Win32:Agent-ABLQ [Trj]
Soufcool
-
hooligan63780 Messages postés 867 Statut Membre -
hooligan63780 Messages postés 867 Statut Membre -
Bonjour.
J'utilise Vista 32 bits et l'anti-virus Avast! lequel me détecte le troyen Win32:Agent-ABLQ dans le fichier suivant : C:\Windows\Installer\1800326.msi\Icon.ARPPRODUCTICON.exe. Impossible toutefois de supprimer le fichier (de même pour le .msi complet). Je vous joins mon rapport de HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:27, on 14/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\conime.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\INSTALL\UTILS\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - S-1-5-21-3072910097-2753795572-4256524432-1001 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Sebcool')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'ℑ au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
J'utilise Vista 32 bits et l'anti-virus Avast! lequel me détecte le troyen Win32:Agent-ABLQ dans le fichier suivant : C:\Windows\Installer\1800326.msi\Icon.ARPPRODUCTICON.exe. Impossible toutefois de supprimer le fichier (de même pour le .msi complet). Je vous joins mon rapport de HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:27, on 14/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\conime.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\INSTALL\UTILS\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - S-1-5-21-3072910097-2753795572-4256524432-1001 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Sebcool')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'ℑ au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
5 réponses
salut télécharge combofix (par sUBs) à cette adresse :
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
Pour info, le lien que tu donnes pour le tutorial n'est plus valide (la page n'existe plus).
Voici le rapport généré par ComboFix :
ComboFix 08-09-14.01 - Soufcool 2008-09-14 22:58:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1740 [GMT 2:00]
Lancé depuis: C:\Users\Soufcool\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-14 au 2008-09-14 ))))))))))))))))))))))))))))))))))))
.
2008-09-14 22:36 . 2008-09-14 22:36 <REP> d-------- C:\Program Files\Musicmatch
2008-09-14 20:16 . 2008-09-14 20:16 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Intel
2008-09-14 20:15 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Searches
2008-09-14 20:15 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Contacts
2008-09-14 20:15 . 2008-09-14 20:15 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Dell
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Videos
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Saved Games
2008-09-14 20:14 . 2008-08-16 19:12 <REP> d-------- C:\Users\Sebcool\Roaming
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Pictures
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Music
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Links
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Downloads
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Documents
2008-09-14 20:14 . 2006-11-02 14:37 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Media Center Programs
2008-09-14 20:14 . 2008-09-14 20:15 <REP> d--h----- C:\Users\Sebcool\AppData
2008-09-14 20:14 . 2008-09-14 20:15 <REP> d-------- C:\Users\Sebcool
2008-09-09 22:29 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 22:29 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 22:29 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 22:29 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 22:29 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 22:29 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 22:29 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 22:29 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 22:29 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-02 00:06 . 2008-09-02 00:07 <REP> d-------- C:\Program Files\OpenOfficePortable
2008-08-30 17:07 . 2008-08-30 17:07 233 --a------ C:\Windows\System32\'
2008-08-30 17:02 . 2004-06-26 13:22 6,016 --a------ C:\Windows\System32\drivers\vnccom.SYS
