Impossible supprimer virus avec antivir
Résolu
kev006
Messages postés
271
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
depuis peu j'ai téléchargé un fichier sur le net qui a de suite était bloqué avec antivir. J'ai donc placé le fichier en quarantaine, or maintenant je veux le supprimer et je ne peut pas cliquer sur l'icône corbeille.... quand je clique dessus rien ne se passe , l'icône ne "s'enfonce" même pas.
je vous poste un log hijacthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:49, on 06/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\SideBar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
depuis peu j'ai téléchargé un fichier sur le net qui a de suite était bloqué avec antivir. J'ai donc placé le fichier en quarantaine, or maintenant je veux le supprimer et je ne peut pas cliquer sur l'icône corbeille.... quand je clique dessus rien ne se passe , l'icône ne "s'enfonce" même pas.
je vous poste un log hijacthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:49, on 06/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\SideBar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:
- Impossible supprimer virus avec antivir
- Supprimer rond bleu whatsapp - Guide
- Impossible de supprimer une page word - Guide
- Fichier impossible à supprimer - Guide
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Supprimer pub youtube - Accueil - Streaming
18 réponses
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
je sais bien , j'ai pas forcement poster pour que tu reponde, mais pour avoir de l'aide en general.
je ne peut toujours pas supprimer les virus.
pour le log je ne pourrais que demain car je ne suis pas chez moi.
je ne peut toujours pas supprimer les virus.
pour le log je ne pourrais que demain car je ne suis pas chez moi.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
il sont dans la quarantaine d'antivir , je ne peut pas cliquer sur suprimer (icone corbeille) car le bouton ne s'enfonce pas meme quand je met juste la souris dessus. je n'y arrive toujours pas meme apres combo fix
cela fais deux jours que j'attends alors patiente un peu .... il n'y a pas que toi dans la vie
encore des soucis ????
recolle un hijakchits
encore des soucis ????
recolle un hijakchits
salut , télécharge ça si tu ne la pas déjà , http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner , redémarre en mode sans échec ( F8 ) , nettoie ton pc avec Ccleaner , vérifie si ta corbeille est vide , puis redémarre , si Antivir à bloquer le téléchargement comment ça se fait qu'il se trouve dans ta corbeille ? , si ça ne fonctionne pas tu pourra bien attendre que quelqu'un vérifie dans ton rapport que tu n'est pas infecter .
slt
colle un rapport avec antivir que tu as pour voir
et
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
colle un rapport avec antivir que tu as pour voir
et
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
oki netoyage deja fait , antivir aucun virus ,rien avec malwarebytes ,antivir ne veut toujours rien faire ....
Raport combo fix voila :
ComboFix 08-10-10.09 - kevin 2008-10-11 12:43:07.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1143 [GMT 2:00]
Lancé depuis: C:\Users\kevin\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\kevin\AppData\Roaming\Adobe\crc.dat
----- BITS: Il y a peut-être des sites infectés -----
hxxp://pornotube8.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.
2008-10-11 12:41 . 2008-10-11 12:42 <REP> d-------- C:\32788R22FWJFW
2008-10-05 23:04 . 2008-10-05 23:23 <REP> d-------- C:\Users\All Users\Microsoft Help
2008-10-05 23:04 . 2008-10-05 23:23 <REP> d-------- C:\ProgramData\Microsoft Help
2008-10-05 14:49 . 2008-10-05 14:49 <REP> d-------- C:\Users\kevin\AppData\Roaming\Thunderbird
2008-09-30 22:09 . 2008-09-30 22:09 <REP> d-------- C:\Users\All Users\InstallShield
2008-09-30 22:09 . 2008-09-30 22:09 <REP> d-------- C:\ProgramData\InstallShield
2008-09-30 22:08 . 2008-09-30 22:09 <REP> d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-09-30 22:07 . 2008-09-30 22:07 <REP> d-------- C:\Users\kevin\AppData\Roaming\Jasc Software Inc
2008-09-30 22:07 . 2008-09-30 22:07 <REP> d-------- C:\Program Files\Jasc Software Inc
2008-09-29 16:36 . 2008-10-09 18:51 <REP> d-------- C:\Users\kevin\Tracing
2008-09-24 00:01 . 2008-10-05 19:49 <REP> d-------- C:\Users\kevin\AppData\Roaming\OpenOffice.org2
