Analyse Rapport Hijackthis SVP

Profil bloqué -  
 Profil bloqué -
Bonjour, pouvez vous analysez mon rapport hijackthis s.v.p car à chaque fois que je quitte Windows j'ai un son d' erreur mais aucun message...

Rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:50, on 23/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6060 bytes
Configuration: Windows XP
Firefox 3.0.1

10 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt le rapport est clean

    as tu mis un nouveau logiciel ou materiel? si oui cela vient peut etre de là

    sinon scan avec antivir et vois si tu es infecté et colle nous le rapport
    -1
  2. Profil bloqué
     
    Voilà le rapport antivir :

    Avira AntiVir Personal
    Report file date: mardi 23 septembre 2008 18:23

    Scanning for 1631183 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: VALOU-0504A5DF2

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 17:06:28
    ANTIVIR3.VDF : 7.0.6.195 278016 Bytes 22/09/2008 17:06:11
    Engineversion : 8.1.1.34
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 17:06:38
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 17:06:36
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 17:06:34
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 17:06:32
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 13/09/2008 17:06:33
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 13/09/2008 17:06:32
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 13/09/2008 17:06:30
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 23 septembre 2008 18:23

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
    Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'SmartDoctor.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'SixEngine.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '54' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: mardi 23 septembre 2008 18:43
    Used time: 19:44 Minute(s)

    The scan has been done completely.

    3156 Scanning directories
    163519 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    163517 Files not concerned
    1548 Archives were scanned
    2 Warnings
    0 Notes
    -1
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    -1
  4. Profil bloqué
     
    Voici le rapport de ComboFix :

