Rapports combo fix+hijack avant et apres
totobetourne
Messages postés
5677
Statut
Membre
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
ayant eu des doutes me voila avec mes rapports.
ComboFix 08-05-28.1 - toto 2008-05-28 23:28:59.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.987 [GMT 2:00]
Endroit: C:\Users\toto\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DRV\Tuner\Yuan\Resources\_desktop.ini
C:\Windows\system32\ACER.exe
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 18:22 . 2008-05-28 18:22 <REP> d-------- C:\Users\toto\AppData\Roaming\Avira
2008-05-28 17:32 . 2008-05-28 17:32 <REP> d-------- C:\Program Files\Avira
2008-05-28 17:32 . 2007-08-28 13:10 69,672 --a------ C:\Windows\System32\avsda.dll.tmp
2008-05-28 17:03 . 2008-05-28 17:03 <REP> d-------- C:\Program Files\VS Revo Group
2008-05-28 11:16 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 11:16 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 01:27 . 2008-05-26 01:27 <REP> d-------- C:\Users\Public\CyberLink
2008-05-25 19:05 . 2007-05-22 05:41 184,320 --a------ C:\Windows\System32\igfxres.dll
2008-05-24 00:08 . 2008-05-24 00:08 <REP> d-------- C:\Users\toto\AppData\Roaming\Avanquest
2008-05-24 00:08 . 2008-05-24 00:08 <REP> d-------- C:\Users\All Users\Avanquest
2008-05-24 00:08 . 2008-05-24 00:08 <REP> d-------- C:\ProgramData\Avanquest
2008-05-23 21:42 . 2008-05-23 21:42 <REP> d-------- C:\Users\All Users\BVRP Software
2008-05-23 21:42 . 2008-05-23 21:42 <REP> d-------- C:\ProgramData\BVRP Software
2008-05-23 21:41 . 2008-05-23 21:41 <REP> dr-hs---- C:\_Backup.RC
2008-05-23 21:40 . 2008-05-23 21:40 <REP> d-------- C:\Users\toto\AppData\Roaming\VCOM
2008-05-23 21:40 . 2008-05-23 21:40 <REP> d-------- C:\Users\All Users\VCOM
2008-05-23 21:40 . 2008-05-23 21:40 <REP> d-------- C:\ProgramData\VCOM
2008-05-23 21:40 . 2008-05-23 21:40 <REP> d-------- C:\Program Files\VCOM
2008-05-23 21:40 . 2008-05-24 07:51 <REP> d--h----- C:\_Backup
2008-05-23 21:39 . 2008-05-23 21:39 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 19:33 . 2008-05-23 19:33 <REP> d-------- C:\Program Files\VistaCodecPack
2008-05-23 19:31 . 2008-05-23 19:31 <REP> d-------- C:\Users\All Users\VistaCodecs
2008-05-23 19:31 . 2008-05-23 19:31 <REP> d-------- C:\ProgramData\VistaCodecs
2008-05-23 17:26 . 2008-05-28 23:30 <REP> d-------- C:\Users\toto\AppData\Roaming\uTorrent
2008-05-20 17:12 . 2008-05-23 17:27 <REP> d-------- C:\Program Files\uTorrent
2008-05-20 16:36 . 2008-05-20 16:36 <REP> d-------- C:\Users\All Users\Azureus
2008-05-20 16:36 . 2008-05-20 16:36 <REP> d-------- C:\ProgramData\Azureus
2008-05-20 16:09 . 2008-05-20 16:37 <REP> d-------- C:\Users\toto\AppData\Roaming\Azureus
2008-05-10 11:59 . 2008-05-10 11:59 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-09 18:45 . 2008-05-28 17:32 <REP> d-------- C:\Users\All Users\Avira
2008-05-09 18:45 . 2008-05-28 17:32 <REP> d-------- C:\ProgramData\Avira
2008-05-09 18:06 . 2008-05-09 18:06 <REP> d-------- C:\Users\toto\AppData\Roaming\Comodo
2008-05-09 18:06 . 2008-05-09 18:18 <REP> d-------- C:\Users\All Users\comodo
2008-05-09 18:06 . 2008-05-09 18:18 <REP> d-------- C:\ProgramData\comodo
2008-05-09 18:06 . 2008-05-09 18:06 <REP> d-------- C:\Program Files\COMODO
2008-05-09 18:06 . 2008-05-25 22:45 143,104 --a------ C:\Windows\System32\guard32.dll
2008-05-09 18:06 . 2008-05-25 22:45 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-05-09 18:06 . 2008-05-25 22:45 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-05-06 14:39 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-06 14:39 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-04-28 23:15 . 2008-04-28 23:15 <REP> d-------- C:\Users\All Users\Grisoft
2008-04-28 23:15 . 2008-04-28 23:15 <REP> d-------- C:\ProgramData\Grisoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 22:33 --------- d---a-w C:\ProgramData\TEMP
2008-05-26 22:33 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-25 23:28 --------- d-----w C:\ProgramData\CyberLink
2008-05-25 23:27 --------- d-----w C:\Users\toto\AppData\Roaming\CyberLink
2008-05-09 15:40 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-06 12:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 13:14 3,270 ----a-w C:\Windows\System32\tmp.reg
2008-04-21 14:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 10:47 --------- d-----w C:\Users\toto\AppData\Roaming\Malwarebytes
2008-04-18 10:47 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-18 10:45 --------- d-----w C:\ProgramData\Lavasoft
2008-04-16 16:29 --------- d-----w C:\Program Files\Java
2008-04-16 16:23 --------- d-----w C:\Program Files\Common Files\Java
2008-04-15 23:18 174 --sha-w C:\Program Files\desktop.ini
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Journal
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Defender
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Calendar
2008-04-15 22:53 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-15 22:53 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-14 17:28 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-04-12 11:49 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-04-12 05:41 180,224 ----a-w C:\Windows\System32\xvidvfw.dll
2008-04-12 05:30 765,952 ----a-w C:\Windows\System32\xvidcore.dll
2008-04-11 09:19 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-10 15:25 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-10 15:25 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-10 15:25 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-10 15:25 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 15:25 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-10 15:25 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 15:25 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 15:25 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 15:25 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 15:25 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 15:24 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 15:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 15:16 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-10 15:12 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-10 14:57 --------- d-----w C:\Program Files\7-Zip
2008-04-10 14:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 14:49 --------- d-----w C:\Program Files\Lavasoft
2008-04-10 14:47 --------- d-----w C:\Program Files\CCleaner
2008-04-10 14:44 --------- d-----w C:\Program Files\Trend Micro
2008-04-10 14:43 --------- d-----w C:\Program Files\illiminable
2008-04-10 14:18 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-04-10 14:12 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-10 13:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-10 13:47 --------- d-----w C:\Program Files\Acer Inc
2008-04-10 13:40 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-04-10 13:40 --------- d-----w C:\Program Files\Apoint2K
2008-04-10 13:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 13:37 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2008-04-10 13:35 --------- d-----w C:\Program Files\Launch Manager
2008-04-10 13:32 1,550 ----a-w C:\Windows\CLEANUP.CMD
2008-04-10 13:32 --------- d-----w C:\Users\toto\AppData\Roaming\InstallShield
2008-04-10 13:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 13:28 --------- d-sh--w C:\ProgramData\Modèles
2008-04-10 13:28 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-04-10 13:28 --------- d-sh--w C:\ProgramData\Favoris
2008-04-10 13:28 --------- d-sh--w C:\ProgramData\Bureau
2008-04-10 13:28 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-10 13:23 --------- d-----w C:\Program Files\ACER Crystal Eye webcam
2008-04-10 13:22 --------- d-----w C:\Program Files\Intel
2008-04-10 13:22 --------- d-----w C:\Program Files\Common Files\snp2uvc
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-06 16:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-25 04:31 142104]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-25 04:31 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-25 04:31 138008]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-23 09:13 1575680]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-05-28 17:39 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-10 16:59:55 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB426C5A-7F81-4B63-8765-CAA7195321D7}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{22496AA8-CB2A-45C4-AAA9-973DCFB9889D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{12F83285-54E1-4C6D-B5CD-4D6A5D630356}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{EAAE5192-441C-41FB-9CE0-C27318CD4E29}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{DD1141AC-690E-4EC9-BA41-511D6C44F828}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{BD15007E-016C-4117-90C9-AE97E5731253}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{8AAA07B7-4181-4658-B443-BC469C686F62}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{4CD8FB8E-2415-4C9B-BA71-DF4C32C2A7DE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{EC3F3FAD-CD68-406B-A2EC-84357342BDE0}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{9928C4F6-2F02-45CC-896F-FC28B5C21A8D}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2D8055EA-3905-4B4B-B8AD-CBC9DDD59D2A}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-05-25 22:45]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-05-25 22:45]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-28 17:39]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-05-28 17:39]
R2 Boostez votre PC Task Manager;Boostez votre PC Task Manager;C:\PROGRA~1\VCOM\Fix-It\mxtask.exe [2007-08-30 09:27]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 14:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-22 06:28]
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
*Newly Created Service* - CATCHME
*Newly Created Service* - SSMDRV
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 23:31:40
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\guard32.dll
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Windows\system32\guard32.dll
.
Temps d'accomplissement: 2008-05-28 23:32:35
ComboFix-quarantined-files.txt 2008-05-28 21:32:30
Pre-Run: 85,632,876,544 octets libres
Post-Run: 85,435,383,808 octets libres
243 --- E O F --- 2008-05-28 09:18:07
et maintenant le hijack this avant le combofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:54, on 14/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\toto\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Trend Micro\HijackThis\Hijack This.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
ayant eu des doutes me voila avec mes rapports.
ComboFix 08-05-28.1 - toto 2008-05-28 23:28:59.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.987 [GMT 2:00]
Endroit: C:\Users\toto\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DRV\Tuner\Yuan\Resources\_desktop.ini
C:\Windows\system32\ACER.exe
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 18:22 . 2008-05-28 18:22 <REP> d-------- C:\Users\toto\AppData\Roaming\Avira
2008-05-28 17:32 . 2008-05-28 17:32 <REP> d-------- C:\Program Files\Avira
2008-05-28 17:32 . 2007-08-28 13:10 69,672 --a------ C:\Windows\System32\avsda.dll.tmp
2008-05-28 17:03 . 2008-05-28 17:03 <REP> d-------- C:\Program Files\VS Revo Group
2008-05-28 11:16 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 11:16 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 01:27 . 2008-05-26 01:27 <REP> d-------- C:\Users\Public\CyberLink
2008-05-25 19:05 . 2007-05-22 05:41 184,320 --a------ C:\Windows\System32\igfxres.dll
2008-05-24 00:08 . 2008-05-24 00:08 <REP> d-------- C:\Users\toto\AppData\Roaming\Avanquest
2008-05-24 00:08 . 2008-05-24 00:08 <REP> d-------- C:\Users\All Users\Avanquest
2008-05-24 00:08 . 2008-05-24 00:08 <REP> d-------- C:\ProgramData\Avanquest
2008-05-23 21:42 . 2008-05-23 21:42 <REP> d-------- C:\Users\All Users\BVRP Software
2008-05-23 21:42 . 2008-05-23 21:42 <REP> d-------- C:\ProgramData\BVRP Software
2008-05-23 21:41 . 2008-05-23 21:41 <REP> dr-hs---- C:\_Backup.RC
2008-05-23 21:40 . 2008-05-23 21:40 <REP> d-------- C:\Users\toto\AppData\Roaming\VCOM
2008-05-23 21:40 . 2008-05-23 21:40 <REP> d-------- C:\Users\All Users\VCOM
2008-05-23 21:40 . 2008-05-23 21:40 <REP> d-------- C:\ProgramData\VCOM
2008-05-23 21:40 . 2008-05-23 21:40 <REP> d-------- C:\Program Files\VCOM
2008-05-23 21:40 . 2008-05-24 07:51 <REP> d--h----- C:\_Backup
2008-05-23 21:39 . 2008-05-23 21:39 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 19:33 . 2008-05-23 19:33 <REP> d-------- C:\Program Files\VistaCodecPack
2008-05-23 19:31 . 2008-05-23 19:31 <REP> d-------- C:\Users\All Users\VistaCodecs
2008-05-23 19:31 . 2008-05-23 19:31 <REP> d-------- C:\ProgramData\VistaCodecs
2008-05-23 17:26 . 2008-05-28 23:30 <REP> d-------- C:\Users\toto\AppData\Roaming\uTorrent
2008-05-20 17:12 . 2008-05-23 17:27 <REP> d-------- C:\Program Files\uTorrent
2008-05-20 16:36 . 2008-05-20 16:36 <REP> d-------- C:\Users\All Users\Azureus
2008-05-20 16:36 . 2008-05-20 16:36 <REP> d-------- C:\ProgramData\Azureus
2008-05-20 16:09 . 2008-05-20 16:37 <REP> d-------- C:\Users\toto\AppData\Roaming\Azureus