2008-09-23 23:33 . 2008-09-23 23:33 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-19 00:06 . 2008-09-19 00:06 <REP> d-------- C:\Users\kevin\AppData\Roaming\vlc
2008-09-18 23:47 . 2008-06-26 05:21 712,704 --a------ C:\Windows\System32\WindowsCodecs.dll
2008-09-18 23:47 . 2008-06-26 05:21 347,648 --a------ C:\Windows\System32\WindowsCodecsExt.dll
2008-09-18 23:44 . 2008-09-18 23:44 <REP> d-------- C:\Program Files\Microsoft
2008-09-18 23:37 . 2008-09-18 23:37 <REP> d-------- C:\Program Files\Common Files\Windows Live
2008-09-18 16:53 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-18 16:53 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-18 16:53 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-18 16:53 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-18 16:53 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-18 16:53 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-18 16:53 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-18 16:53 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-18 16:53 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-14 01:39 . 2008-09-14 01:39 <REP> d-------- C:\Program Files\Common Files\Nokia
2008-09-11 01:19 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-11 01:19 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-11 01:18 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-11 01:18 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-11 01:18 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-11 01:18 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-11 01:18 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-11 01:18 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-11 01:18 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 17:14 --------- d-----w C:\Users\kevin\AppData\Roaming\uTorrent
2008-10-05 11:59 --------- d-----w C:\Users\kevin\AppData\Roaming\LimeWire
2008-09-30 20:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-29 14:34 --------- d-----w C:\Program Files\Windows Live
2008-09-25 16:19 --------- d-----w C:\Users\kevin\AppData\Roaming\Winamp
2008-09-21 00:27 --------- d-----w C:\Program Files\EA GAMES
2008-09-21 00:10 --------- d-----w C:\Program Files\ManyCam 2.2
2008-09-21 00:05 --------- d-----w C:\ProgramData\WLInstaller
2008-09-19 18:09 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-18 21:46 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-18 17:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-13 23:39 --------- d-----w C:\Program Files\Nokia
2008-09-13 23:32 --------- d-----w C:\ProgramData\PC Suite
2008-09-13 23:31 --------- d-----w C:\Users\kevin\AppData\Roaming\Nokia
2008-09-10 23:09 --------- d-----w C:\Users\kevin\AppData\Roaming\DAEMON Tools
2008-09-10 23:09 --------- d-----w C:\Program Files\Windows Mail
2008-09-10 11:23 --------- d-----w C:\Program Files\Stardock
2008-09-09 23:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 22:03 51,712 ----a-w C:\Windows\System32\sirenacm.dll
2008-09-07 22:11 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-07 22:11 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-07 18:01 --------- d-----w C:\Users\kevin\AppData\Roaming\DivX
2008-09-07 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 16:22 --------- d-----w C:\Users\kevin\AppData\Roaming\Apple Computer
2008-09-07 16:22 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-09-07 16:22 --------- d-----w C:\ProgramData\Symantec
2008-09-07 16:22 --------- d-----w C:\ProgramData\ma-config.com
2008-09-07 16:22 --------- d-----w C:\ProgramData\Installations
2008-09-07 16:22 --------- d-----w C:\Program Files\QuickTime
2008-09-07 16:22 --------- d-----w C:\Program Files\NSS
2008-09-07 16:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-07 16:22 --------- d-----w C:\Program Files\LimeWire
2008-09-07 16:22 --------- d-----w C:\Program Files\DivX
2008-09-07 16:22 --------- d-----w C:\Program Files\AviSynth 2.5
2008-09-07 15:47 --------- d-----w C:\Users\kevin\AppData\Roaming\GlarySoft
2008-09-07 15:17 --------- d-----w C:\Program Files\Glary Utilities
2008-09-03 11:29 --------- d-----w C:\Program Files\Winamp
2008-09-03 11:17 --------- d-----w C:\ProgramData\Apple Computer
2008-09-02 19:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-31 17:21 --------- d-----w C:\Users\kevin\AppData\Roaming\Atari
2008-08-31 17:10 --------- d-----w C:\Users\kevin\AppData\Roaming\Leadertech
2008-08-27 17:54 --------- d-----w C:\Program Files\TOSHIBA
