862 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-28 10:21:29 78,916 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 03:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:05 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:44 1826816 C:\Windows\SkyTel.exe]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [ ]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-11-30 16:27 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-11-30 16:27 37232]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-06 19:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9A9FCA6-577C-4D3C-9970-C3B0F1C5740C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{16F379D8-9EBE-4D95-97FE-DA0ABA067C65}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9028902A-D64A-48F5-9AD1-DE12DFA71960}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{61244F5C-0B46-45D9-836E-41DA0EDA866F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{334B6942-E0BB-4CDF-B71D-7F90436AAAC8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3ED93E29-58B4-45D0-AA95-AE70B4CB7A59}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{960CEA30-9C15-4B14-9B10-10817B8FE965}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{06E9FA6A-7A43-4CD2-9379-AF71EB8EC37D}"= UDP:24001:torrent
"{D44D8ADF-17F4-4CAE-9465-3CAF8E18CFF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{95CABF26-9FDC-4582-86F9-C8D1F263AA3E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5A5900F8-14CB-48CA-A966-598A2BFB18EB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{1609E3A3-093E-4532-9259-64C42D08B94F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{DBEC6C3F-9F78-4628-86D5-AEA597DC3AED}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 14:07]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 09:28]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 04:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-28 10:43:05 C:\Windows\Tasks\User_Feed_Synchronization-{5020675F-98F3-40EC-9DBF-0FFBCEA85667}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-28 11:20:00 C:\Windows\Tasks\User_Feed_Synchronization-{AD1415A7-6F68-48FE-8997-4EBCBEB071CA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 13:19:33
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


C:\ADSM_PData_0150

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
Temps d'accomplissement: 2008-05-28 13:20:37
ComboFix-quarantined-files.txt 2008-05-28 11:20:33
ComboFix2.txt 2008-05-28 10:12:01

Pre-Run: 48,732,098,560 octets libres
Post-Run: 48,761,778,176 octets libres

276 --- E O F --- 2008-05-16 01:02:26
0
Réponse 11 / 24
amandaaa Messages postés 14 Statut Membre
 
et hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:29, on 28/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\CF7635.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\ComboFix\handle.cfexe
C:\ComboFix\sed.cfexe
C:\Windows\Explorer.exe
C:\Users\TREX\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Unknown owner - C:\Windows\system32\ifxspmgt.exe (file missing)
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
0
Réponse 12 / 24
Utilisateur anonyme
 
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.


C:\ComboFix\handle.cfexe
C:\ComboFix\sed.cfexe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 13 / 24
amandaaa Messages postés 14 Statut Membre
 
File/Folder C:\ComboFix\handle.cfexe not found.
File/Folder C:\ComboFix\sed.cfexe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_133217
0
Réponse 14 / 24
Utilisateur anonyme
 
va dans ordinateur
entre dans le disque C

Entre dans C:\ComboFix

supprime : handle.cfexe

et : sed.cfexe

dis moi ce que ça donne
0
Réponse 15 / 24
amandaaa Messages postés 14 Statut Membre
 
je n'ai qu'un fichier texte qui s'appelle combofix dans c:
pas de dossier combofix... et encore moins de handle.cfexe et : sed.cfexe
0
Réponse 16 / 24
Utilisateur anonyme
 
OK On va faire un truc :


Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
0
Réponse 17 / 24
amandaaa Messages postés 14 Statut Membre
 
pas de TCleaner.txt dans c: mais voila ce que j'ai eu dans la liste


-->- Recherche:

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\TREX\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\TREX\Desktop\OtMoveIt2.exe: trouvé !
C:\Users\TREX\Desktop\ComboFix.exe: trouvé !
C:\Users\TREX\Desktop\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Navilog1\Navilog1.bat: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: ERREUR DE SUPPRESSION !!
C:\Users\TREX\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Users\TREX\Desktop\OtMoveIt2.exe: supprimé !
C:\Users\TREX\Desktop\ComboFix.exe: supprimé !
C:\Users\TREX\Desktop\HijackThis.exe: supprimé !
C:\Qoobox: ERREUR DE SUPPRESSION !!
C:\_OtMoveIt: supprimé !
C:\Program Files\Navilog1: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: ERREUR DE SUPPRESSION !!
0
Réponse 18 / 24
Utilisateur anonyme
 
va dans panneau de configuration
affichage classique
programmes et fonctionnalité

désinstal navilog

ensuite faut que je verifie un truc

retelcharge hijackthis et refais un scan et poste moi le rapport stp


Télécharge HijackThis ici :

-> https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
0
Réponse 19 / 24
amandaaa Messages postés 14 Statut Membre
 
c'est bon j'ai désinstallé navilog
voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:40, on 28/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\TREX\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Unknown owner - C:\Windows\system32\ifxspmgt.exe (file missing)
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
0
Réponse 20 / 24
Utilisateur anonyme
 
ok c est propre :


regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5


Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility


tu n as pas de parefeu :


pare-feu gratuits


télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/
désactivé les parties filtrage web et antivirus de ZA ! C'est important

ou

télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/
SITE de Kerio
https://kerio.probb.fr/

ou

ComodoFirewallPro 2.4 téléchargement
http://www.personalfirewall.comodo.com/
Tuto pour la 2.4
https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
Tuto pour la 2.4
http://www.nordicnature.net/tutorials/comodo/cf24wiz.htm
Attention la 3.0 est en anglais uniquement et est plus difficile a paramétrer
Tuto pour la 3.0
https://infomars.fr/forum/index.php?showtopic=1225


ensuite fais ça :

Démarrer > executer > ' services.msc ' ,

- Clic droit sur le service cité - Security Platform Management Service
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html



ensuite :



telecharge Ccleaner :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

instal le sans la barre yahoo

fais lancer le nettoyage

repete l opération jusqu a ce qu il trouve rien

ensuite fais registre

fais chercher les erreures

ensuite fais corriger les erreures

repete l opération jusqu a ce qu il trouve rien


ensuite refais un scan hijackthis et poste le rapport pour verif
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses