Analyser mon log Hijackthis
JD
-
sherred Messages postés 8605 Statut Membre -
sherred Messages postés 8605 Statut Membre -
Bonjour,
Je viens de faire une analyse Hijackthis et me demandais si une bonne âme aurait la gentillesse de me dire ce qui cloche dans le log?
En vous remerciant et vus souhaitant une bonne journée,
J.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:39, on 15/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
D:\Juliana\Programmes\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\CHRIST~1\AppData\Local\Temp\wvUmnOiF.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\CHRIST~1\AppData\Local\Temp\jkkIXrrr.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [26cb5cc6] rundll32.exe "C:\Users\CHRIST~1\AppData\Local\Temp\tdyrldre.dll",b
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
Je viens de faire une analyse Hijackthis et me demandais si une bonne âme aurait la gentillesse de me dire ce qui cloche dans le log?
En vous remerciant et vus souhaitant une bonne journée,
J.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:39, on 15/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
D:\Juliana\Programmes\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\CHRIST~1\AppData\Local\Temp\wvUmnOiF.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\CHRIST~1\AppData\Local\Temp\jkkIXrrr.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [26cb5cc6] rundll32.exe "C:\Users\CHRIST~1\AppData\Local\Temp\tdyrldre.dll",b
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
A voir également:
- Analyser mon log Hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Analyser et réparer disque dur externe - Guide
- Analyser clé usb - Guide
- Image analyser - Télécharger - Photo & Graphisme
- Analyser performance pc - Guide
10 réponses
bonjour, passe combofix et poste le rapport suivi d'un nouveau hijackthis merci
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
J'ai vu sur CCM que le moteur de recherche de Combofix a été modifié par un rootkit...
http://www.commentcamarche.net/forum/affich 2681169 combofix attention urgent
http://www.commentcamarche.net/forum/affich 2681169 combofix attention urgent
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re-bonjour!
Je vous remercie infiniment pour vos réponses.
J'ai fait ce que vous m'avez conseillé; un scan avec Kaspersky, puis je viens de finir le combofix donc voici le log.
ComboFix 08-07-14.2 - Christophe 2008-07-15 11:57:30.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2067 [GMT 2:00]
Endroit: C:\Users\Christophe\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\p4p
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))))))
.
2008-07-15 09:56 . 2008-07-15 10:05 96,966 --a------ C:\Windows\System32\drivers\klin.dat
2008-07-15 09:56 . 2008-07-15 10:05 88,774 --a------ C:\Windows\System32\drivers\klick.dat
2008-07-15 09:55 . 2008-07-15 12:26 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-07-15 09:55 . 2008-07-15 09:55 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-07-15 09:55 . 2008-07-15 12:23 3,021,344 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-07-15 09:55 . 2008-07-15 12:26 245,792 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-07-15 09:55 . 2008-07-15 12:23 25,732 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-07-15 09:55 . 2008-07-15 12:25 1,920 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-07-14 18:04 . 2008-07-14 18:04 <REP> d-------- C:\Program Files\Alwil Software
2008-07-14 18:02 . 2008-07-15 09:49 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-14 17:54 . 2008-07-14 17:54 <REP> d-------- C:\Windows\BDOSCAN8
2008-07-10 13:27 . 2008-07-10 13:27 <REP> d-------- C:\Program Files\Macromedia
2008-07-10 13:27 . 2008-07-10 13:28 <REP> d-------- C:\Program Files\Common Files\Macromedia
2008-07-09 14:08 . 2008-07-09 14:27 <REP> d-------- C:\Users\Christophe\AppData\Roaming\mIRC
2008-07-09 12:37 . 2008-07-09 12:37 <REP> d-------- C:\ProgramData\Sony Ericsson
2008-07-09 12:37 . 2008-07-09 12:37 130 --a------ C:\Windows\ODBC.INI
2008-07-09 12:36 . 2008-07-09 12:36 <REP> d-------- C:\Program Files\Intuwave Ltd
2008-07-09 12:36 . 2003-10-23 10:48 328,704 --a------ C:\Windows\System32\ecsepm.cpl
2008-07-09 12:35 . 2008-07-09 12:35 <REP> d-------- C:\Program Files\Sony Ericsson
2008-07-09 02:18 . 2008-07-09 02:18 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-07-09 02:18 . 2008-07-09 02:18 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-07-09 02:17 . 2008-07-09 02:17 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 02:17 . 2008-07-09 02:17 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 02:17 . 2008-07-09 02:17 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-07-09 02:17 . 2008-07-09 02:17 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-07-09 02:17 . 2008-07-09 02:17 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-07-09 02:17 . 2008-07-09 02:17 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-07-09 02:17 . 2008-07-09 02:17 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-07-09 02:17 . 2008-07-09 02:17 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-07-09 01:54 . 2008-07-09 01:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-09 01:50 . 2008-07-09 01:50 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-07-09 01:50 . 2008-07-09 01:50 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-07-09 01:50 . 2008-07-09 01:50 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-07-09 01:50 . 2008-07-09 01:50 19,456 --a------ C:\Windows\System32\drivers\bthenum.sys
2008-07-09 01:49 . 2008-07-09 01:49 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-07-09 01:47 . 2008-07-09 01:47 2,028,544 --a------ C:\Windows\System32\win32k.sys
2008-07-09 01:47 . 2008-07-09 01:47 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-07-09 01:46 . 2008-07-09 01:46 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-09 01:46 . 2008-07-09 01:46 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-07-09 01:46 . 2008-07-09 01:46 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-09 01:46 . 2008-07-09 01:46 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-07-09 01:45 . 2008-07-09 01:45 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-07-09 01:45 . 2008-07-09 01:45 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-07-09 01:37 . 2008-07-09 01:37 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-07-09 01:36 . 2008-07-09 01:36 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-07-09 01:36 . 2008-07-09 01:36 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-07-09 01:36 . 2008-07-09 01:36 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-07-09 01:36 . 2008-07-09 01:36 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-09 01:36 . 2008-07-09 01:36 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-09 01:36 . 2008-07-09 01:36 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-09 01:36 . 2008-07-09 01:36 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-08 16:27 . 2008-07-08 16:27 <REP> d-------- C:\Users\Christophe\AppData\Roaming\TuneUp Software
2008-07-08 16:27 . 2008-07-08 16:27 <REP> d-------- C:\ProgramData\TuneUp Software
2008-07-08 16:27 . 2008-07-08 16:27 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2008-07-08 16:27 . 2007-05-16 09:41 29,704 --a------ C:\Windows\System32\uxtuneup.dll
2008-07-08 16:27 . 2007-04-26 15:57 16,904 --a------ C:\Windows\System32\authuitu.dll
2008-07-08 16:26 . 2008-07-08 16:26 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 12:46 . 2008-07-09 14:29 <REP> d-------- C:\wamp
2008-07-04 15:04 . 2008-07-04 15:05 226 --a------ C:\Windows\System32\map1.xml
2008-07-03 16:53 . 2008-07-03 16:53 <REP> d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-30 09:14 . 2008-06-30 09:14 <REP> d-------- C:\Program Files\GPLGS
2008-06-30 09:11 . 2008-06-30 09:11 <REP> d-------- C:\Program Files\Acro Software
2008-06-30 09:11 . 2007-07-12 22:33 87,552 --a------ C:\Windows\System32\cpwmon2k.dll
2008-06-30 08:56 . 2008-06-30 08:56 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-27 12:29 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-06-27 09:37 . 2008-07-10 13:24 <REP> d-------- C:\Windows\Downloaded Installations
2008-06-27 08:25 . 2008-06-27 08:25 <REP> d-------- C:\Users\Christophe\Incomplete
2008-06-27 08:25 . 2008-07-09 03:28 <REP> d-------- C:\Users\Christophe\AppData\Roaming\FrostWire
2008-06-27 08:22 . 2008-06-27 17:27 <REP> d-------- C:\Program Files\Java
2008-06-27 08:22 . 2008-06-27 08:22 <REP> d-------- C:\Program Files\Common Files\Java
2008-06-27 08:19 . 2008-06-27 08:25 <REP> d-------- C:\Program Files\FrostWire
2008-06-20 18:41 . 2008-06-20 19:17 <REP> d-------- C:\Program Files\Windows Live
2008-06-20 18:41 . 2008-06-20 19:07 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-20 18:40 . 2008-06-20 18:40 <REP> d-------- C:\ProgramData\WLInstaller
2008-06-20 18:40 . 2008-06-20 18:40 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-06-20 18:40 . 2008-06-20 18:40 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-06-20 18:40 . 2008-06-20 18:40 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-06-20 18:40 . 2008-06-20 18:40 43,352 --a------ C:\Windows\System32\wups2.dll
2008-06-20 18:39 . 2008-06-20 18:39 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-06-20 18:39 . 2008-06-20 18:39 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-06-20 18:39 . 2008-06-20 18:39 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-06-20 18:39 . 2008-06-20 18:39 33,624 --a------ C:\Windows\System32\wups.dll
2008-06-20 18:39 . 2008-06-20 18:39 31,232 --a------ C:\Windows\System32\wuapp.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 10:24 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-07-09 10:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 01:33 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 00:06 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 23:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-08 23:48 944,184 ----a-w C:\Windows\System32\winload.exe