2008-08-24 14:30 --------- d-----w C:\Program Files\Intel
2008-08-24 13:56 --------- d-----w C:\Program Files\ma-config.com
2008-08-22 18:45 --------- d-----w C:\ProgramData\Avira
2008-08-22 18:45 --------- d-----w C:\Program Files\Avira
2008-08-22 17:37 42,952 ----a-w C:\Windows\system32\drivers\PktIcpt.sys
2008-08-22 17:34 45,768 ----a-w C:\Windows\system32\drivers\MiniIcpt.sys
2008-08-22 14:55 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-08-22 14:39 --------- d-----w C:\ProgramData\ESET
2008-08-22 03:06 --------- d-----w C:\ProgramData\sentinel
2008-08-22 02:44 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-22 02:18 69,689 ----a-w C:\Windows\UNZIP.DLL
2008-08-22 02:18 507,904 ----a-w C:\Windows\TMUPDATE.DLL
2008-08-22 02:18 286,720 ----a-w C:\Windows\PATCH.EXE
2008-08-21 17:48 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 19:29 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-08-15 23:52 --------- d-----w C:\Program Files\RocketDock
2008-08-12 22:08 --------- d-----w C:\Program Files\Microsoft Games
2008-08-12 17:45 --------- d-----w C:\Program Files\Java
2008-08-06 14:26 9,728 ----a-w C:\Windows\System32\RtNicProp32.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 11:13 174 --sha-w C:\Program Files\desktop.ini
2008-07-19 10:46 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-19 10:46 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-12 06:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
2008-01-23 00:56 944 ----a-w C:\Users\kevin\AppData\Roaming\filterclsid.dat
2008-01-13 20:56 47,360 ----a-w C:\Users\kevin\AppData\Roaming\pcouffin.sys
2007-09-24 20:31 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="C:\Program Files\Windows Sidebar\SideBar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Google Update"="C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 7766016]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-10-11 431456]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-12-03 509888]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-10-11 712704]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-07-06 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-18 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-09-09 00:02 3513344 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-11 00:05 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
--a------ 2007-10-29 17:22 103824 C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PLFSet"=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{07147402-135C-42C6-8E8B-1D18C077BDF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9E6A3437-62B0-41EB-A699-C6A528A80523}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{A7553D38-E899-4CFE-90EC-9E6DF148CA27}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{B2579715-EE2B-4FFF-81CB-5AF378D14CE1}"= UDP:55823:utorent
"{53B24D5F-1877-4FF8-AC4B-CA6F72532B66}"= TCP:55823:utorent1
"TCP Query User{E0A86E8D-E1B7-45DA-9EFB-5EC4A1B978C4}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{86A7EE49-9765-4C58-85BE-04C6621596A3}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{5479639F-07D2-4359-BC27-9A860A17CC79}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{6F620336-A623-4A53-9D09-1F3CC8D4A187}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{28C22736-1B2E-4A5B-8B27-CA1544B620E3}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{1257FB5E-6426-4B8A-A43D-9F694B40B9FB}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{D6F5A8D5-8653-4FA5-A9A4-7076305D76F2}C:\\team17\\worms2 demo\\worms2.exe"= UDP:C:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"UDP Query User{2F64B72D-97F9-4EFF-8976-8DAA252DC80A}C:\\team17\\worms2 demo\\worms2.exe"= TCP:C:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"{AECF4AA1-46B9-446F-8203-D5B38F7C896A}"= UDP:50896:lime wire
"{1ABDD844-2F9D-4ABE-A0FE-B99B077D9B51}"= TCP:50896:lime wire 1
"TCP Query User{4ACC62A6-6BF3-4B88-AFD3-6C8A5F80CC34}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{DDB51706-D856-44D5-B6B2-DA711DD0AA66}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{9F9B109F-2EF8-47F9-B5AA-5B7FB72E2C34}"= UDP:28487:flash get 1
"{B7B1F7DB-E468-4776-9A7A-5EFCF30839FC}"= TCP:28487:flash get 2
"TCP Query User{A7AA61E0-5E33-4C00-8307-5C936D305813}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3D4AED87-BE6E-49FA-ABFB-DE8FA4F40345}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{852B12AF-0B0E-4621-B3BC-D4A000DB1022}C:\\users\\kevin\\desktop\\age of emire\\empire earth.exe"= UDP:C:\users\kevin\desktop\age of emire\empire earth.exe:empire earth.exe