2008-05-10 11:59 . 2008-05-10 11:59 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-09 18:45 . 2008-05-28 17:32 <REP> d-------- C:\Users\All Users\Avira
2008-05-09 18:45 . 2008-05-28 17:32 <REP> d-------- C:\ProgramData\Avira
2008-05-09 18:06 . 2008-05-09 18:06 <REP> d-------- C:\Users\toto\AppData\Roaming\Comodo
2008-05-09 18:06 . 2008-05-09 18:18 <REP> d-------- C:\Users\All Users\comodo
2008-05-09 18:06 . 2008-05-09 18:18 <REP> d-------- C:\ProgramData\comodo
2008-05-09 18:06 . 2008-05-09 18:06 <REP> d-------- C:\Program Files\COMODO
2008-05-09 18:06 . 2008-05-25 22:45 143,104 --a------ C:\Windows\System32\guard32.dll
2008-05-09 18:06 . 2008-05-25 22:45 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-05-09 18:06 . 2008-05-25 22:45 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-05-06 14:39 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-06 14:39 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-04-28 23:15 . 2008-04-28 23:15 <REP> d-------- C:\Users\All Users\Grisoft
2008-04-28 23:15 . 2008-04-28 23:15 <REP> d-------- C:\ProgramData\Grisoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 22:33 --------- d---a-w C:\ProgramData\TEMP
2008-05-26 22:33 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-25 23:28 --------- d-----w C:\ProgramData\CyberLink
2008-05-25 23:27 --------- d-----w C:\Users\toto\AppData\Roaming\CyberLink
2008-05-09 15:40 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-06 12:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 13:14 3,270 ----a-w C:\Windows\System32\tmp.reg
2008-04-21 14:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 10:47 --------- d-----w C:\Users\toto\AppData\Roaming\Malwarebytes
2008-04-18 10:47 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-18 10:45 --------- d-----w C:\ProgramData\Lavasoft
2008-04-16 16:29 --------- d-----w C:\Program Files\Java
2008-04-16 16:23 --------- d-----w C:\Program Files\Common Files\Java
2008-04-15 23:18 174 --sha-w C:\Program Files\desktop.ini
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Journal
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Defender
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-15 23:09 --------- d-----w C:\Program Files\Windows Calendar
2008-04-15 22:53 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-15 22:53 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-14 17:28 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-04-12 11:49 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-04-12 05:41 180,224 ----a-w C:\Windows\System32\xvidvfw.dll
2008-04-12 05:30 765,952 ----a-w C:\Windows\System32\xvidcore.dll
2008-04-11 09:19 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-10 15:25 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-10 15:25 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-10 15:25 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-10 15:25 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 15:25 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-10 15:25 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 15:25 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 15:25 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 15:25 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 15:25 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 15:24 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 15:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 15:16 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-10 15:12 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-10 14:57 --------- d-----w C:\Program Files\7-Zip
2008-04-10 14:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 14:49 --------- d-----w C:\Program Files\Lavasoft
2008-04-10 14:47 --------- d-----w C:\Program Files\CCleaner
2008-04-10 14:44 --------- d-----w C:\Program Files\Trend Micro
2008-04-10 14:43 --------- d-----w C:\Program Files\illiminable
2008-04-10 14:18 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-04-10 14:12 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-10 13:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-10 13:47 --------- d-----w C:\Program Files\Acer Inc
2008-04-10 13:40 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-04-10 13:40 --------- d-----w C:\Program Files\Apoint2K
