De nombreux soucis ...
makir
Messages postés
68
Date d'inscription
Statut
Membre
Dernière intervention
-
jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention -
jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour, depuis quelques temps, mon ordi rame de plus en plus et j'ai découvert de nombreux problèmes que j'énumères ci dessous :
Plein de problèmes comme celà : Le module spécifié est introuvable, ce sont des fichier.dll
Au redemerage de la machine, plus de barre des taches
Une machine super longe a réaliser des taches
Les programmes bug en plein moment et qui se ferme
Pourtant j'ai formaté il n'y a a peine un mois !
Je compte sur votre aide
ps ( je peux faire un rapport hijackthis)
Cordialement, Makir.
Plein de problèmes comme celà : Le module spécifié est introuvable, ce sont des fichier.dll
Au redemerage de la machine, plus de barre des taches
Une machine super longe a réaliser des taches
Les programmes bug en plein moment et qui se ferme
Pourtant j'ai formaté il n'y a a peine un mois !
Je compte sur votre aide
ps ( je peux faire un rapport hijackthis)
Cordialement, Makir.
A voir également:
- De nombreux soucis ...
- Www.facebook.com vous a redirigé à de trop nombreuses reprises - Forum Google Chrome
- Vous avez utilisé ce numéro de téléphone à de trop nombreuses reprises ✓ - Forum Gmail
- ERR_TOO_MANY_REDIRECTS - Forum Facebook
- Compte facebook inaccessible redirection vers facebook business ✓ - Forum Facebook
- Facebook err too many redirects - Forum Facebook
17 réponses
slt,
colles un rapport hijackhtis
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
colles un rapport hijackhtis
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Merci de la réponse si rapide, voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:26, on 03/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Axel\Program Files\DNA\btdna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\Axel\Downloads\WLinstaller(2).exe
C:\Program Files\Windows Live\installer\Dashboard.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Mumble\bin\dbus-daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 81.31.239.149 paypal.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {2AE97DD6-866B-43F9-A694-87165229A423} - C:\Users\Axel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K3Y2U59\3077htsbdjyf[1].dll
O2 - BHO: (no name) - {87c886e9-bda0-4215-91dd-c1b273ca4bce} - C:\Windows\system32\njahsa.dll
O2 - BHO: (no name) - {B083E381-0E0D-4937-9A58-0BCE412A1C20} - C:\Windows\system32\byXQGabx.dll
O2 - BHO: (no name) - {E63015D0-38E0-4AA3-94E7-F3FF982CA6D5} - C:\Windows\system32\tgyqojym.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyVNdBu.dll,#1
O4 - HKLM\..\Run: [BM5b105d7c] Rundll32.exe "C:\Windows\system32\mqpxfmdy.dll",s
O4 - HKLM\..\Run: [58236ee0] rundll32.exe "C:\Windows\system32\mvpplguv.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Axel\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BM5b105d7c] Rundll32.exe "C:\Users\Axel\AppData\Local\Temp\deqchphg.dll",s
O4 - HKCU\..\Run: [58236ee0] rundll32.exe "C:\Users\Axel\AppData\Local\Temp\asyvwfpn.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: PowerStrip.lnk = C:\Program Files\PowerStrip\PStrip.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: njahsa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:26, on 03/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Axel\Program Files\DNA\btdna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\Axel\Downloads\WLinstaller(2).exe
C:\Program Files\Windows Live\installer\Dashboard.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Mumble\bin\dbus-daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 81.31.239.149 paypal.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {2AE97DD6-866B-43F9-A694-87165229A423} - C:\Users\Axel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K3Y2U59\3077htsbdjyf[1].dll
O2 - BHO: (no name) - {87c886e9-bda0-4215-91dd-c1b273ca4bce} - C:\Windows\system32\njahsa.dll
O2 - BHO: (no name) - {B083E381-0E0D-4937-9A58-0BCE412A1C20} - C:\Windows\system32\byXQGabx.dll
O2 - BHO: (no name) - {E63015D0-38E0-4AA3-94E7-F3FF982CA6D5} - C:\Windows\system32\tgyqojym.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyVNdBu.dll,#1
O4 - HKLM\..\Run: [BM5b105d7c] Rundll32.exe "C:\Windows\system32\mqpxfmdy.dll",s
O4 - HKLM\..\Run: [58236ee0] rundll32.exe "C:\Windows\system32\mvpplguv.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Axel\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BM5b105d7c] Rundll32.exe "C:\Users\Axel\AppData\Local\Temp\deqchphg.dll",s
O4 - HKCU\..\Run: [58236ee0] rundll32.exe "C:\Users\Axel\AppData\Local\Temp\asyvwfpn.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: PowerStrip.lnk = C:\Program Files\PowerStrip\PStrip.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: njahsa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
slt
effectivement tu es gavé il faut dire norton c'est une passoire...