2008-08-30 17:01 . 2005-06-10 22:02 12,800 --a------ C:\Windows\System32\vncdrv.dll
2008-08-30 17:01 . 2004-06-26 13:21 5,760 --a------ C:\Windows\System32\vnchelp.dll
2008-08-30 17:01 . 2004-06-26 13:22 4,736 --a------ C:\Windows\System32\drivers\vncdrv.sys
2008-08-30 16:14 . 2008-08-30 16:14 <REP> d-------- C:\Program Files\Age of Conan Quick Start
2008-08-28 22:58 . 2008-08-28 22:58 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-08-28 22:50 . 2008-08-28 22:50 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-08-26 19:51 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 19:51 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 19:51 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 19:51 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 19:51 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 19:51 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 19:51 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 19:51 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 19:51 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 23:13 . 2008-08-24 23:13 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\CyberLink
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-08-24 11:34 . 2008-08-24 11:34 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\teamspeak2
2008-08-24 11:34 . 2008-08-24 11:34 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-08-24 11:34 . 2008-08-24 11:34 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-08-23 18:58 . 2008-08-23 18:58 <REP> dr-h----- C:\Users\Soufcool\AppData\Roaming\SecuROM
2008-08-23 14:54 . 2004-12-20 20:37 20,016 --------- C:\Windows\System32\drivers\pxhelp20.sys
2008-08-23 14:53 . 2008-08-23 14:56 <REP> d-------- C:\Program Files\Winamp
2008-08-23 14:53 . 2008-08-23 15:11 155 --a------ C:\Windows\winamp.ini
2008-08-23 14:01 . 2008-08-23 14:01 <REP> d-------- C:\temp
2008-08-23 13:46 . 2008-08-23 13:46 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\InstallShield
2008-08-23 12:55 . 2008-08-23 12:55 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-08-23 12:54 . 2008-08-23 12:55 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-23 12:26 . 2008-08-23 12:26 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\DAEMON Tools
2008-08-23 12:26 . 2008-08-23 12:26 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-08-23 10:56 . 2008-09-14 20:59 <REP> d-------- C:\INSTALL
2008-08-22 21:24 . 2008-09-14 16:01 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\skypePM
2008-08-22 21:12 . 2008-09-14 22:54 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Users\All Users\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\ProgramData\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Program Files\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Program Files\Common Files\Skype
2008-08-22 18:53 . 2008-08-22 18:53 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\vlc
2008-08-22 18:44 . 2008-08-22 18:44 <REP> d-------- C:\Program Files\VideoLAN
2008-08-22 12:35 . 2008-08-22 12:35 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-22 10:49 . 2008-09-14 20:16 78,396 --a------ C:\Users\All Users\nvModes.dat
2008-08-22 10:49 . 2008-09-14 20:16 78,396 --a------ C:\ProgramData\nvModes.dat
2008-08-22 10:44 . 2008-08-22 10:44 <REP> d-------- C:\Windows\nvtmpinst
2008-08-22 10:42 . 2008-08-22 10:42 <REP> d-------- C:\NVIDIA
2008-08-22 10:32 . 2008-08-22 10:34 28,124 --a------ C:\Users\Soufcool\AppData\Roaming\nvModes.dat
2008-08-22 10:20 . 2008-08-22 10:20 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Creative
2008-08-22 01:48 . 2008-09-05 21:51 137,656 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-08-22 01:48 . 2008-09-09 23:00 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-08-22 01:48 . 2008-08-22 12:49 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-08-22 01:48 . 2008-08-22 01:48 22,328 --a------ C:\Users\Soufcool\AppData\Roaming\PnkBstrK.sys
2008-08-22 01:48 . 2008-08-22 01:48 299 --a------ C:\Windows\game.ini
2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\SystemRequirementsLab