2008-07-08 23:46 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-08 23:46 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-08 23:46 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-08 23:46 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-08 23:46 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-08 23:32 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-07-08 23:32 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-07-08 23:32 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-07-08 23:32 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-07-03 14:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-27 07:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-23 18:28 --------- d-----w C:\Program Files\ASUS
2008-06-20 21:39 --------- d-----w C:\ProgramData\ASUS
2008-06-12 15:42 81,920 ----a-w C:\Windows\System32\W32N50.dll
2008-06-12 15:42 17,134 ----a-w C:\Windows\System32\PCANDIS5.sys
2008-06-12 14:23 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2008-06-12 14:19 --------- d-----w C:\ProgramData\Symantec
2008-06-12 14:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 14:10 44,544 ----a-w C:\Windows\System32\msxml4a.dll
2008-06-12 14:07 --------- d-----w C:\Users\Christophe\AppData\Roaming\ATI
2008-06-12 13:55 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-12 13:54 --------- d-----w C:\ProgramData\Ahead
2008-06-12 13:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-12 13:53 --------- d-----w C:\ProgramData\Nero
2008-06-12 13:53 --------- d-----w C:\Program Files\Nero
2008-06-12 13:50 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-06-12 13:50 --------- d-----w C:\Program Files\ASUS Security Center
2008-04-25 16:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-22 16:50 606,848 ----a-w C:\Windows\flashax.exe
2008-04-22 16:50 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr
2008-04-22 16:50 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe
2008-04-22 16:50 37,232 ----a-w C:\Windows\ASScrProlog.exe
2008-04-22 16:50 33,136 ----a-w C:\Windows\ASScrPro.exe
2008-04-22 16:50 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-04-22 16:50 12,288 ----a-w C:\Windows\impborl.dll
2008-04-22 16:15 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 16:15 315,392 ----a-w C:\Windows\HideWin.exe
2008-04-22 15:35 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-22 15:35 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-22 15:35 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-22 15:33 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-22 15:22 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-04-22 15:22 14,336 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-22 15:20 218,112 ----a-w C:\Windows\System32\wdscore.dll
2008-04-22 15:20 167,424 ----a-w C:\Windows\System32\ActionQueue.dll
2008-04-22 15:18 805,888 ----a-w C:\Windows\System32\msctf.dll
2008-04-22 15:12 25,272 ----a-w C:\Windows\System32\streamci.dll
2008-04-22 15:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-22 15:04 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-22 14:57 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-22 14:57 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-22 14:57 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-22 14:51 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-22 14:51 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-22 14:51 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-22 14:51 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-22 14:51 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-22 14:51 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-04-22 14:51 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-22 14:51 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-22 14:51 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-22 14:46 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-22 14:46 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-22 14:46 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-22 14:46 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-22 14:43 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-04-22 14:43 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-04-22 14:39 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-22 14:36 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-04-22 14:35 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-04-22 14:35 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-04-22 14:35 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-04-22 14:35 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-04-22 14:28 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-04-22 14:28 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-04-22 14:27 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-04-22 14:27 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-04-22 14:27 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-04-22 14:25 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-04-22 14:23 1,247,744 ----a-w C:\Windows\System32\PerfCenterCPL.dll