    ComboFix 08-09-22.03 - Azzano 2008-09-23 20:53:57.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1627 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Azzano\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-23 19:07 . 2008-09-23 19:07 <REP> d-------- C:\CrashRpt
    2008-09-23 19:07 . 2008-09-23 19:07 <REP> d-------- C:\CrashReport
    2008-09-23 18:49 . 2008-09-23 20:48 <REP> d-------- C:\Program Files\Runes of Magic
    2008-09-23 11:14 . 2008-09-23 11:14 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-22 19:10 . 2008-09-22 19:10 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\YuLeech
    2008-09-21 15:04 . 2008-09-21 15:04 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-09-21 14:01 . 2008-09-21 14:01 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-09-20 19:03 . 2008-09-20 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
    2008-09-20 18:30 . 2008-09-20 18:30 <REP> d-------- C:\Program Files\Microsoft Games
    2008-09-20 18:29 . 2008-09-20 18:29 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-09-20 18:27 . 2008-09-20 18:27 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\DAEMON Tools
    2008-09-20 18:27 . 2008-09-20 18:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-09-20 16:40 . 2008-09-20 16:40 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\Auslogics
    2008-09-20 00:07 . 2008-09-20 00:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-09-19 21:47 . 2008-09-19 21:47 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2008-09-19 21:47 . 2008-09-19 21:47 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2008-09-19 21:46 . 2008-09-19 21:46 <REP> d-------- C:\WINDOWS\system32\Futuremark
    2008-09-19 21:46 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
    2008-09-19 21:46 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
    2008-09-19 21:46 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
    2008-09-19 21:46 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
    2008-09-19 19:39 . 2008-09-19 19:39 <REP> d-------- C:\Program Files\MSECache
    2008-09-19 11:45 . 2008-09-19 11:45 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-09-18 23:30 . 2008-09-18 23:30 <REP> d-------- C:\Program Files\Common Files
    2008-09-18 23:29 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-09-18 23:29 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-09-18 21:09 . 2008-09-18 21:09 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\Samsung
    2008-09-18 21:04 . 2008-09-18 21:04 <REP> d-------- C:\Program Files\Samsung
    2008-09-18 18:54 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-09-18 11:17 . 2008-09-18 11:20 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-09-15 23:28 . 2008-09-20 15:46 <REP> d-------- C:\Program Files\CDBurnerXP
    2008-09-15 23:15 . 2008-09-15 23:15 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\Canneverbe_Limited
    2008-09-15 19:23 . 2008-09-21 14:03 <REP> d-------- C:\Program Files\GUILD WARS
    2008-09-14 23:46 . 2008-09-14 23:46 <REP> d-------- C:\WINDOWS\Sun
    2008-09-14 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-09-14 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-09-14 13:37 . 2008-09-14 13:37 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-09-14 12:33 . 2008-09-14 13:41 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\AdobeUM
    2008-09-14 12:04 . 2008-09-14 12:03 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
    2008-09-14 00:18 . 2008-09-14 00:18 <REP> d-------- C:\Program Files\DirectX
    2008-09-14 00:08 . 2008-09-14 00:08 45 --a------ C:\WINDOWS\system32\initdebug.nfo
    2008-09-13 22:36 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-09-13 22:36 . 2008-04-13 20:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-09-13 22:33 . 2005-06-08 16:45 86,016 --a------ C:\WINDOWS\system32\vatee.ax
    2008-09-13 22:32 . 2008-09-13 22:32 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2008-09-13 22:32 . 2005-05-27 11:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
    2008-09-13 22:32 . 2005-05-27 11:32 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
    2008-09-13 22:32 . 2005-05-27 11:36 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2008-09-13 22:32 . 2005-05-27 11:29 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
    2008-09-13 22:32 . 2005-05-27 11:26 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
    2008-09-13 22:32 . 2005-05-27 11:19 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
    2008-09-13 22:32 . 2005-07-19 17:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2008-09-13 22:32 . 2005-05-27 11:31 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2008-09-13 22:32 . 2005-05-27 11:10 9,255 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2008-09-13 22:31 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
    2008-09-13 22:31 . 2008-09-13 22:31 264 --a------ C:\WINDOWS\_delis32.ini
    2008-09-13 22:27 . 2008-09-13 22:27 <REP> d-------- C:\WINDOWS\system32\AGEIA
    2008-09-13 22:27 . 2008-09-13 22:28 <REP> d-------- C:\WINDOWS\NV16922832.TMP
    2008-09-13 22:27 . 2008-09-13 22:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-13 22:27 . 2008-09-13 22:27 <REP> d-------- C:\Program Files\AGEIA Technologies
    2008-09-13 22:12 . 2008-09-20 16:48 <REP> d-------- C:\Program Files\LimeWire
    2008-09-13 22:02 . 2008-09-20 16:49 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\LimeWire
    2008-09-13 21:54 . 2008-09-13 21:54 <REP> d-------- C:\Program Files\Lavalys
    2008-09-13 21:32 . 2008-09-20 16:47 <REP> d-------- C:\Program Files\eMule
    2008-09-13 21:29 . 2008-09-13 21:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-09-13 21:29 . 2008-09-23 18:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-13 21:27 . 2008-09-21 18:17 <REP> d-------- C:\Documents and Settings\Azzano\Contacts
    2008-09-13 21:26 . 2008-09-13 21:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-13 21:25 . 2008-09-23 18:31 <REP> d-------- C:\Downloads
    2008-09-13 21:25 . 2008-09-13 21:25 268 --ah----- C:\sqmdata01.sqm
    2008-09-13 21:25 . 2008-09-13 21:25 244 --ah----- C:\sqmnoopt01.sqm
    2008-09-13 21:24 . 2008-09-13 21:24 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-09-13 21:24 . 2008-09-13 21:24 268 --ah----- C:\sqmdata00.sqm
    2008-09-13 21:24 . 2008-09-13 21:24 244 --ah----- C:\sqmnoopt00.sqm
    2008-09-13 20:50 . 2008-09-13 20:54 <REP> d-------- C:\Program Files\Windows Live
    2008-09-13 20:50 . 2008-09-18 21:05 <REP> d-------- C:\Program Files\Free Download Manager
    2008-09-13 20:50 . 2008-09-13 20:52 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-13 20:50 . 2008-09-23 19:44 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\Free Download Manager
    2008-09-13 20:50 . 2008-09-13 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-13 20:50 . 2008-09-13 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
    2008-09-13 20:38 . 2008-09-13 20:39 <REP> d-------- C:\WINDOWS\NV36643548.TMP
    2008-09-13 20:38 . 2008-08-02 12:20 198,941 --a------ C:\WINDOWS\system32\nvapps.nvb
    2008-09-13 20:37 . 2008-09-13 22:40 <REP> d-------- C:\Program Files\uTorrent
    2008-09-13 20:37 . 2008-09-13 20:37 <REP> d-------- C:\NVIDIA