2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-08-21 19:31 . 2008-08-23 14:01 <REP> d-------- C:\Users\All Users\media center programs
2008-08-21 19:31 . 2008-08-23 14:01 <REP> d-------- C:\ProgramData\media center programs
2008-08-21 18:42 . 2008-08-21 18:42 <REP> d-------- C:\Users\All Users\Funcom
2008-08-21 18:42 . 2008-08-21 18:42 <REP> d-------- C:\ProgramData\Funcom
2008-08-21 18:30 . 2008-08-21 18:30 <REP> d-------- C:\Program Files\Alwil Software
2008-08-21 18:30 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-21 18:19 . 2008-08-21 18:19 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Intel
2008-08-21 18:15 . 2008-08-21 18:21 <REP> d-------- C:\DOWNLOADS
2008-08-21 18:00 . 2008-09-07 11:25 <REP> d-------- C:\JEUX
2008-08-21 17:40 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-21 17:33 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-21 17:32 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-21 17:32 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-21 16:38 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Searches
2008-08-21 16:38 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Contacts
2008-08-21 16:38 . 2008-08-21 16:38 <REP> d-------- C:\Users\Soufcool\Bluetooth Software
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Videos
2008-08-21 16:37 . 2008-09-02 00:25 <REP> dr------- C:\Users\Soufcool\Saved Games
2008-08-21 16:37 . 2008-08-16 19:12 <REP> d-------- C:\Users\Soufcool\Roaming
2008-08-21 16:37 . 2008-09-14 12:20 <REP> dr------- C:\Users\Soufcool\Pictures
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Music
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Links
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Downloads
2008-08-21 16:37 . 2008-09-14 13:57 <REP> dr------- C:\Users\Soufcool\Documents
2008-08-21 16:37 . 2006-11-02 14:37 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Media Center Programs
2008-08-21 16:37 . 2008-08-21 16:37 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Dell
2008-08-21 16:37 . 2008-08-21 16:37 <REP> d--h----- C:\Users\Soufcool\AppData
2008-08-21 16:37 . 2008-09-05 21:13 <REP> d-------- C:\Users\Soufcool
2008-08-21 16:37 . 2008-08-21 16:37 720,896 --a------ C:\Windows\IMAPIShellExt.dll
2008-08-21 16:37 . 2008-08-21 16:37 81,920 --a------ C:\Windows\BurnImage.exe
2008-08-21 16:34 . 2008-08-21 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-08-17 03:55 . 2008-08-17 03:55 <REP> d-------- C:\Program Files\Synaptics
2008-08-17 03:54 . 2008-08-17 03:54 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-08-17 03:54 . 2008-08-17 03:54 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-08-17 03:54 . 2008-08-17 03:54 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-08-17 03:54 . 2008-08-17 03:54 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-08-17 03:53 . 2008-08-17 03:53 2,032,128 --a------ C:\Windows\System32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 15:50 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Modèles
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Favoris
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Documents
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Bureau
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Application Data
2008-08-21 14:34 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-02 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-07-02 92704]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-07-02 92704]
C:\Users\Soufcool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]
C:\Users\Sebcool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-08-16 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-16 19:27 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ageofconan.exe]