2008-04-10 13:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 13:37 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2008-04-10 13:35 --------- d-----w C:\Program Files\Launch Manager
2008-04-10 13:32 1,550 ----a-w C:\Windows\CLEANUP.CMD
2008-04-10 13:32 --------- d-----w C:\Users\toto\AppData\Roaming\InstallShield
2008-04-10 13:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 13:28 --------- d-sh--w C:\ProgramData\Modèles
2008-04-10 13:28 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-04-10 13:28 --------- d-sh--w C:\ProgramData\Favoris
2008-04-10 13:28 --------- d-sh--w C:\ProgramData\Bureau
2008-04-10 13:28 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-10 13:23 --------- d-----w C:\Program Files\ACER Crystal Eye webcam
2008-04-10 13:22 --------- d-----w C:\Program Files\Intel
2008-04-10 13:22 --------- d-----w C:\Program Files\Common Files\snp2uvc
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-06 16:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-25 04:31 142104]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-25 04:31 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-25 04:31 138008]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-23 09:13 1575680]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-05-28 17:39 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-10 16:59:55 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB426C5A-7F81-4B63-8765-CAA7195321D7}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{22496AA8-CB2A-45C4-AAA9-973DCFB9889D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{12F83285-54E1-4C6D-B5CD-4D6A5D630356}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{EAAE5192-441C-41FB-9CE0-C27318CD4E29}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{DD1141AC-690E-4EC9-BA41-511D6C44F828}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{BD15007E-016C-4117-90C9-AE97E5731253}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{8AAA07B7-4181-4658-B443-BC469C686F62}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{4CD8FB8E-2415-4C9B-BA71-DF4C32C2A7DE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{EC3F3FAD-CD68-406B-A2EC-84357342BDE0}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{9928C4F6-2F02-45CC-896F-FC28B5C21A8D}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2D8055EA-3905-4B4B-B8AD-CBC9DDD59D2A}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-05-25 22:45]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-05-25 22:45]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-28 17:39]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-05-28 17:39]
R2 Boostez votre PC Task Manager;Boostez votre PC Task Manager;C:\PROGRA~1\VCOM\Fix-It\mxtask.exe [2007-08-30 09:27]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 14:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-22 06:28]
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
*Newly Created Service* - CATCHME
*Newly Created Service* - SSMDRV
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 23:31:40
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\guard32.dll
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Windows\system32\guard32.dll
.
Temps d'accomplissement: 2008-05-28 23:32:35
ComboFix-quarantined-files.txt 2008-05-28 21:32:30
Pre-Run: 85,632,876,544 octets libres
Post-Run: 85,435,383,808 octets libres
243 --- E O F --- 2008-05-28 09:18:07
et maintenant le hijack this avant le combofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:54, on 14/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\toto\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Trend Micro\HijackThis\Hijack This.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Rapports combo fix+hijack avant et apres
- Fix it - Télécharger - Optimisation
- Combo de clips story facebook - Guide
- Microsoft fix it - Télécharger - Utilitaires
- Avant browser - Télécharger - Navigateurs
- Hijack this - Télécharger - Antivirus & Antimalwares
6 réponses
Salut totbetourne,
Ca a l´air propre en effet
passe malwarebytes si tu ne l´as pas deja fait
post son rapport stp
@+
Ca a l´air propre en effet
passe malwarebytes si tu ne l´as pas deja fait
post son rapport stp
@+
merci de m avoir repondu demain je refais un scan , je le passe de temps en temps et il y a rien generallement, on verra demain et encore merci joli profil.
scan malware n a rien donne en scan complet.
mais la j ai une recherche anti rootkit avec antivir et voila ce qu il me donne.