    2008-09-13 20:37 . 2008-09-23 20:34 <REP> d-------- C:\Documents and Settings\Azzano\Application Data\uTorrent
    2008-09-13 20:31 . 2008-09-13 20:31 <REP> d-------- C:\Program Files\AusLogics Disk Defrag
    2008-09-13 20:28 . 2008-09-13 20:28 <REP> d-------- C:\Program Files\Microsoft IntelliPoint
    2008-09-13 20:28 . 2008-06-10 13:04 31,048 --a------ C:\WINDOWS\system32\drivers\point32.sys
    2008-09-13 20:26 . 2008-09-13 20:26 <REP> d-------- C:\Program Files\ma-config.com
    2008-09-13 20:26 . 2008-09-13 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-09-13 20:11 . 2008-09-13 20:11 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-09-13 20:10 . 2008-09-13 23:23 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-09-13 20:10 . 2008-09-13 20:11 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-09-13 20:04 . 2008-04-14 04:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-09-13 20:04 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2008-09-13 20:03 . 2008-04-14 03:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2008-09-13 20:03 . 2001-08-17 23:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2008-09-13 20:01 . 2008-09-13 20:01 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage r‚seau
    2008-09-13 20:01 . 2008-09-13 20:01 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
    2008-09-13 20:01 . 2008-09-13 18:06 <REP> d--h----- C:\Documents and Settings\Default User\ModŠles
    2008-09-13 20:01 . 2008-09-13 20:01 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
    2008-09-13 20:01 . 2008-09-13 20:01 <REP> dr------- C:\Documents and Settings\Default User\Menu D‚marrer
    2008-09-13 20:01 . 2008-09-13 20:01 <REP> d-------- C:\Documents and Settings\Default User\Favoris
    2008-09-13 20:01 . 2008-09-13 18:17 <REP> d-------- C:\Documents and Settings\Default User\Bureau
    2008-09-13 20:01 . 2008-09-13 20:01 <REP> d--h----- C:\Documents and Settings\All Users\ModŠles
    2008-09-13 20:01 . 2008-09-15 19:23 <REP> dr------- C:\Documents and Settings\All Users\Menu D‚marrer
    2008-09-13 20:01 . 2008-09-13 20:01 <REP> d-------- C:\Documents and Settings\All Users\Favoris
    2008-09-13 20:01 . 2008-09-13 18:21 <REP> dr------- C:\Documents and Settings\All Users\Documents
    2008-09-13 20:01 . 2008-09-21 10:44 <REP> d-------- C:\Documents and Settings\All Users\Bureau
    2008-09-13 20:01 . 2004-08-10 21:00 176,157 --a--c--- C:\WINDOWS\system32\dllcache\dgrpsetu.dll
    2008-09-13 20:00 . 2005-07-26 07:06 33,676 -ra------ C:\WINDOWS\SET34.tmp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-23 16:49 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-09-20 17:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 18:02 9,388 ----a-w C:\WINDOWS\system32\drivers\iaStor.PNF
    2008-09-13 18:02 7,280 ----a-w C:\WINDOWS\system32\drivers\viamraid.PNF
    2008-09-13 18:02 63,240 ----a-w C:\WINDOWS\system32\drivers\Si3112r.PNF
    2008-09-13 18:02 6,984 ----a-w C:\WINDOWS\system32\drivers\SiSRaid.PNF
    2008-09-13 18:02 20,152 ----a-w C:\WINDOWS\system32\drivers\INFCACHE.1
    2008-09-13 18:02 12,432 ----a-w C:\WINDOWS\system32\drivers\adpu320.PNF
    2008-09-13 18:02 12,204 ----a-w C:\WINDOWS\system32\drivers\nvraid.PNF
    2008-09-13 18:02 10,828 ----a-w C:\WINDOWS\system32\drivers\iaAHCI.PNF
    2008-09-13 17:44 --------- d-----w C:\Program Files\ASUS
    2008-09-13 17:24 --------- d-----w C:\Program Files\CCleaner
    2008-09-13 17:05 --------- d-----w C:\Program Files\Avira
    2008-09-13 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-13 17:03 --------- d-----w C:\Program Files\Java
    2008-09-13 16:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-09-13 16:45 --------- d-----w C:\Program Files\Marvell
    2008-09-13 16:43 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-09-13 16:43 --------- d-----w C:\Program Files\Realtek
    2008-09-13 16:31 --------- d-----w C:\Program Files\Intel
    2008-09-13 16:18 --------- d-----w C:\Program Files\microsoft frontpage
    2008-09-13 16:16 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-09-13 16:11 --------- d-----w C:\Program Files\Services en ligne
    2008-09-13 16:08 --------- d-----w C:\Program Files\Windows Plus
    2008-08-01 09:05 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
    2008-07-29 16:05 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
    2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2006-06-24 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-23_20.51.26.98 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-09-23 07:27:49 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-23 18:54:20 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-09-23 07:27:49 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-09-23 18:54:20 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-09-23 07:27:49 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-23 18:54:20 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-09-23 07:27:49 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-23 18:54:20 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-07-09 1150976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
    "Six Engine"="C:\Program Files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-08-02 13570048]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-08-02 86016]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "nwiz"="nwiz.exe" [2008-08-02 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2"= asusasv2.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    --a------ 2008-07-09 11:17 1150976 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
    --a------ 2007-09-13 15:54 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    --a------ 2008-06-10 12:56 1406024 c:\Program Files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    -r------- 2008-05-16 08:39 16862720 C:\WINDOWS\RTHDCPL.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Documents and Settings\\Azzano\\Bureau\\YuLeech-Runes_of_Magic_EN-en.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "49200:TCP"= 49200:TCP:µtorrent

    R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-06-24 150568]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-09-13 12416]
    R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-09-13 10752]
    S3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Azzano\Application Data\Mozilla\Firefox\Profiles\u9bgqn88.default\
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-23 20:54:32
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-09-23 20:55:05
    ComboFix-quarantined-files.txt 2008-09-23 18:55:03
    ComboFix2.txt 2008-09-23 18:51:44

    Avant-CF: 290ÿ167ÿ296ÿ000 octets libres
    Après-CF: 290,151,759,872 octets libres

    262 --- E O F --- 2008-09-20 10:54:15
    -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Profil bloqué
     
    Voilà le rapport :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1200
    Windows 5.1.2600 Service Pack 3

    23/09/2008 22:35:12
    mbam-log-2008-09-23 (22-35-12).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 69857
    Temps écoulé: 14 minute(s), 9 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    -1
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    absolument rien d'infectieux....

    depuis quand as tu ceci?
    -1