"UDP Query User{D7A06E40-B1D9-4CD2-B2B7-54C3C2B9217E}C:\\users\\kevin\\desktop\\age of emire\\empire earth.exe"= TCP:C:\users\kevin\desktop\age of emire\empire earth.exe:empire earth.exe
"TCP Query User{D56CFD23-9688-4AD0-81C7-6F64F8053928}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{7FA57F1C-F1EB-461B-9E25-9F3472B9F256}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{25B6257E-4515-4B7F-B2E1-DB07026F4A22}C:\\users\\kevin\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\kevin\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{955FD53C-8342-4CFE-8203-77B1D152D8BC}C:\\users\\kevin\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\kevin\program files\utorrent\utorrent.exe:utorrent.exe
"{A2D4560B-69E2-4ED9-BD27-FC64F3E73D00}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{35681FF3-1D7E-4164-89FE-3014B3F85BDE}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{3D804A9A-387D-41DE-84DD-43A7FB386164}C:\\program files\\gamespy arcade\\aphex.exe"= UDP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.3
"UDP Query User{D49182B8-DC0A-467D-A1AC-CBD0BC052FAC}C:\\program files\\gamespy arcade\\aphex.exe"= TCP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.3
"{A26AE189-F23A-4B15-AA5A-EA099306F096}"= UDP:C:\Users\kevin\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{520865AC-3DA2-4EE9-AD16-5C8FA470BFB5}"= TCP:C:\Users\kevin\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{ADDA74C2-342C-4933-92ED-188CE9F7CA44}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{962267F0-C8AE-491E-A030-2AC12A4874EC}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{93CC42FE-0E34-4D9F-9B63-8DA20DD5F460}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{38C16912-28EC-47BD-8DB0-D98D7BD58C0F}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{75F3C926-C8EA-4D43-9CF5-37BFD6416E45}C:\\program files\\common files\\pocketsoft\\rtpatch\\autortp\\artpschd.exe"= UDP:C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe:artpschd
"UDP Query User{B8195A6D-2156-4D5F-94F6-CF5D2B8E3DFE}C:\\program files\\common files\\pocketsoft\\rtpatch\\autortp\\artpschd.exe"= TCP:C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe:artpschd
"{3AB35451-8123-4FA1-B392-57105577C57B}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{D2C8018B-AB98-43FA-9AFA-1BA6FC5F1551}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{46E2081C-9D21-443A-8EFB-7470D8674961}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{748F0AB2-E25F-4F96-B587-50C538DFED52}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{0EFA6412-40E7-4931-B316-24BD01854DAE}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{B738A85C-C2E8-4489-8DD4-2E27BD4C8E95}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{EABBB9CB-1152-4A73-88DC-8FD1461431C0}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{82081778-8E5B-4DC8-9A0B-BE8405FB66F4}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;C:\Program Files\Toshiba TEMPO\TempoSVC.exe [2007-10-29 95624]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276efaf4-f739-11dc-b6a3-001b381ae936}]
\shell\AutoRun\command - G:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-11 C:\Windows\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]
2008-10-10 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 01:55]
2008-10-10 C:\Windows\Tasks\User_Feed_Synchronization-{090E04EE-A046-4C0E-8B80-9C8B2A5212F7}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vvqwpqv4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Users\kevin\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vvqwpqv4.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 12:46:21
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-11 12:47:49
ComboFix-quarantined-files.txt 2008-10-11 10:47:30
ComboFix2.txt 2008-08-17 22:58:34
Avant-CF: 24 880 795 648 octets libres
Après-CF: 24,737,890,304 octets libres
296 --- E O F --- 2008-10-09 16:43:54
ComboFix 08-10-10.09 - kevin 2008-10-11 12:43:07.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1143 [GMT 2:00]
Lancé depuis: C:\Users\kevin\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\kevin\AppData\Roaming\Adobe\crc.dat
----- BITS: Il y a peut-être des sites infectés -----
hxxp://pornotube8.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.