______
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
puis
télécharge RHost de S!ri http://siri.urz.free.fr/Softs/RHosts.exe
Double clique sur RHost.exe et clique restaurer ( ne fais pas la partie sur The Hoster )
_________
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
___________
remets un nouvel hijackhtis et dis tes soucis
effectivement tu es gavé il faut dire norton c'est une passoire...
______
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
puis
télécharge RHost de S!ri http://siri.urz.free.fr/Softs/RHosts.exe
Double clique sur RHost.exe et clique restaurer ( ne fais pas la partie sur The Hoster )
_________
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
___________
remets un nouvel hijackhtis et dis tes soucis
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tu fixe rien dans hijackthis. Et oui j' ai vu que tu es sous vista c'est pourquoi je te demande de désactiver ton compte utilisateur
bien j'ai fait combofix mais je n'ai pas pu restaurer le fichier HOSTS car le logiciel marche pas avec vista j'ai testé avec d'au d'autres logiciels il me dit " acces refusé " voici le rapport now :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:28, on 18/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PowerStrip\PStrip.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\Explorer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [58236ee0] rundll32.exe "C:\Windows\system32\fhwsqyud.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BM5b105d7c] Rundll32.exe "C:\Windows\system32\dugdexxj.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: PowerStrip.lnk = C:\Program Files\PowerStrip\PStrip.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:28, on 18/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PowerStrip\PStrip.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\Explorer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [58236ee0] rundll32.exe "C:\Windows\system32\fhwsqyud.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BM5b105d7c] Rundll32.exe "C:\Windows\system32\dugdexxj.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: PowerStrip.lnk = C:\Program Files\PowerStrip\PStrip.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
le rapport combofix svp!!!
__________
colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
__________
colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
ComboFix 08-08-17.03 - Axel 2008-08-18 13:11:27.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1037 [GMT 2:00]
Endroit: C:\Users\Axel\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
C:\Users\Axel\AppData\Local\Temp\asyvwfpn.dll
C:\Users\Axel\AppData\Local\Temp\gcxgapvw.dll
C:\Windows\system32\dlplorcd.ini
C:\Windows\system32\hoykqwmw.dll
C:\Windows\system32\imougxyy.dll
C:\Windows\system32\jxionltx.dll
C:\Windows\System32\lhxbwbbt.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mqpxfmdy.dll
C:\Windows\system32\mvpplguv.dll
C:\Windows\system32\njahsa.dll
C:\Windows\system32\phdadaxj.dll
C:\Windows\system32\rtxwdtng.dll
C:\Windows\system32\tbbwbxhl.dll
C:\Windows\system32\tgyqojym.dll
C:\Windows\system32\ulzqpt.dll
C:\Windows\system32\vuglppvm.ini
C:\Windows\system32\wvkewsgv.dll
C:\Windows\System32\xbaGQXyb.ini
C:\Windows\System32\xbaGQXyb.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 11:23 --------- d-----w C:\Users\Axel\AppData\Roaming\DNA
2008-08-18 11:22 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-08-18 11:19 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-03 09:54 268,800 ----a-w C:\Windows\System32\es.dll
2008-06-02 20:30 250,368 ------w C:\Windows\System32\byXQGabx.dll
2008-06-02 13:32 2,723,840 ----a-w C:\Windows\fraps.exe
2008-06-02 01:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-01 23:05 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-01 23:05 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-01 23:05 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-01 23:05 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-01 23:04 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-06-01 23:04 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-06-01 23:04 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-06-01 23:03 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-06-01 23:03 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-06-01 23:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-06-01 22:59 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-01 22:58 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-06-01 22:57 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-06-01 22:57 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-06-01 22:57 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-06-01 22:57 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-06-01 22:57 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-06-01 22:57 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-06-01 22:57 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-06-01 22:57 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-06-01 22:56 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-06-01 22:56 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-06-01 22:56 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-06-01 22:56 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-06-01 22:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-06-01 22:55 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-06-01 22:55 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-06-01 22:55 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-06-01 22:51 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-01 22:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-01 22:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-01 22:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-01 22:48 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-06-01 22:47 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-06-01 22:47 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-06-01 22:47 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-06-01 22:47 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-06-01 22:47 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-06-01 22:47 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-06-01 22:46 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-06-01 22:46 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-06-01 22:45 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-06-01 22:45 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-06-01 22:45 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-06-01 22:44 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-06-01 22:44 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-06-01 22:44 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-06-01 22:44 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-06-01 22:43 99,840 ----a-w C:\Windows\System32\poqexec.exe
2008-06-01 22:43 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-06-01 22:42 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-06-01 22:42 633,856 ----a-w C:\Windows\System32\user32.dll
2008-06-01 22:42 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-06-01 22:42 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-06-01 22:09 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-06-01 22:09 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-06-01 22:09 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-06-01 22:09 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-06-01 22:07 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-06-01 22:07 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-06-01 22:07 33,624 ----a-w C:\Windows\System32\wups.dll
2008-06-01 22:07 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-06-01 22:07 163,000 ----a-w C:\Windows\System32\wuwebv.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1051b759-8614-4a57-89f9-5c95cadd4bdb}]
2008-08-18 13:30 106496 --a------ C:\Windows\system32\sfhzqp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86566FCD-5C57-4187-B63C-416F2AFAEFE2}]
2008-06-02 22:30 250368 --------- C:\Windows\system32\byXQGabx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-02 00:46 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-02 00:44 342336]
"Steam"="c:\program files\steam\steam.exe" [2008-06-02 12:16 1271032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-16 00:17 778240]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-05-12 11:44 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-05-12 11:45 33136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:07 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:17 22696]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"58236ee0"="C:\Windows\system32\fhwsqyud.dll" [2008-08-18 13:30 84480]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"BM5b105d7c"="C:\Windows\system32\dugdexxj.dll" [2008-08-18 13:25 94208]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe]
C:\Users\Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe [2008-04-03 21:30:44 727288]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 13:44:06 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 23:48:42 2752512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\byXQGabx
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0BEADCF8-C4DC-45E3-9003-E88C57CD3F2E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{84F7C45E-A7DA-407F-9CA8-B741191938BC}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{15E6CCF4-8A13-47CB-A9D8-7134E69FBD66}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{55DEA2A3-12BE-4F13-B199-33197371DC34}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{A7A0575A-AFAD-4308-A698-68445B146B9F}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080813.001\IDSvix86.sys [2008-07-16 20:37]
R2 PStrip;PSTRIP;C:\Windows\system32\DRIVERS\PSTRIP.SYS [2007-07-15 03:37]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 10:31]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2006-11-25 00:38]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-02 12:18]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 14:39]
R3 UsbFltr;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys [2005-11-02 10:54]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 00:37]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 17:19]
S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 11:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60077414-0068-11dc-9466-806e6f6e6963}]
\shell\AutoRun\command - E:\AUTORUN.EXE
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {8BB7F11E-4F20-9E97-0350-0EEDEF3C3D89} /qb
.
- - - - ORPHANS REMOVED - - - -
BHO-{2AE97DD6-866B-43F9-A694-87165229A423} - C:\Users\Axel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K3Y2U59\3077htsbdjyf[1].dll
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-MSServer - C:\Windows\system32\xxyVNdBu.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Axel\AppData\Roaming\Mozilla\Firefox\Profiles\w5h9w9kd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Users\Axel\Program Files\DNA\plugins\npbtdna.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 13:23:35
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\fhwsqyud.dll
-> C:\Windows\system32\dugdexxj.dll
-> C:\Windows\system32\byXQGabx.dll
.