"Debugger"="C:\Program Files\Age of Conan Quick Start\aoclaunch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{09BA8EB3-AF62-41C6-AA68-AF1AAD9888CB}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{5988D471-DC0E-47EB-80AF-92FE1BCDE4B9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A6B934A0-82E3-4944-BB3D-55D9E0F4C710}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{3E57AF78-D278-4107-9B5B-F42F4FB66C23}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{99105F93-B664-4062-BCC6-8230FA00262F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{671DC034-C9A8-42DE-A58F-EFC24FE68E03}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2143CB58-4D09-4944-872A-33296E6A0F1F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{CEEE033B-9680-494F-86C4-C1B40B969AD8}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8DE662E6-5469-43EB-90E5-0F67BB33D226}"= UDP:C:\JEUX\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{BB307440-3E3C-4CB2-A30A-D211A64E4B98}"= TCP:C:\JEUX\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7801CF11-E74C-4EE8-B7C6-67C12367AC86}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{29AAA1CF-96C9-4405-B8DF-9120979B6049}"= UDP:C:\JEUX\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{811C07F1-C0F1-47BA-9603-8508C76462FA}"= TCP:C:\JEUX\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E164334F-1AB2-4AAC-A868-DC7CDF1BCF4F}"= UDP:C:\JEUX\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{F4CE319C-0BB1-4E98-A0AA-0CFBAE652584}"= TCP:C:\JEUX\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"TCP Query User{7581FF24-4EE7-4BC9-8631-66E38D63C13E}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{EC8022FD-DD44-4B5A-8026-F5CF8056A06F}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"TCP Query User{EF43351F-2C43-4CDE-900D-5E697479D1B2}C:\\users\\soufcool\\desktop\\war europe downloader.exe"= UDP:C:\users\soufcool\desktop\war europe downloader.exe:war europe downloader.exe
"UDP Query User{EF5E3A78-5FD4-45A8-A71B-37FE8B54DB3A}C:\\users\\soufcool\\desktop\\war europe downloader.exe"= TCP:C:\users\soufcool\desktop\war europe downloader.exe:war europe downloader.exe
"TCP Query User{FD2D6A06-1B24-4F5B-A65C-C29FAEA3AAF5}C:\\jeux\\magic the gathering - battlegrounds\\system\\mtgbattlegrounds.exe"= UDP:C:\jeux\magic the gathering - battlegrounds\system\mtgbattlegrounds.exe:MTGBattlegrounds
"UDP Query User{C33A67EA-EF9E-4196-9961-501809319756}C:\\jeux\\magic the gathering - battlegrounds\\system\\mtgbattlegrounds.exe"= TCP:C:\jeux\magic the gathering - battlegrounds\system\mtgbattlegrounds.exe:MTGBattlegrounds
"TCP Query User{0C1DB6F8-68A8-49DC-845E-556C30D4BC25}G:\\sauve d shuttle\\emule\\emule.exe"= UDP:G:\sauve d shuttle\emule\emule.exe:eMule
"UDP Query User{D7A8D122-9E33-40F1-BB42-9BD21EC5F09A}G:\\sauve d shuttle\\emule\\emule.exe"= TCP:G:\sauve d shuttle\emule\emule.exe:eMule
"{3961AA33-843C-4E69-A03E-5C0D1F46645C}"= UDP:16010:Forged Alliance
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]
R3 physX32;physX32;C:\Windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b082fef-70fe-11dd-a579-001fe2da21d5}]
\shell\AutoRun\command - E:\autorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Soufcool\AppData\Roaming\Mozilla\Firefox\Profiles\4gkch86d.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF -: plugin - C:\Users\Soufcool\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 23:00:31
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-14 23:01:30
ComboFix-quarantined-files.txt 2008-09-14 21:01:27
Avant-CF: 236,739,461,120 octets libres
AprŠs-CF: 237,211,262,976 octets libres
267 --- E O F --- 2008-09-10 00:26:30
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
Et voici le rapport généré par HiJackThis après le passage de ComboFix :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:11, on 14/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\INSTALL\UTILS\Jack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - S-1-5-21-3072910097-2753795572-4256524432-1001 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Sebcool')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
Voici le rapport généré par ComboFix :
ComboFix 08-09-14.01 - Soufcool 2008-09-14 22:58:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1740 [GMT 2:00]
Lancé depuis: C:\Users\Soufcool\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-14 au 2008-09-14 ))))))))))))))))))))))))))))))))))))
.