2008-04-22 14:22 187,392 ----a-w C:\Windows\System32\d3d10core.dll
2008-04-22 14:22 167,936 ----a-w C:\Windows\System32\dxgi.dll
2008-04-22 14:22 1,029,120 ----a-w C:\Windows\System32\d3d10.dll
2008-04-22 14:21 563,200 ----a-w C:\Windows\System32\emdmgmt.dll
2008-04-22 14:10 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-22 14:10 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-22 14:09 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-04-22 14:09 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-04-22 14:09 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-04-22 14:09 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-04-22 14:09 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-04-22 14:09 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-04-22 14:08 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-04-22 14:08 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-22 17:10 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 04:02 178712]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 07:24 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 07:11 17920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 15:10 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 15:22 1826816 C:\Windows\SkyTel.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Phone Connection Monitor.lnk - C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe [2008-07-09 12:36:22 807424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"PowerForPhone"="C:\Program Files\P4P\P4P.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2106988305-4279399922-357180011-1000]
"EnableNotificationsRef"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2106988305-4279399922-357180011-1001]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2106988305-4279399922-357180011-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9958D63-A787-4318-8E03-9478BB825DD1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F1B62D64-08C8-4178-99E8-C07035EBEAB3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7CBC62A8-02B2-4EFF-8165-F0CC67C9D263}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{E36EBAD2-EBC1-4D19-82DC-E3E2288B4F7B}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{6EF17EA0-66F1-4B7A-80B1-5AE0133B00EA}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{B8A5143E-E582-4AEC-BD23-0F36C3FE8200}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{8F32256D-EFAD-4506-A26A-B64FD145460E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{28096518-E930-4436-AA9B-9DAADD61A4C5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{AF414FAF-674C-48EE-8466-F8C4A65EFB08}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{F363013B-D55E-4A5A-97CD-88AA7ADD0AD3}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{28FB25C8-7DC4-4A53-9727-3F7109BB0562}C:\\wamp\\apache2\\bin\\httpd.exe"= UDP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
"UDP Query User{B75E6E6F-204D-48A7-ADEF-BD865B3EB6E7}C:\\wamp\\apache2\\bin\\httpd.exe"= TCP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
"TCP Query User{36A5EF4B-F9C3-43A5-A484-16DF665942C2}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{24BE2936-67B8-497D-8FDA-5AC65E1A9557}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"TCP Query User{DB9CB3C4-8404-494A-8F3C-A6CA82BA7F54}C:\\program files\\intuwave ltd\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime
"UDP Query User{72FCB7DE-0078-4ECE-B7A6-5E370C7A18AD}C:\\program files\\intuwave ltd\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys [2007-09-27 00:03]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-17 03:13]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-10-31 13:55]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-20 16:55]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 10:43]
R3 FiltUSBET;ET USB Device Lower Filter;C:\Windows\system32\DRIVERS\etFilter.sys [2007-10-15 09:39]
R3 ScanUSBET;ET USB Still Image Capture Device;C:\Windows\system32\DRIVERS\etScan.sys [2007-09-06 17:45]
S3 BthAvrcp;Profil AVRCP Bluetooth;C:\Windows\system32\DRIVERS\BthAvrcp.sys [2008-04-22 18:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364355a0-106e-11dd-87fe-806e6f6e6963}]
\shell\AutoRun\command - E:\livebox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-11 15:20:30 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-07-15 07:07:09 C:\Windows\Tasks\User_Feed_Synchronization-{6F89CBB1-07E2-4738-A64A-133B601B78E8}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 12:26:30
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\AsLdrSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-15 12:29:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 10:29:11
Pre-Run: 111,544,967,168 octets libres
Post-Run: 112,636,350,464 octets libres
345 --- E O F --- 2008-07-11 06:06:28
Je vous remercie infiniment pour vos réponses.