Temps d'accomplissement: 2008-08-18 13:33:55
ComboFix-quarantined-files.txt 2008-08-18 11:32:19
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 83,151,855,616 octets libres
220 --- E O F --- 2008-06-03 09:56:59
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1037 [GMT 2:00]
Endroit: C:\Users\Axel\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
C:\Users\Axel\AppData\Local\Temp\asyvwfpn.dll
C:\Users\Axel\AppData\Local\Temp\gcxgapvw.dll
C:\Windows\system32\dlplorcd.ini
C:\Windows\system32\hoykqwmw.dll
C:\Windows\system32\imougxyy.dll
C:\Windows\system32\jxionltx.dll
C:\Windows\System32\lhxbwbbt.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mqpxfmdy.dll
C:\Windows\system32\mvpplguv.dll
C:\Windows\system32\njahsa.dll
C:\Windows\system32\phdadaxj.dll
C:\Windows\system32\rtxwdtng.dll
C:\Windows\system32\tbbwbxhl.dll
C:\Windows\system32\tgyqojym.dll
C:\Windows\system32\ulzqpt.dll
C:\Windows\system32\vuglppvm.ini
C:\Windows\system32\wvkewsgv.dll
C:\Windows\System32\xbaGQXyb.ini
C:\Windows\System32\xbaGQXyb.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 11:23 --------- d-----w C:\Users\Axel\AppData\Roaming\DNA
2008-08-18 11:22 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-08-18 11:19 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-03 09:54 268,800 ----a-w C:\Windows\System32\es.dll
2008-06-02 20:30 250,368 ------w C:\Windows\System32\byXQGabx.dll
2008-06-02 13:32 2,723,840 ----a-w C:\Windows\fraps.exe
2008-06-02 01:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-01 23:05 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-01 23:05 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-01 23:05 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-01 23:05 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-01 23:04 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-06-01 23:04 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-06-01 23:04 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-06-01 23:03 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-06-01 23:03 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-06-01 23:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-06-01 22:59 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-01 22:58 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-06-01 22:57 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-06-01 22:57 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-06-01 22:57 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-06-01 22:57 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-06-01 22:57 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-06-01 22:57 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-06-01 22:57 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-06-01 22:57 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-06-01 22:56 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-06-01 22:56 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-06-01 22:56 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-06-01 22:56 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-06-01 22:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-06-01 22:55 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-06-01 22:55 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-06-01 22:55 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-06-01 22:51 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-01 22:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-01 22:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-01 22:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-01 22:48 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-06-01 22:47 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-06-01 22:47 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-06-01 22:47 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-06-01 22:47 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-06-01 22:47 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-06-01 22:47 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-06-01 22:46 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-06-01 22:46 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-06-01 22:45 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-06-01 22:45 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-06-01 22:45 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-06-01 22:44 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-06-01 22:44 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-06-01 22:44 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-06-01 22:44 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-06-01 22:43 99,840 ----a-w C:\Windows\System32\poqexec.exe
2008-06-01 22:43 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-06-01 22:42 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-06-01 22:42 633,856 ----a-w C:\Windows\System32\user32.dll
2008-06-01 22:42 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-06-01 22:42 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-06-01 22:09 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-06-01 22:09 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-06-01 22:09 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-06-01 22:09 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-06-01 22:07 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-06-01 22:07 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-06-01 22:07 33,624 ----a-w C:\Windows\System32\wups.dll
2008-06-01 22:07 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-06-01 22:07 163,000 ----a-w C:\Windows\System32\wuwebv.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1051b759-8614-4a57-89f9-5c95cadd4bdb}]
2008-08-18 13:30 106496 --a------ C:\Windows\system32\sfhzqp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86566FCD-5C57-4187-B63C-416F2AFAEFE2}]