2008-09-14 22:36 . 2008-09-14 22:36 <REP> d-------- C:\Program Files\Musicmatch
2008-09-14 20:16 . 2008-09-14 20:16 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Intel
2008-09-14 20:15 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Searches
2008-09-14 20:15 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Contacts
2008-09-14 20:15 . 2008-09-14 20:15 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Dell
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Videos
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Saved Games
2008-09-14 20:14 . 2008-08-16 19:12 <REP> d-------- C:\Users\Sebcool\Roaming
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Pictures
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Music
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Links
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Downloads
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Documents
2008-09-14 20:14 . 2006-11-02 14:37 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Media Center Programs
2008-09-14 20:14 . 2008-09-14 20:15 <REP> d--h----- C:\Users\Sebcool\AppData
2008-09-14 20:14 . 2008-09-14 20:15 <REP> d-------- C:\Users\Sebcool
2008-09-09 22:29 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 22:29 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 22:29 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 22:29 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 22:29 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 22:29 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 22:29 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 22:29 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 22:29 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-02 00:06 . 2008-09-02 00:07 <REP> d-------- C:\Program Files\OpenOfficePortable
2008-08-30 17:07 . 2008-08-30 17:07 233 --a------ C:\Windows\System32\'
2008-08-30 17:02 . 2004-06-26 13:22 6,016 --a------ C:\Windows\System32\drivers\vnccom.SYS
2008-08-30 17:01 . 2005-06-10 22:02 12,800 --a------ C:\Windows\System32\vncdrv.dll
2008-08-30 17:01 . 2004-06-26 13:21 5,760 --a------ C:\Windows\System32\vnchelp.dll
2008-08-30 17:01 . 2004-06-26 13:22 4,736 --a------ C:\Windows\System32\drivers\vncdrv.sys
2008-08-30 16:14 . 2008-08-30 16:14 <REP> d-------- C:\Program Files\Age of Conan Quick Start
2008-08-28 22:58 . 2008-08-28 22:58 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-08-28 22:50 . 2008-08-28 22:50 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-08-26 19:51 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 19:51 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 19:51 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 19:51 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 19:51 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 19:51 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 19:51 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 19:51 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 19:51 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 23:13 . 2008-08-24 23:13 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\CyberLink
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-08-24 11:34 . 2008-08-24 11:34 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\teamspeak2
2008-08-24 11:34 . 2008-08-24 11:34 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-08-24 11:34 . 2008-08-24 11:34 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-08-23 18:58 . 2008-08-23 18:58 <REP> dr-h----- C:\Users\Soufcool\AppData\Roaming\SecuROM
2008-08-23 14:54 . 2004-12-20 20:37 20,016 --------- C:\Windows\System32\drivers\pxhelp20.sys
2008-08-23 14:53 . 2008-08-23 14:56 <REP> d-------- C:\Program Files\Winamp
2008-08-23 14:53 . 2008-08-23 15:11 155 --a------ C:\Windows\winamp.ini
2008-08-23 14:01 . 2008-08-23 14:01 <REP> d-------- C:\temp
2008-08-23 13:46 . 2008-08-23 13:46 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\InstallShield
2008-08-23 12:55 . 2008-08-23 12:55 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-08-23 12:54 . 2008-08-23 12:55 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-23 12:26 . 2008-08-23 12:26 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\DAEMON Tools
2008-08-23 12:26 . 2008-08-23 12:26 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-08-23 10:56 . 2008-09-14 20:59 <REP> d-------- C:\INSTALL
2008-08-22 21:24 . 2008-09-14 16:01 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\skypePM
2008-08-22 21:12 . 2008-09-14 22:54 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Users\All Users\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\ProgramData\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Program Files\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Program Files\Common Files\Skype