Avira AntiVir Premium
Report file date: vendredi 30 mai 2008 15:08
Scanning for 1301732 virus strains and unwanted programs.
Licensed to: alain bouchard
Serial number: 1101992428-PEPWE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: toto
Computer name: ORDINATEUR
Version information:
BUILD.DAT : 8.1.0.344 19214 Bytes 28/05/2008 17:00:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 28/05/2008 15:39:16
AVSCAN.DLL : 8.1.1.0 53505 Bytes 28/05/2008 15:39:16
LUKE.DLL : 8.1.2.9 151809 Bytes 28/05/2008 15:39:16
LUKERES.DLL : 8.1.2.1 12033 Bytes 28/05/2008 15:39:16
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 15:39:17
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 15:39:17
ANTIVIR3.VDF : 7.0.4.114 366080 Bytes 30/05/2008 07:48:00
Engineversion : 8.1.0.49
AEVDF.DLL : 8.1.0.5 102772 Bytes 28/05/2008 15:39:18
AESCRIPT.DLL : 8.1.0.36 270714 Bytes 29/05/2008 15:33:38
AESCN.DLL : 8.1.0.20 119157 Bytes 29/05/2008 15:33:32
AERDL.DLL : 8.1.0.20 418165 Bytes 28/05/2008 15:39:18
AEPACK.DLL : 8.1.1.5 364918 Bytes 28/05/2008 15:39:18
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 28/05/2008 15:39:18
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 28/05/2008 15:39:18
AEHELP.DLL : 8.1.0.15 115063 Bytes 29/05/2008 15:33:28
AEGEN.DLL : 8.1.0.23 307573 Bytes 29/05/2008 15:33:24
AEEMU.DLL : 8.1.0.6 430451 Bytes 28/05/2008 15:39:17
AECORE.DLL : 8.1.0.30 168311 Bytes 29/05/2008 15:33:17
AVWINLL.DLL : 1.0.0.7 14593 Bytes 28/05/2008 15:39:16
AVPREF.DLL : 8.0.0.1 25857 Bytes 28/05/2008 15:39:16
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 28/05/2008 15:39:16
AVARKT.DLL : 1.0.0.23 307457 Bytes 28/05/2008 15:39:15
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/05/2008 15:39:15
SQLITE3.DLL : 3.3.17.1 339968 Bytes 28/05/2008 15:39:17
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 28/05/2008 15:39:17
NETNT.DLL : 8.0.0.1 7937 Bytes 28/05/2008 15:39:16
RCIMAGE.DLL : 8.0.0.31 2564353 Bytes 28/05/2008 15:39:11
RCTEXT.DLL : 8.0.32.0 86273 Bytes 28/05/2008 15:39:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Premium\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: vendredi 30 mai 2008 15:08
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\autorecover mofs
[INFO] The registry entry is invisible.
'407292' objects were checked, '1' hidden objects were found.
End of the scan: vendredi 30 mai 2008 15:11
Used time: 03:06 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
407292 Objects were scanned with rootkit scan
1 Hidden objects were found
objet cache doit il etre debusquer, devons nous partir a la chasse?
mais la j ai une recherche anti rootkit avec antivir et voila ce qu il me donne.
Avira AntiVir Premium
Report file date: vendredi 30 mai 2008 15:08
Scanning for 1301732 virus strains and unwanted programs.