J'ai fait ce que vous m'avez conseillé; un scan avec Kaspersky, puis je viens de finir le combofix donc voici le log.
ComboFix 08-07-14.2 - Christophe 2008-07-15 11:57:30.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2067 [GMT 2:00]
Endroit: C:\Users\Christophe\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\p4p
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))))))
.
2008-07-15 09:56 . 2008-07-15 10:05 96,966 --a------ C:\Windows\System32\drivers\klin.dat
2008-07-15 09:56 . 2008-07-15 10:05 88,774 --a------ C:\Windows\System32\drivers\klick.dat
2008-07-15 09:55 . 2008-07-15 12:26 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-07-15 09:55 . 2008-07-15 09:55 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-07-15 09:55 . 2008-07-15 12:23 3,021,344 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-07-15 09:55 . 2008-07-15 12:26 245,792 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-07-15 09:55 . 2008-07-15 12:23 25,732 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-07-15 09:55 . 2008-07-15 12:25 1,920 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-07-14 18:04 . 2008-07-14 18:04 <REP> d-------- C:\Program Files\Alwil Software
2008-07-14 18:02 . 2008-07-15 09:49 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-14 17:54 . 2008-07-14 17:54 <REP> d-------- C:\Windows\BDOSCAN8
2008-07-10 13:27 . 2008-07-10 13:27 <REP> d-------- C:\Program Files\Macromedia
2008-07-10 13:27 . 2008-07-10 13:28 <REP> d-------- C:\Program Files\Common Files\Macromedia
2008-07-09 14:08 . 2008-07-09 14:27 <REP> d-------- C:\Users\Christophe\AppData\Roaming\mIRC
2008-07-09 12:37 . 2008-07-09 12:37 <REP> d-------- C:\ProgramData\Sony Ericsson
2008-07-09 12:37 . 2008-07-09 12:37 130 --a------ C:\Windows\ODBC.INI
2008-07-09 12:36 . 2008-07-09 12:36 <REP> d-------- C:\Program Files\Intuwave Ltd
2008-07-09 12:36 . 2003-10-23 10:48 328,704 --a------ C:\Windows\System32\ecsepm.cpl
2008-07-09 12:35 . 2008-07-09 12:35 <REP> d-------- C:\Program Files\Sony Ericsson
2008-07-09 02:18 . 2008-07-09 02:18 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-07-09 02:18 . 2008-07-09 02:18 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-07-09 02:17 . 2008-07-09 02:17 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 02:17 . 2008-07-09 02:17 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 02:17 . 2008-07-09 02:17 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-07-09 02:17 . 2008-07-09 02:17 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-07-09 02:17 . 2008-07-09 02:17 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-07-09 02:17 . 2008-07-09 02:17 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-07-09 02:17 . 2008-07-09 02:17 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-07-09 02:17 . 2008-07-09 02:17 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-07-09 01:54 . 2008-07-09 01:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-09 01:50 . 2008-07-09 01:50 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-07-09 01:50 . 2008-07-09 01:50 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-07-09 01:50 . 2008-07-09 01:50 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-07-09 01:50 . 2008-07-09 01:50 19,456 --a------ C:\Windows\System32\drivers\bthenum.sys
2008-07-09 01:49 . 2008-07-09 01:49 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-07-09 01:47 . 2008-07-09 01:47 2,028,544 --a------ C:\Windows\System32\win32k.sys
2008-07-09 01:47 . 2008-07-09 01:47 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-07-09 01:46 . 2008-07-09 01:46 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-09 01:46 . 2008-07-09 01:46 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-07-09 01:46 . 2008-07-09 01:46 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-09 01:46 . 2008-07-09 01:46 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-07-09 01:45 . 2008-07-09 01:45 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-07-09 01:45 . 2008-07-09 01:45 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-07-09 01:37 . 2008-07-09 01:37 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-07-09 01:36 . 2008-07-09 01:36 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-07-09 01:36 . 2008-07-09 01:36 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-07-09 01:36 . 2008-07-09 01:36 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-07-09 01:36 . 2008-07-09 01:36 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-09 01:36 . 2008-07-09 01:36 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-09 01:36 . 2008-07-09 01:36 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-09 01:36 . 2008-07-09 01:36 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-08 16:27 . 2008-07-08 16:27 <REP> d-------- C:\Users\Christophe\AppData\Roaming\TuneUp Software