2008-08-22 18:53 . 2008-08-22 18:53 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\vlc
2008-08-22 18:44 . 2008-08-22 18:44 <REP> d-------- C:\Program Files\VideoLAN
2008-08-22 12:35 . 2008-08-22 12:35 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-22 10:49 . 2008-09-14 20:16 78,396 --a------ C:\Users\All Users\nvModes.dat
2008-08-22 10:49 . 2008-09-14 20:16 78,396 --a------ C:\ProgramData\nvModes.dat
2008-08-22 10:44 . 2008-08-22 10:44 <REP> d-------- C:\Windows\nvtmpinst
2008-08-22 10:42 . 2008-08-22 10:42 <REP> d-------- C:\NVIDIA
2008-08-22 10:32 . 2008-08-22 10:34 28,124 --a------ C:\Users\Soufcool\AppData\Roaming\nvModes.dat
2008-08-22 10:20 . 2008-08-22 10:20 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Creative
2008-08-22 01:48 . 2008-09-05 21:51 137,656 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-08-22 01:48 . 2008-09-09 23:00 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-08-22 01:48 . 2008-08-22 12:49 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-08-22 01:48 . 2008-08-22 01:48 22,328 --a------ C:\Users\Soufcool\AppData\Roaming\PnkBstrK.sys
2008-08-22 01:48 . 2008-08-22 01:48 299 --a------ C:\Windows\game.ini
2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\SystemRequirementsLab
2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-08-21 19:31 . 2008-08-23 14:01 <REP> d-------- C:\Users\All Users\media center programs
2008-08-21 19:31 . 2008-08-23 14:01 <REP> d-------- C:\ProgramData\media center programs
2008-08-21 18:42 . 2008-08-21 18:42 <REP> d-------- C:\Users\All Users\Funcom
2008-08-21 18:42 . 2008-08-21 18:42 <REP> d-------- C:\ProgramData\Funcom
2008-08-21 18:30 . 2008-08-21 18:30 <REP> d-------- C:\Program Files\Alwil Software
2008-08-21 18:30 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-21 18:19 . 2008-08-21 18:19 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Intel
2008-08-21 18:15 . 2008-08-21 18:21 <REP> d-------- C:\DOWNLOADS
2008-08-21 18:00 . 2008-09-07 11:25 <REP> d-------- C:\JEUX
2008-08-21 17:40 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-21 17:33 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-21 17:32 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-21 17:32 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-21 16:38 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Searches
2008-08-21 16:38 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Contacts
2008-08-21 16:38 . 2008-08-21 16:38 <REP> d-------- C:\Users\Soufcool\Bluetooth Software
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Videos
2008-08-21 16:37 . 2008-09-02 00:25 <REP> dr------- C:\Users\Soufcool\Saved Games
2008-08-21 16:37 . 2008-08-16 19:12 <REP> d-------- C:\Users\Soufcool\Roaming
2008-08-21 16:37 . 2008-09-14 12:20 <REP> dr------- C:\Users\Soufcool\Pictures
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Music
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Links
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Downloads
2008-08-21 16:37 . 2008-09-14 13:57 <REP> dr------- C:\Users\Soufcool\Documents
2008-08-21 16:37 . 2006-11-02 14:37 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Media Center Programs
2008-08-21 16:37 . 2008-08-21 16:37 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Dell
2008-08-21 16:37 . 2008-08-21 16:37 <REP> d--h----- C:\Users\Soufcool\AppData
2008-08-21 16:37 . 2008-09-05 21:13 <REP> d-------- C:\Users\Soufcool
2008-08-21 16:37 . 2008-08-21 16:37 720,896 --a------ C:\Windows\IMAPIShellExt.dll
2008-08-21 16:37 . 2008-08-21 16:37 81,920 --a------ C:\Windows\BurnImage.exe
2008-08-21 16:34 . 2008-08-21 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-08-17 03:55 . 2008-08-17 03:55 <REP> d-------- C:\Program Files\Synaptics
2008-08-17 03:54 . 2008-08-17 03:54 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-08-17 03:54 . 2008-08-17 03:54 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-08-17 03:54 . 2008-08-17 03:54 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-08-17 03:54 . 2008-08-17 03:54 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-08-17 03:53 . 2008-08-17 03:53 2,032,128 --a------ C:\Windows\System32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 15:50 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Modèles
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Favoris
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Documents
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Bureau
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Application Data
2008-08-21 14:34 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-02 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-07-02 92704]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-07-02 92704]
C:\Users\Soufcool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]
C:\Users\Sebcool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-08-16 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-16 19:27 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ageofconan.exe]
"Debugger"="C:\Program Files\Age of Conan Quick Start\aoclaunch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{09BA8EB3-AF62-41C6-AA68-AF1AAD9888CB}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{5988D471-DC0E-47EB-80AF-92FE1BCDE4B9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A6B934A0-82E3-4944-BB3D-55D9E0F4C710}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{3E57AF78-D278-4107-9B5B-F42F4FB66C23}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{99105F93-B664-4062-BCC6-8230FA00262F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{671DC034-C9A8-42DE-A58F-EFC24FE68E03}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2143CB58-4D09-4944-872A-33296E6A0F1F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{CEEE033B-9680-494F-86C4-C1B40B969AD8}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8DE662E6-5469-43EB-90E5-0F67BB33D226}"= UDP:C:\JEUX\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{BB307440-3E3C-4CB2-A30A-D211A64E4B98}"= TCP:C:\JEUX\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7801CF11-E74C-4EE8-B7C6-67C12367AC86}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{29AAA1CF-96C9-4405-B8DF-9120979B6049}"= UDP:C:\JEUX\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{811C07F1-C0F1-47BA-9603-8508C76462FA}"= TCP:C:\JEUX\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E164334F-1AB2-4AAC-A868-DC7CDF1BCF4F}"= UDP:C:\JEUX\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{F4CE319C-0BB1-4E98-A0AA-0CFBAE652584}"= TCP:C:\JEUX\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"TCP Query User{7581FF24-4EE7-4BC9-8631-66E38D63C13E}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{EC8022FD-DD44-4B5A-8026-F5CF8056A06F}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"TCP Query User{EF43351F-2C43-4CDE-900D-5E697479D1B2}C:\\users\\soufcool\\desktop\\war europe downloader.exe"= UDP:C:\users\soufcool\desktop\war europe downloader.exe:war europe downloader.exe
"UDP Query User{EF5E3A78-5FD4-45A8-A71B-37FE8B54DB3A}C:\\users\\soufcool\\desktop\\war europe downloader.exe"= TCP:C:\users\soufcool\desktop\war europe downloader.exe:war europe downloader.exe
"TCP Query User{FD2D6A06-1B24-4F5B-A65C-C29FAEA3AAF5}C:\\jeux\\magic the gathering - battlegrounds\\system\\mtgbattlegrounds.exe"= UDP:C:\jeux\magic the gathering - battlegrounds\system\mtgbattlegrounds.exe:MTGBattlegrounds
"UDP Query User{C33A67EA-EF9E-4196-9961-501809319756}C:\\jeux\\magic the gathering - battlegrounds\\system\\mtgbattlegrounds.exe"= TCP:C:\jeux\magic the gathering - battlegrounds\system\mtgbattlegrounds.exe:MTGBattlegrounds
"TCP Query User{0C1DB6F8-68A8-49DC-845E-556C30D4BC25}G:\\sauve d shuttle\\emule\\emule.exe"= UDP:G:\sauve d shuttle\emule\emule.exe:eMule
"UDP Query User{D7A8D122-9E33-40F1-BB42-9BD21EC5F09A}G:\\sauve d shuttle\\emule\\emule.exe"= TCP:G:\sauve d shuttle\emule\emule.exe:eMule
"{3961AA33-843C-4E69-A03E-5C0D1F46645C}"= UDP:16010:Forged Alliance
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]
R3 physX32;physX32;C:\Windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b082fef-70fe-11dd-a579-001fe2da21d5}]
\shell\AutoRun\command - E:\autorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Soufcool\AppData\Roaming\Mozilla\Firefox\Profiles\4gkch86d.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF -: plugin - C:\Users\Soufcool\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 23:00:31
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-14 23:01:30
ComboFix-quarantined-files.txt 2008-09-14 21:01:27
Avant-CF: 236,739,461,120 octets libres
AprŠs-CF: 237,211,262,976 octets libres
267 --- E O F --- 2008-09-10 00:26:30
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
Et voici le rapport généré par HiJackThis après le passage de ComboFix :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:11, on 14/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\INSTALL\UTILS\Jack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - S-1-5-21-3072910097-2753795572-4256524432-1001 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Sebcool')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
bien mtn télécharge S&D https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
ccleaner pour qu'il fasse le tri : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
et malwarebytes : https://www.01net.com/telecharger/windows/Securite/anti-spam/fiches/44096.html
ccleaner pour qu'il fasse le tri : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
et malwarebytes : https://www.01net.com/telecharger/windows/Securite/anti-spam/fiches/44096.html
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question