2008-10-11 12:41 . 2008-10-11 12:42 <REP> d-------- C:\32788R22FWJFW
2008-10-05 23:04 . 2008-10-05 23:23 <REP> d-------- C:\Users\All Users\Microsoft Help
2008-10-05 23:04 . 2008-10-05 23:23 <REP> d-------- C:\ProgramData\Microsoft Help
2008-10-05 14:49 . 2008-10-05 14:49 <REP> d-------- C:\Users\kevin\AppData\Roaming\Thunderbird
2008-09-30 22:09 . 2008-09-30 22:09 <REP> d-------- C:\Users\All Users\InstallShield
2008-09-30 22:09 . 2008-09-30 22:09 <REP> d-------- C:\ProgramData\InstallShield
2008-09-30 22:08 . 2008-09-30 22:09 <REP> d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-09-30 22:07 . 2008-09-30 22:07 <REP> d-------- C:\Users\kevin\AppData\Roaming\Jasc Software Inc
2008-09-30 22:07 . 2008-09-30 22:07 <REP> d-------- C:\Program Files\Jasc Software Inc
2008-09-29 16:36 . 2008-10-09 18:51 <REP> d-------- C:\Users\kevin\Tracing
2008-09-24 00:01 . 2008-10-05 19:49 <REP> d-------- C:\Users\kevin\AppData\Roaming\OpenOffice.org2
2008-09-23 23:33 . 2008-09-23 23:33 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-19 00:06 . 2008-09-19 00:06 <REP> d-------- C:\Users\kevin\AppData\Roaming\vlc
2008-09-18 23:47 . 2008-06-26 05:21 712,704 --a------ C:\Windows\System32\WindowsCodecs.dll
2008-09-18 23:47 . 2008-06-26 05:21 347,648 --a------ C:\Windows\System32\WindowsCodecsExt.dll
2008-09-18 23:44 . 2008-09-18 23:44 <REP> d-------- C:\Program Files\Microsoft
2008-09-18 23:37 . 2008-09-18 23:37 <REP> d-------- C:\Program Files\Common Files\Windows Live
2008-09-18 16:53 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-18 16:53 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-18 16:53 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-18 16:53 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-18 16:53 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-18 16:53 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-18 16:53 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-18 16:53 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-18 16:53 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-14 01:39 . 2008-09-14 01:39 <REP> d-------- C:\Program Files\Common Files\Nokia
2008-09-11 01:19 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-11 01:19 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-11 01:18 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-11 01:18 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-11 01:18 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-11 01:18 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-11 01:18 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-11 01:18 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-11 01:18 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 17:14 --------- d-----w C:\Users\kevin\AppData\Roaming\uTorrent
2008-10-05 11:59 --------- d-----w C:\Users\kevin\AppData\Roaming\LimeWire
2008-09-30 20:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-29 14:34 --------- d-----w C:\Program Files\Windows Live
2008-09-25 16:19 --------- d-----w C:\Users\kevin\AppData\Roaming\Winamp
2008-09-21 00:27 --------- d-----w C:\Program Files\EA GAMES
2008-09-21 00:10 --------- d-----w C:\Program Files\ManyCam 2.2
2008-09-21 00:05 --------- d-----w C:\ProgramData\WLInstaller
2008-09-19 18:09 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-18 21:46 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-18 17:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-13 23:39 --------- d-----w C:\Program Files\Nokia
2008-09-13 23:32 --------- d-----w C:\ProgramData\PC Suite
2008-09-13 23:31 --------- d-----w C:\Users\kevin\AppData\Roaming\Nokia
2008-09-10 23:09 --------- d-----w C:\Users\kevin\AppData\Roaming\DAEMON Tools
2008-09-10 23:09 --------- d-----w C:\Program Files\Windows Mail
2008-09-10 11:23 --------- d-----w C:\Program Files\Stardock
2008-09-09 23:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 22:03 51,712 ----a-w C:\Windows\System32\sirenacm.dll
2008-09-07 22:11 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-07 22:11 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-07 18:01 --------- d-----w C:\Users\kevin\AppData\Roaming\DivX
2008-09-07 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 16:22 --------- d-----w C:\Users\kevin\AppData\Roaming\Apple Computer
2008-09-07 16:22 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-09-07 16:22 --------- d-----w C:\ProgramData\Symantec
2008-09-07 16:22 --------- d-----w C:\ProgramData\ma-config.com
2008-09-07 16:22 --------- d-----w C:\ProgramData\Installations
2008-09-07 16:22 --------- d-----w C:\Program Files\QuickTime
2008-09-07 16:22 --------- d-----w C:\Program Files\NSS