Licensed to: alain bouchard
Serial number: 1101992428-PEPWE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: toto
Computer name: ORDINATEUR
Version information:
BUILD.DAT : 8.1.0.344 19214 Bytes 28/05/2008 17:00:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 28/05/2008 15:39:16
AVSCAN.DLL : 8.1.1.0 53505 Bytes 28/05/2008 15:39:16
LUKE.DLL : 8.1.2.9 151809 Bytes 28/05/2008 15:39:16
LUKERES.DLL : 8.1.2.1 12033 Bytes 28/05/2008 15:39:16
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 15:39:17
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 15:39:17
ANTIVIR3.VDF : 7.0.4.114 366080 Bytes 30/05/2008 07:48:00
Engineversion : 8.1.0.49
AEVDF.DLL : 8.1.0.5 102772 Bytes 28/05/2008 15:39:18
AESCRIPT.DLL : 8.1.0.36 270714 Bytes 29/05/2008 15:33:38
AESCN.DLL : 8.1.0.20 119157 Bytes 29/05/2008 15:33:32
AERDL.DLL : 8.1.0.20 418165 Bytes 28/05/2008 15:39:18
AEPACK.DLL : 8.1.1.5 364918 Bytes 28/05/2008 15:39:18
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 28/05/2008 15:39:18
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 28/05/2008 15:39:18
AEHELP.DLL : 8.1.0.15 115063 Bytes 29/05/2008 15:33:28
AEGEN.DLL : 8.1.0.23 307573 Bytes 29/05/2008 15:33:24
AEEMU.DLL : 8.1.0.6 430451 Bytes 28/05/2008 15:39:17
AECORE.DLL : 8.1.0.30 168311 Bytes 29/05/2008 15:33:17
AVWINLL.DLL : 1.0.0.7 14593 Bytes 28/05/2008 15:39:16
AVPREF.DLL : 8.0.0.1 25857 Bytes 28/05/2008 15:39:16
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 28/05/2008 15:39:16
AVARKT.DLL : 1.0.0.23 307457 Bytes 28/05/2008 15:39:15
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/05/2008 15:39:15
SQLITE3.DLL : 3.3.17.1 339968 Bytes 28/05/2008 15:39:17
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 28/05/2008 15:39:17
NETNT.DLL : 8.0.0.1 7937 Bytes 28/05/2008 15:39:16
RCIMAGE.DLL : 8.0.0.31 2564353 Bytes 28/05/2008 15:39:11
RCTEXT.DLL : 8.0.32.0 86273 Bytes 28/05/2008 15:39:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Premium\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: vendredi 30 mai 2008 15:08
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\autorecover mofs
[INFO] The registry entry is invisible.
'407292' objects were checked, '1' hidden objects were found.
End of the scan: vendredi 30 mai 2008 15:11
Used time: 03:06 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
407292 Objects were scanned with rootkit scan
1 Hidden objects were found
objet cache doit il etre debusquer, devons nous partir a la chasse?
salut,
a mon avis cette cle est invisible et il ne faut pas la virer...
si tu comprends l´anglais :
MOF - Managed Object Format
A Managed Object Format (MOF) file contains an ASCII text description of classes and data to be added to the Common Information Model Object Manager (CIMOM) database. When a MOF file is submitted to the MOF compiler, the compiler parses the contents of the MOF file and makes calls to CIMON based on each parsed item. CIMOM responds to these calls and adds data to the CIMOM database file as required. Once the compiler has been run on the file, it passes the output through another program called Wmimofck, which verifies that all class definitions are valid for WMI. If the file does not pass this test, it is deleted. Wmimofck is run automatically by the MOFComp compiler upon its successful compilation of your driver?s MOF file.
dis moi ce que tu en pensses ?
@+
a mon avis cette cle est invisible et il ne faut pas la virer...
si tu comprends l´anglais :
MOF - Managed Object Format
A Managed Object Format (MOF) file contains an ASCII text description of classes and data to be added to the Common Information Model Object Manager (CIMOM) database. When a MOF file is submitted to the MOF compiler, the compiler parses the contents of the MOF file and makes calls to CIMON based on each parsed item. CIMOM responds to these calls and adds data to the CIMOM database file as required. Once the compiler has been run on the file, it passes the output through another program called Wmimofck, which verifies that all class definitions are valid for WMI. If the file does not pass this test, it is deleted. Wmimofck is run automatically by the MOFComp compiler upon its successful compilation of your driver?s MOF file.
dis moi ce que tu en pensses ?
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question