2008-06-02 22:30 250368 --------- C:\Windows\system32\byXQGabx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-02 00:46 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-02 00:44 342336]
"Steam"="c:\program files\steam\steam.exe" [2008-06-02 12:16 1271032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-16 00:17 778240]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-05-12 11:44 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-05-12 11:45 33136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:07 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:17 22696]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"58236ee0"="C:\Windows\system32\fhwsqyud.dll" [2008-08-18 13:30 84480]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"BM5b105d7c"="C:\Windows\system32\dugdexxj.dll" [2008-08-18 13:25 94208]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe]
C:\Users\Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe [2008-04-03 21:30:44 727288]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 13:44:06 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 23:48:42 2752512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\byXQGabx
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0BEADCF8-C4DC-45E3-9003-E88C57CD3F2E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{84F7C45E-A7DA-407F-9CA8-B741191938BC}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{15E6CCF4-8A13-47CB-A9D8-7134E69FBD66}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{55DEA2A3-12BE-4F13-B199-33197371DC34}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{A7A0575A-AFAD-4308-A698-68445B146B9F}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080813.001\IDSvix86.sys [2008-07-16 20:37]
R2 PStrip;PSTRIP;C:\Windows\system32\DRIVERS\PSTRIP.SYS [2007-07-15 03:37]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 10:31]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2006-11-25 00:38]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-02 12:18]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 14:39]
R3 UsbFltr;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys [2005-11-02 10:54]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 00:37]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 17:19]
S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 11:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60077414-0068-11dc-9466-806e6f6e6963}]
\shell\AutoRun\command - E:\AUTORUN.EXE
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {8BB7F11E-4F20-9E97-0350-0EEDEF3C3D89} /qb
.
- - - - ORPHANS REMOVED - - - -
BHO-{2AE97DD6-866B-43F9-A694-87165229A423} - C:\Users\Axel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K3Y2U59\3077htsbdjyf[1].dll
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-MSServer - C:\Windows\system32\xxyVNdBu.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Axel\AppData\Roaming\Mozilla\Firefox\Profiles\w5h9w9kd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Users\Axel\Program Files\DNA\plugins\npbtdna.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 13:23:35
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\fhwsqyud.dll
-> C:\Windows\system32\dugdexxj.dll
-> C:\Windows\system32\byXQGabx.dll
.
Temps d'accomplissement: 2008-08-18 13:33:55
ComboFix-quarantined-files.txt 2008-08-18 11:32:19
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 83,151,855,616 octets libres
220 --- E O F --- 2008-06-03 09:56:59
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\system32\fhwsqyud.dll
C:\Windows\system32\dugdexxj.dll
C:\Windows\system32\byXQGabx.dll
C:\Windows\system32\sfhzqp.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1051b759-8614-4a57-89f9-5c95cadd4bdb}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86566FCD-5C57-4187-B63C-416F2AFAEFE2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"58236ee0"=-
"BM5b105d7c"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________
colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
Remets aussi un rapport Hijackthis
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\system32\fhwsqyud.dll
C:\Windows\system32\dugdexxj.dll
C:\Windows\system32\byXQGabx.dll
C:\Windows\system32\sfhzqp.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1051b759-8614-4a57-89f9-5c95cadd4bdb}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86566FCD-5C57-4187-B63C-416F2AFAEFE2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"58236ee0"=-
"BM5b105d7c"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________
colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
Remets aussi un rapport Hijackthis
Voillà son contenu :
ComboFix 08-08-17.03 - Axel 2008-08-18 14:31:18.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1057 [GMT 2:00]
Endroit: C:\Users\Axel\Downloads\ComboFix.exe
Command switches used :: C:\Users\Axel\Desktop\CFscript.txt
FILE ::
C:\Windows\system32\byXQGabx.dll
C:\Windows\system32\dugdexxj.dll
C:\Windows\system32\fhwsqyud.dll
C:\Windows\system32\sfhzqp.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\aqbwdcdb.exe
C:\Windows\system32\byXQGabx.dll
C:\Windows\system32\dugdexxj.dll
C:\Windows\system32\duyqswhf.ini
C:\Windows\system32\fhwsqyud.dll
C:\Windows\system32\gahrslth.dll
C:\Windows\system32\sfhzqp.dll
C:\Windows\system32\xbaGQXyb.ini
C:\Windows\System32\xbaGQXyb.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 12:42 --------- d-----w C:\Users\Axel\AppData\Roaming\DNA
2008-08-18 12:42 --------- d-----w C:\Program Files\DNA
2008-08-18 12:17 --------- d-----w C:\ProgramData\Symantec
2008-08-18 11:44 --------- d-----w C:\Users\Axel\AppData\Roaming\Malwarebytes
2008-08-18 11:44 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-18 11:44 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 11:25 --------- d-----w C:\Program Files\Steam
2008-08-18 11:19 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-02 13:32 2,723,840 ----a-w C:\Windows\fraps.exe