2008-09-07 16:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-07 16:22 --------- d-----w C:\Program Files\LimeWire
2008-09-07 16:22 --------- d-----w C:\Program Files\DivX
2008-09-07 16:22 --------- d-----w C:\Program Files\AviSynth 2.5
2008-09-07 15:47 --------- d-----w C:\Users\kevin\AppData\Roaming\GlarySoft
2008-09-07 15:17 --------- d-----w C:\Program Files\Glary Utilities
2008-09-03 11:29 --------- d-----w C:\Program Files\Winamp
2008-09-03 11:17 --------- d-----w C:\ProgramData\Apple Computer
2008-09-02 19:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-31 17:21 --------- d-----w C:\Users\kevin\AppData\Roaming\Atari
2008-08-31 17:10 --------- d-----w C:\Users\kevin\AppData\Roaming\Leadertech
2008-08-27 17:54 --------- d-----w C:\Program Files\TOSHIBA
2008-08-24 14:30 --------- d-----w C:\Program Files\Intel
2008-08-24 13:56 --------- d-----w C:\Program Files\ma-config.com
2008-08-22 18:45 --------- d-----w C:\ProgramData\Avira
2008-08-22 18:45 --------- d-----w C:\Program Files\Avira
2008-08-22 17:37 42,952 ----a-w C:\Windows\system32\drivers\PktIcpt.sys
2008-08-22 17:34 45,768 ----a-w C:\Windows\system32\drivers\MiniIcpt.sys
2008-08-22 14:55 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-08-22 14:39 --------- d-----w C:\ProgramData\ESET
2008-08-22 03:06 --------- d-----w C:\ProgramData\sentinel
2008-08-22 02:44 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-22 02:18 69,689 ----a-w C:\Windows\UNZIP.DLL
2008-08-22 02:18 507,904 ----a-w C:\Windows\TMUPDATE.DLL
2008-08-22 02:18 286,720 ----a-w C:\Windows\PATCH.EXE
2008-08-21 17:48 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 19:29 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-08-15 23:52 --------- d-----w C:\Program Files\RocketDock
2008-08-12 22:08 --------- d-----w C:\Program Files\Microsoft Games
2008-08-12 17:45 --------- d-----w C:\Program Files\Java
2008-08-06 14:26 9,728 ----a-w C:\Windows\System32\RtNicProp32.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 11:13 174 --sha-w C:\Program Files\desktop.ini
2008-07-19 10:46 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-19 10:46 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-12 06:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
2008-01-23 00:56 944 ----a-w C:\Users\kevin\AppData\Roaming\filterclsid.dat
2008-01-13 20:56 47,360 ----a-w C:\Users\kevin\AppData\Roaming\pcouffin.sys
2007-09-24 20:31 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="C:\Program Files\Windows Sidebar\SideBar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Google Update"="C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 7766016]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-10-11 431456]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-12-03 509888]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-10-11 712704]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-07-06 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-18 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-09-09 00:02 3513344 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-11 00:05 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
--a------ 2007-10-29 17:22 103824 C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PLFSet"=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{07147402-135C-42C6-8E8B-1D18C077BDF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9E6A3437-62B0-41EB-A699-C6A528A80523}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{A7553D38-E899-4CFE-90EC-9E6DF148CA27}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{B2579715-EE2B-4FFF-81CB-5AF378D14CE1}"= UDP:55823:utorent
"{53B24D5F-1877-4FF8-AC4B-CA6F72532B66}"= TCP:55823:utorent1
"TCP Query User{E0A86E8D-E1B7-45DA-9EFB-5EC4A1B978C4}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{86A7EE49-9765-4C58-85BE-04C6621596A3}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{5479639F-07D2-4359-BC27-9A860A17CC79}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{6F620336-A623-4A53-9D09-1F3CC8D4A187}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{28C22736-1B2E-4A5B-8B27-CA1544B620E3}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{1257FB5E-6426-4B8A-A43D-9F694B40B9FB}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{D6F5A8D5-8653-4FA5-A9A4-7076305D76F2}C:\\team17\\worms2 demo\\worms2.exe"= UDP:C:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"UDP Query User{2F64B72D-97F9-4EFF-8976-8DAA252DC80A}C:\\team17\\worms2 demo\\worms2.exe"= TCP:C:\team17\worms2 demo\worms2.exe:Worms 2 Frontend Demo
"{AECF4AA1-46B9-446F-8203-D5B38F7C896A}"= UDP:50896:lime wire
"{1ABDD844-2F9D-4ABE-A0FE-B99B077D9B51}"= TCP:50896:lime wire 1
"TCP Query User{4ACC62A6-6BF3-4B88-AFD3-6C8A5F80CC34}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{DDB51706-D856-44D5-B6B2-DA711DD0AA66}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{9F9B109F-2EF8-47F9-B5AA-5B7FB72E2C34}"= UDP:28487:flash get 1
"{B7B1F7DB-E468-4776-9A7A-5EFCF30839FC}"= TCP:28487:flash get 2
"TCP Query User{A7AA61E0-5E33-4C00-8307-5C936D305813}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3D4AED87-BE6E-49FA-ABFB-DE8FA4F40345}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{852B12AF-0B0E-4621-B3BC-D4A000DB1022}C:\\users\\kevin\\desktop\\age of emire\\empire earth.exe"= UDP:C:\users\kevin\desktop\age of emire\empire earth.exe:empire earth.exe
"UDP Query User{D7A06E40-B1D9-4CD2-B2B7-54C3C2B9217E}C:\\users\\kevin\\desktop\\age of emire\\empire earth.exe"= TCP:C:\users\kevin\desktop\age of emire\empire earth.exe:empire earth.exe
"TCP Query User{D56CFD23-9688-4AD0-81C7-6F64F8053928}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{7FA57F1C-F1EB-461B-9E25-9F3472B9F256}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{25B6257E-4515-4B7F-B2E1-DB07026F4A22}C:\\users\\kevin\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\kevin\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{955FD53C-8342-4CFE-8203-77B1D152D8BC}C:\\users\\kevin\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\kevin\program files\utorrent\utorrent.exe:utorrent.exe
"{A2D4560B-69E2-4ED9-BD27-FC64F3E73D00}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{35681FF3-1D7E-4164-89FE-3014B3F85BDE}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{3D804A9A-387D-41DE-84DD-43A7FB386164}C:\\program files\\gamespy arcade\\aphex.exe"= UDP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.3
"UDP Query User{D49182B8-DC0A-467D-A1AC-CBD0BC052FAC}C:\\program files\\gamespy arcade\\aphex.exe"= TCP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.3
"{A26AE189-F23A-4B15-AA5A-EA099306F096}"= UDP:C:\Users\kevin\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{520865AC-3DA2-4EE9-AD16-5C8FA470BFB5}"= TCP:C:\Users\kevin\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{ADDA74C2-342C-4933-92ED-188CE9F7CA44}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{962267F0-C8AE-491E-A030-2AC12A4874EC}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{93CC42FE-0E34-4D9F-9B63-8DA20DD5F460}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{38C16912-28EC-47BD-8DB0-D98D7BD58C0F}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{75F3C926-C8EA-4D43-9CF5-37BFD6416E45}C:\\program files\\common files\\pocketsoft\\rtpatch\\autortp\\artpschd.exe"= UDP:C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe:artpschd
"UDP Query User{B8195A6D-2156-4D5F-94F6-CF5D2B8E3DFE}C:\\program files\\common files\\pocketsoft\\rtpatch\\autortp\\artpschd.exe"= TCP:C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe:artpschd
"{3AB35451-8123-4FA1-B392-57105577C57B}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{D2C8018B-AB98-43FA-9AFA-1BA6FC5F1551}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{46E2081C-9D21-443A-8EFB-7470D8674961}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{748F0AB2-E25F-4F96-B587-50C538DFED52}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{0EFA6412-40E7-4931-B316-24BD01854DAE}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{B738A85C-C2E8-4489-8DD4-2E27BD4C8E95}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{EABBB9CB-1152-4A73-88DC-8FD1461431C0}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{82081778-8E5B-4DC8-9A0B-BE8405FB66F4}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;C:\Program Files\Toshiba TEMPO\TempoSVC.exe [2007-10-29 95624]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276efaf4-f739-11dc-b6a3-001b381ae936}]
\shell\AutoRun\command - G:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-11 C:\Windows\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]
2008-10-10 C:\Windows\Tasks\GoogleUpdateTaskUser.job
- C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 01:55]
2008-10-10 C:\Windows\Tasks\User_Feed_Synchronization-{090E04EE-A046-4C0E-8B80-9C8B2A5212F7}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vvqwpqv4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Users\kevin\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vvqwpqv4.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 12:46:21
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-11 12:47:49
ComboFix-quarantined-files.txt 2008-10-11 10:47:30
ComboFix2.txt 2008-08-17 22:58:34
Avant-CF: 24 880 795 648 octets libres
Après-CF: 24,737,890,304 octets libres
296 --- E O F --- 2008-10-09 16:43:54
ils sont ou les virus? dans la corbeille? en quarantaine dans antivir?
essaye de les virer en mode sans echec
essaye de les virer en mode sans echec