2008-07-08 16:27 . 2008-07-08 16:27 <REP> d-------- C:\ProgramData\TuneUp Software
2008-07-08 16:27 . 2008-07-08 16:27 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2008-07-08 16:27 . 2007-05-16 09:41 29,704 --a------ C:\Windows\System32\uxtuneup.dll
2008-07-08 16:27 . 2007-04-26 15:57 16,904 --a------ C:\Windows\System32\authuitu.dll
2008-07-08 16:26 . 2008-07-08 16:26 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 12:46 . 2008-07-09 14:29 <REP> d-------- C:\wamp
2008-07-04 15:04 . 2008-07-04 15:05 226 --a------ C:\Windows\System32\map1.xml
2008-07-03 16:53 . 2008-07-03 16:53 <REP> d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-30 09:14 . 2008-06-30 09:14 <REP> d-------- C:\Program Files\GPLGS
2008-06-30 09:11 . 2008-06-30 09:11 <REP> d-------- C:\Program Files\Acro Software
2008-06-30 09:11 . 2007-07-12 22:33 87,552 --a------ C:\Windows\System32\cpwmon2k.dll
2008-06-30 08:56 . 2008-06-30 08:56 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-27 12:29 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-06-27 09:37 . 2008-07-10 13:24 <REP> d-------- C:\Windows\Downloaded Installations
2008-06-27 08:25 . 2008-06-27 08:25 <REP> d-------- C:\Users\Christophe\Incomplete
2008-06-27 08:25 . 2008-07-09 03:28 <REP> d-------- C:\Users\Christophe\AppData\Roaming\FrostWire
2008-06-27 08:22 . 2008-06-27 17:27 <REP> d-------- C:\Program Files\Java
2008-06-27 08:22 . 2008-06-27 08:22 <REP> d-------- C:\Program Files\Common Files\Java
2008-06-27 08:19 . 2008-06-27 08:25 <REP> d-------- C:\Program Files\FrostWire
2008-06-20 18:41 . 2008-06-20 19:17 <REP> d-------- C:\Program Files\Windows Live
2008-06-20 18:41 . 2008-06-20 19:07 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-20 18:40 . 2008-06-20 18:40 <REP> d-------- C:\ProgramData\WLInstaller
2008-06-20 18:40 . 2008-06-20 18:40 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-06-20 18:40 . 2008-06-20 18:40 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-06-20 18:40 . 2008-06-20 18:40 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-06-20 18:40 . 2008-06-20 18:40 43,352 --a------ C:\Windows\System32\wups2.dll
2008-06-20 18:39 . 2008-06-20 18:39 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-06-20 18:39 . 2008-06-20 18:39 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-06-20 18:39 . 2008-06-20 18:39 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-06-20 18:39 . 2008-06-20 18:39 33,624 --a------ C:\Windows\System32\wups.dll
2008-06-20 18:39 . 2008-06-20 18:39 31,232 --a------ C:\Windows\System32\wuapp.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 10:24 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-07-09 10:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 01:33 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 00:06 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 23:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-08 23:48 944,184 ----a-w C:\Windows\System32\winload.exe
2008-07-08 23:46 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-08 23:46 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-08 23:46 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-08 23:46 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-08 23:46 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-08 23:32 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-07-08 23:32 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-07-08 23:32 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-07-08 23:32 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-07-03 14:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-27 07:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-23 18:28 --------- d-----w C:\Program Files\ASUS
2008-06-20 21:39 --------- d-----w C:\ProgramData\ASUS
2008-06-12 15:42 81,920 ----a-w C:\Windows\System32\W32N50.dll
2008-06-12 15:42 17,134 ----a-w C:\Windows\System32\PCANDIS5.sys
2008-06-12 14:23 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2008-06-12 14:19 --------- d-----w C:\ProgramData\Symantec
2008-06-12 14:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 14:10 44,544 ----a-w C:\Windows\System32\msxml4a.dll
2008-06-12 14:07 --------- d-----w C:\Users\Christophe\AppData\Roaming\ATI
2008-06-12 13:55 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-12 13:54 --------- d-----w C:\ProgramData\Ahead
2008-06-12 13:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-12 13:53 --------- d-----w C:\ProgramData\Nero
2008-06-12 13:53 --------- d-----w C:\Program Files\Nero
2008-06-12 13:50 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-06-12 13:50 --------- d-----w C:\Program Files\ASUS Security Center