2008-06-02 01:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-01 22:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-18_13.31.18.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 11:11:02 6,119,424 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-08-18 12:30:54 6,119,424 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-08-18 11:15:07 6,119,424 ----a-w C:\Windows\erdnt\subs\SCHEMA.DAT
+ 2008-08-18 12:37:36 6,119,424 ----a-w C:\Windows\erdnt\subs\SCHEMA.DAT
- 2008-08-18 11:22:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-18 12:41:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-18 12:41:55 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-18 11:22:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-18 12:41:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-18 12:41:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-18 11:22:22 45,056 ----a-w C:\Windows\System32\acovcnt.exe
+ 2008-08-18 12:41:52 45,056 ----a-w C:\Windows\System32\acovcnt.exe
- 2008-06-03 10:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-18 12:37:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-03 10:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-18 12:37:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-03 10:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-18 12:37:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-02 23:30:14 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-18 11:32:55 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-02 23:30:14 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-08-18 11:32:55 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-02 23:30:14 114,252 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-08-18 11:32:55 114,252 ----a-w C:\Windows\System32\perfc010.dat
- 2008-06-02 23:30:14 122,206 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-08-18 11:32:55 122,206 ----a-w C:\Windows\System32\perfc013.dat
- 2008-06-02 23:30:14 84,914 ----a-w C:\Windows\System32\perfc019.dat
+ 2008-08-18 11:32:56 84,914 ----a-w C:\Windows\System32\perfc019.dat
- 2008-06-02 23:30:14 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-18 11:32:55 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-02 23:30:14 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-08-18 11:32:55 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-02 23:30:14 672,610 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-08-18 11:32:55 672,610 ----a-w C:\Windows\System32\perfh010.dat
- 2008-06-02 23:30:14 678,918 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-08-18 11:32:56 678,918 ----a-w C:\Windows\System32\perfh013.dat
- 2008-06-02 23:30:14 518,418 ----a-w C:\Windows\System32\perfh019.dat
+ 2008-08-18 11:32:56 518,418 ----a-w C:\Windows\System32\perfh019.dat
- 2008-08-18 11:19:41 6,119,424 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-08-18 12:37:36 6,119,424 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-06-02 23:24:18 2,530 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3309367389-4246330917-1884741628-1000_UserData.bin
+ 2008-08-18 11:26:30 2,964 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3309367389-4246330917-1884741628-1000_UserData.bin
- 2008-06-02 23:24:18 56,390 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-18 11:26:30 59,148 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-02 00:46 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-02 00:44 342336]
"Steam"="c:\program files\steam\steam.exe" [2008-06-02 12:16 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-16 00:17 778240]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-05-12 11:44 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-05-12 11:45 33136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:07 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:17 22696]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe]
C:\Users\Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe [2008-04-03 21:30:44 727288]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 13:44:06 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 23:48:42 2752512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0BEADCF8-C4DC-45E3-9003-E88C57CD3F2E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{84F7C45E-A7DA-407F-9CA8-B741191938BC}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{15E6CCF4-8A13-47CB-A9D8-7134E69FBD66}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{55DEA2A3-12BE-4F13-B199-33197371DC34}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{A7A0575A-AFAD-4308-A698-68445B146B9F}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080813.001\IDSvix86.sys [2008-07-16 20:37]
R2 PStrip;PSTRIP;C:\Windows\system32\DRIVERS\PSTRIP.SYS [2007-07-15 03:37]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 10:31]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2006-11-25 00:38]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 14:39]
R3 UsbFltr;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys [2005-11-02 10:54]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 00:37]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-02 12:18]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 17:19]
S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 11:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60077414-0068-11dc-9466-806e6f6e6963}]
\shell\AutoRun\command - E:\AUTORUN.EXE
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {8BB7F11E-4F20-9E97-0350-0EEDEF3C3D89} /qb
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 14:42:03
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-18 14:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 12:50:48
ComboFix2.txt 2008-08-18 11:33:57
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 81,910,956,032 octets libres
215 --- E O F --- 2008-06-03 09:56:59
Je m'attaque maintenant au scan avec malware byte cela va etre long je pense...