2008-04-25 16:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-22 16:50 606,848 ----a-w C:\Windows\flashax.exe
2008-04-22 16:50 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr
2008-04-22 16:50 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe
2008-04-22 16:50 37,232 ----a-w C:\Windows\ASScrProlog.exe
2008-04-22 16:50 33,136 ----a-w C:\Windows\ASScrPro.exe
2008-04-22 16:50 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-04-22 16:50 12,288 ----a-w C:\Windows\impborl.dll
2008-04-22 16:15 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-22 16:15 315,392 ----a-w C:\Windows\HideWin.exe
2008-04-22 15:35 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-22 15:35 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-22 15:35 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-22 15:33 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-22 15:22 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-04-22 15:22 14,336 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-22 15:20 218,112 ----a-w C:\Windows\System32\wdscore.dll
2008-04-22 15:20 167,424 ----a-w C:\Windows\System32\ActionQueue.dll
2008-04-22 15:18 805,888 ----a-w C:\Windows\System32\msctf.dll
2008-04-22 15:12 25,272 ----a-w C:\Windows\System32\streamci.dll
2008-04-22 15:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-22 15:04 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-22 14:57 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-22 14:57 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-22 14:57 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-22 14:51 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-22 14:51 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-22 14:51 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-22 14:51 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-22 14:51 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-22 14:51 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-04-22 14:51 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-22 14:51 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-22 14:51 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-22 14:46 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-22 14:46 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-22 14:46 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-22 14:46 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-22 14:43 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-04-22 14:43 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-04-22 14:39 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-22 14:36 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-04-22 14:35 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-04-22 14:35 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-04-22 14:35 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-04-22 14:35 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-04-22 14:28 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-04-22 14:28 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-04-22 14:27 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-04-22 14:27 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-04-22 14:27 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-04-22 14:25 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-04-22 14:23 1,247,744 ----a-w C:\Windows\System32\PerfCenterCPL.dll
2008-04-22 14:22 187,392 ----a-w C:\Windows\System32\d3d10core.dll
2008-04-22 14:22 167,936 ----a-w C:\Windows\System32\dxgi.dll
2008-04-22 14:22 1,029,120 ----a-w C:\Windows\System32\d3d10.dll
2008-04-22 14:21 563,200 ----a-w C:\Windows\System32\emdmgmt.dll
2008-04-22 14:10 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-22 14:10 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-22 14:09 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-04-22 14:09 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-04-22 14:09 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-04-22 14:09 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-04-22 14:09 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-04-22 14:09 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-04-22 14:08 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-04-22 14:08 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-22 17:10 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 04:02 178712]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 07:24 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 07:11 17920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 15:10 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 15:22 1826816 C:\Windows\SkyTel.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Phone Connection Monitor.lnk - C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe [2008-07-09 12:36:22 807424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"PowerForPhone"="C:\Program Files\P4P\P4P.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2106988305-4279399922-357180011-1000]
"EnableNotificationsRef"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2106988305-4279399922-357180011-1001]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2106988305-4279399922-357180011-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9958D63-A787-4318-8E03-9478BB825DD1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F1B62D64-08C8-4178-99E8-C07035EBEAB3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7CBC62A8-02B2-4EFF-8165-F0CC67C9D263}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{E36EBAD2-EBC1-4D19-82DC-E3E2288B4F7B}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{6EF17EA0-66F1-4B7A-80B1-5AE0133B00EA}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{B8A5143E-E582-4AEC-BD23-0F36C3FE8200}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{8F32256D-EFAD-4506-A26A-B64FD145460E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{28096518-E930-4436-AA9B-9DAADD61A4C5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{AF414FAF-674C-48EE-8466-F8C4A65EFB08}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{F363013B-D55E-4A5A-97CD-88AA7ADD0AD3}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{28FB25C8-7DC4-4A53-9727-3F7109BB0562}C:\\wamp\\apache2\\bin\\httpd.exe"= UDP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
"UDP Query User{B75E6E6F-204D-48A7-ADEF-BD865B3EB6E7}C:\\wamp\\apache2\\bin\\httpd.exe"= TCP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
"TCP Query User{36A5EF4B-F9C3-43A5-A484-16DF665942C2}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{24BE2936-67B8-497D-8FDA-5AC65E1A9557}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"TCP Query User{DB9CB3C4-8404-494A-8F3C-A6CA82BA7F54}C:\\program files\\intuwave ltd\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime
"UDP Query User{72FCB7DE-0078-4ECE-B7A6-5E370C7A18AD}C:\\program files\\intuwave ltd\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys [2007-09-27 00:03]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-17 03:13]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-10-31 13:55]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-20 16:55]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 10:43]
R3 FiltUSBET;ET USB Device Lower Filter;C:\Windows\system32\DRIVERS\etFilter.sys [2007-10-15 09:39]
R3 ScanUSBET;ET USB Still Image Capture Device;C:\Windows\system32\DRIVERS\etScan.sys [2007-09-06 17:45]
S3 BthAvrcp;Profil AVRCP Bluetooth;C:\Windows\system32\DRIVERS\BthAvrcp.sys [2008-04-22 18:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364355a0-106e-11dd-87fe-806e6f6e6963}]
\shell\AutoRun\command - E:\livebox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-11 15:20:30 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-07-15 07:07:09 C:\Windows\Tasks\User_Feed_Synchronization-{6F89CBB1-07E2-4738-A64A-133B601B78E8}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 12:26:30
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\AsLdrSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-15 12:29:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 10:29:11
Pre-Run: 111,544,967,168 octets libres
Post-Run: 112,636,350,464 octets libres
345 --- E O F --- 2008-07-11 06:06:28
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assurez vous que la case "Unregister Dll 's and Ocx's" soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Windows\System32\acovcnt.exe
clique sur MoveIt! pour lancer la suppression. S'il propose de redémarrer votre PC, acceptez
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
repostes après un nouveau hijackthis merci
double-clique sur OTMoveIt.exe pour le lancer.
Assurez vous que la case "Unregister Dll 's and Ocx's" soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Windows\System32\acovcnt.exe
clique sur MoveIt! pour lancer la suppression. S'il propose de redémarrer votre PC, acceptez
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
repostes après un nouveau hijackthis merci
Merci beaucoup! Ca a l'air coriace cette chose, il ne veut pas s'effacer!
File move failed. C:\Windows\System32\acovcnt.exe scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_130310
Files moved on Reboot...
File move failed. C:\Windows\System32\acovcnt.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\acovcnt.exe scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_130310
Files moved on Reboot...
File move failed. C:\Windows\System32\acovcnt.exe scheduled to be moved on reboot.