ComboFix 08-08-17.03 - Axel 2008-08-18 14:31:18.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1057 [GMT 2:00]
Endroit: C:\Users\Axel\Downloads\ComboFix.exe
Command switches used :: C:\Users\Axel\Desktop\CFscript.txt
FILE ::
C:\Windows\system32\byXQGabx.dll
C:\Windows\system32\dugdexxj.dll
C:\Windows\system32\fhwsqyud.dll
C:\Windows\system32\sfhzqp.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\aqbwdcdb.exe
C:\Windows\system32\byXQGabx.dll
C:\Windows\system32\dugdexxj.dll
C:\Windows\system32\duyqswhf.ini
C:\Windows\system32\fhwsqyud.dll
C:\Windows\system32\gahrslth.dll
C:\Windows\system32\sfhzqp.dll
C:\Windows\system32\xbaGQXyb.ini
C:\Windows\System32\xbaGQXyb.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 12:42 --------- d-----w C:\Users\Axel\AppData\Roaming\DNA
2008-08-18 12:42 --------- d-----w C:\Program Files\DNA
2008-08-18 12:17 --------- d-----w C:\ProgramData\Symantec
2008-08-18 11:44 --------- d-----w C:\Users\Axel\AppData\Roaming\Malwarebytes
2008-08-18 11:44 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-18 11:44 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 11:25 --------- d-----w C:\Program Files\Steam
2008-08-18 11:19 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-02 13:32 2,723,840 ----a-w C:\Windows\fraps.exe
2008-06-02 01:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-01 22:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-18_13.31.18.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 11:11:02 6,119,424 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-08-18 12:30:54 6,119,424 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-08-18 11:15:07 6,119,424 ----a-w C:\Windows\erdnt\subs\SCHEMA.DAT
+ 2008-08-18 12:37:36 6,119,424 ----a-w C:\Windows\erdnt\subs\SCHEMA.DAT
- 2008-08-18 11:22:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-18 12:41:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-18 12:41:55 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-18 11:22:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-18 12:41:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-18 12:41:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-18 11:22:22 45,056 ----a-w C:\Windows\System32\acovcnt.exe
+ 2008-08-18 12:41:52 45,056 ----a-w C:\Windows\System32\acovcnt.exe
- 2008-06-03 10:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-18 12:37:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-03 10:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-18 12:37:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-03 10:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-18 12:37:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-02 23:30:14 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-18 11:32:55 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-02 23:30:14 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-08-18 11:32:55 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-02 23:30:14 114,252 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-08-18 11:32:55 114,252 ----a-w C:\Windows\System32\perfc010.dat
- 2008-06-02 23:30:14 122,206 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-08-18 11:32:55 122,206 ----a-w C:\Windows\System32\perfc013.dat
- 2008-06-02 23:30:14 84,914 ----a-w C:\Windows\System32\perfc019.dat
+ 2008-08-18 11:32:56 84,914 ----a-w C:\Windows\System32\perfc019.dat
- 2008-06-02 23:30:14 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-18 11:32:55 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-02 23:30:14 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-08-18 11:32:55 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-02 23:30:14 672,610 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-08-18 11:32:55 672,610 ----a-w C:\Windows\System32\perfh010.dat
- 2008-06-02 23:30:14 678,918 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-08-18 11:32:56 678,918 ----a-w C:\Windows\System32\perfh013.dat
- 2008-06-02 23:30:14 518,418 ----a-w C:\Windows\System32\perfh019.dat
+ 2008-08-18 11:32:56 518,418 ----a-w C:\Windows\System32\perfh019.dat
- 2008-08-18 11:19:41 6,119,424 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-08-18 12:37:36 6,119,424 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-06-02 23:24:18 2,530 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3309367389-4246330917-1884741628-1000_UserData.bin
+ 2008-08-18 11:26:30 2,964 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3309367389-4246330917-1884741628-1000_UserData.bin
- 2008-06-02 23:24:18 56,390 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-18 11:26:30 59,148 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-02 00:46 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-02 00:44 342336]
"Steam"="c:\program files\steam\steam.exe" [2008-06-02 12:16 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-16 00:17 778240]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-05-12 11:44 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-05-12 11:45 33136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:07 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:17 22696]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe]
C:\Users\Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe [2008-04-03 21:30:44 727288]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 13:44:06 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 23:48:42 2752512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0BEADCF8-C4DC-45E3-9003-E88C57CD3F2E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{84F7C45E-A7DA-407F-9CA8-B741191938BC}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{15E6CCF4-8A13-47CB-A9D8-7134E69FBD66}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{55DEA2A3-12BE-4F13-B199-33197371DC34}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{A7A0575A-AFAD-4308-A698-68445B146B9F}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080813.001\IDSvix86.sys [2008-07-16 20:37]
R2 PStrip;PSTRIP;C:\Windows\system32\DRIVERS\PSTRIP.SYS [2007-07-15 03:37]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 10:31]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2006-11-25 00:38]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 14:39]
R3 UsbFltr;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys [2005-11-02 10:54]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 00:37]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-02 12:18]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 17:19]
S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 11:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60077414-0068-11dc-9466-806e6f6e6963}]
\shell\AutoRun\command - E:\AUTORUN.EXE
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {8BB7F11E-4F20-9E97-0350-0EEDEF3C3D89} /qb
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 14:42:03
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-18 14:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 12:50:48
ComboFix2.txt 2008-08-18 11:33:57
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 81,910,956,032 octets libres
215 --- E O F --- 2008-06-03 09:56:59
Je m'attaque maintenant au scan avec malware byte cela va etre long je pense...
Voici le rapport MALWARE
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1065
Windows 6.0.6000
15:06:44 18/08/2008
mbam-log-08-18-2008 (15-06-44).txt
Type de recherche: Examen rapide
Eléments examinés: 36293
Temps écoulé: 8 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ET celui de HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:29, on 18/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PowerStrip\PStrip.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: PowerStrip.lnk = C:\Program Files\PowerStrip\PStrip.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1065
Windows 6.0.6000
15:06:44 18/08/2008
mbam-log-08-18-2008 (15-06-44).txt
Type de recherche: Examen rapide
Eléments examinés: 36293
Temps écoulé: 8 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ET celui de HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:29, on 18/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PowerStrip\PStrip.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: PowerStrip.lnk = C:\Program Files\PowerStrip\PStrip.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
le rapport est bon
encore des soucis???
_______
pour malwarebyte il faut le refaire et faire un scan complet et pas un rapide
_______
puis pour etre sûr qu'il reste rien:
colle un scan en ligne avec un des deux suivant:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
encore des soucis???
_______
pour malwarebyte il faut le refaire et faire un scan complet et pas un rapide
_______
puis pour etre sûr qu'il reste rien:
colle un scan en ligne avec un des deux suivant:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
ok
pour malwarebyte il faut le refaire et faire un scan complet et pas un rapide
_______
puis pour etre sûr qu'il reste rien:
colle un scan en ligne avec un des deux suivant:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
pour malwarebyte il faut le refaire et faire un scan complet et pas un rapide
_______
puis pour etre sûr qu'il reste rien:
colle un scan en ligne avec un des deux suivant:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr