Multi problèmes

sonaquil -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
Voilà, mon ordi rame à fond et je suis pas forcément un spécialiste en informatique.

Les symptômes :
- Ordi ralenti à fond.
- Le bureau qui ne s'ouvre pas au démarrage (obliger d'ouvrir taskmgr et d'ouvrir explorer en manuel)
- Analyse anti-virus avec Avast et 2/3 merdouilles trouvées.
- Et sinon à chaque que je branche un périphique Vista ne le détecte pas (là je sais pas si ça a à voir avec un virus pour le coup, et on pourra voir ça plus tard, la priorité étant l'ordi qui n'avance plus)

Je vous post le rapport HijackThis et vous remercie par avance de faire revivre mon ordi.

Bye




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:36, on 16/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Fabien\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

37 réponses

  • 1
  • 2
Réponse 1 / 37
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Salut,

1- protocole à suivre pour Windows Vista :

*Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :

Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517


* Important :
Pour installer ou pour lancer les outils, que tu utiliseras au court de la désinfection, fait toujours ainsi :
cliques DROIT ( sur le setup d'installe ou l'outil )-> choisis " Exécuter entant qu'administrateur " .
Fais ce-ci systématiquement ! ...


une fois ceci fait et pris en compte , commences par ce qui suit :


2- Télécharges Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Fermes bien toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* cliques ensuite sur " Continue " pour lancer l'analyse ...


( Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence.)


-> laisses faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Postes le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )


2
Réponse 2 / 37
sonaquil
 
ET LE RAPPORT INFO




info.txt logfile of random's system information tool 1.04 2008-10-16 17:49:49

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.EXE" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam-->Rundll32.exe BisonR07.dll,WinMainRmv
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AGEIA PhysX v7.05.17-->MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly
Big Kahuna Reef 2-->"C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Catalyst Control Center - Branding-->MsiExec.exe /I{C3B3BB74-B49D-4B15-A5D4-863426EB96E0}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynasty-->"C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Favorit-->c:\users\fabien\appdata\local\cpesob.bat
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Football Manager 2008-->"C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Les Sims 2 : Nuits de Folie-->C:\Program Files\EA GAMES\Les Sims 2 Nuits de Folie\EAUninstall.exe
Les Sims 2 Fun en Famille Kit-->C:\Program Files\EA GAMES\Les Sims 2 Fun en Famille Kit\EAUninstall.exe
Les Sims 2 : La bonne affaire-->C:\Program Files\EA GAMES\Les Sims 2  La bonne affaire\EAUninstall.exe
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims™ 2 Animaux & Cie-->C:\Program Files\EA GAMES\Les Sims 2 Animaux & Cie\EAUninstall.exe
Les Sims™ 2 Kit Glamour-->C:\Program Files\EA GAMES\Les Sims 2 Kit Glamour\EAUninstall.exe
Les Sims™ 2 La Vie en Appartement-->D:\program\appartment life\EAUninstall.exe
Les Sims™ 2 Au fil des saisons-->C:\Program Files\EA GAMES\Les Sims 2 Au fil des saisons\EAUninstall.exe
Les Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\Les Sims 2 Bon Voyage\EAUninstall.exe
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Mystery Case Files - Prime Suspects-->"C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst-->"C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Neuf - Media Center-->C:\Program Files\Neuf\Media Center\uninstall.exe
Neuf Giga Drive v2.3.0-->"C:\Program Files\Neuf\Neuf Giga Drive\unins000.exe"
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
OpenOffice.org 2.4-->MsiExec.exe /I{B6694BAA-7604-46AA-A41F-B5F1E6DADE7A}
PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
Pro Evolution Soccer 2008-->C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c
Pro Evolution Soccer 2009 DEMO-->MsiExec.exe /X{722AED08-B149-423F-8B86-8453643B61E5}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Retail Virtual EVE-->MsiExec.exe /X{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Runaway 2 Patch 1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{487BA14B-770D-403F-A9FA-98BBBF4A2722}\Setup.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
Star Defender 3-->"C:\Program Files\Acer GameZone\Star Defender 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Star Defender 3\install.log"
TELL ME MORE-->"C:\Program Files\Auralog\TELL ME MORE Performance\Bin\unsetup.exe" -file "C:\Program Files\Auralog\TELL ME MORE Performance\unsetup.aui"
TeLL me More-->"C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui"
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
Tom Clancy's Ghost Recon Advanced Warfighter® 2-->"C:\Program Files\InstallShield Installation Information\{F78AC3C0-578C-49AB-BD4E-3107A6036A13}\Setup.exe" -runfromtemp -l0x040c -removeonly
Treasures of the Deep-->"C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
UseNeXT-->"C:\Program Files\UseNeXT\unins000.exe"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
X-Plane 8.0-->C:\Windows\iun6002.exe "C:\Program Files\X-Plane\irunin.ini"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\common\unyt.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.7.1098 [VPS 081015-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------
1
Réponse 3 / 37
sonaquil
 
Personne ??????
0
Réponse 4 / 37
sonaquil
 
Logfile of random's system information tool 1.04 (written by random/random)
Run by Fabien at 2008-10-16 18:09:33
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 28 GB (24%) free of 114 GB
Total RAM: 2045 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:42, on 16/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Fabien\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Fabien\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fabien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
sonaquil
 
Bonjour, le lien que tu m'as donné pour usb fix ne fonctionne pas..ou puis je le trouver autre part?

A+
0
Réponse 6 / 37
sonaquil
 
Salut! voici le rapport demandé:


-----------\\ ToolBar S&D 1.2.2 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Default System BIOS
USER : Fabien ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.7.1098 [VPS 081017-1] 4.7.1098 (Activated)
C:\ (Local Disk) - NTFS - Total : 111 Go Free : 26 Go
D:\ (Local Disk) - NTFS - Total : 232 Go Free : 78 Go
E:\ (Local Disk) - NTFS - Total : 111 Go Free : 106 Go
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [1] ( 18/10/2008| 4:49 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Windows\iun6002.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://home.neuf.fr/"
"SEARCH PAGE"="https://actus.sfr.fr"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="https://actus.sfr.fr"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://fr.yahoo.com/"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://actus.sfr.fr"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections

C:\Program Files\InternetGameBox
C:\Program Files\InternetGameBox\language
C:\Program Files\InternetGameBox\ressources
C:\Program Files\InternetGameBox\skins
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\Conditions g‚n‚rales.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\Confidentialit‚.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\D‚sinstaller.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\InternetGameBox.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\Website.url

C:\Users\Fabien\AppData\Local\glurxd.dat
C:\Users\Fabien\AppData\Local\glurxd_nav.dat
C:\Users\Fabien\AppData\Local\glurxd_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Fabien\Microsoft Office 2007 Working Keygen.exe
C:\Users\Fabien\Seriali e KeyGen
C:\Users\Fabien\AppData\Local\Microsoft\Messenger\fafabuloso33@hotmail.fr\Sharing Folders\sonaquil@hotmail.com\Crack
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\crack recon.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\crack.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Football Manager 2008 (PC) + crack (2).lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Football Manager 2008 (PC) + crack.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Ghost Recon Advanced Warfighter 2 keygen-HATRED.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Ghost_Recon_Advanced_Warfighter_2_keygen___HATRED_rar-Fenopy.com.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Microsoft Office 2007 Keygen Updated.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Microsoft Office 2007 Working Keygen.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Microsoft.Office.2007.Keygen.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Pc Game - Pes - Pro Evolution Soccer 2008-Serial ok(multi crack keygen patch) !!!.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\serial.keygen.crack.generator.Microsoft Office Word 2007.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\Seriali e KeyGen Microsoft Office Word 2007.lnk
C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Recent\The.Sims2.Apartment.Life.Crack.n.Keygen.lnk
C:\Users\Fabien\AppData\Roaming\uTorrent\Ghost Recon Advanced Warfighter 2 keygen-HATRED.rar.1.torrent
C:\Users\Fabien\AppData\Roaming\uTorrent\Ghost Recon Advanced Warfighter 2 keygen-HATRED.rar.2.torrent
C:\Users\Fabien\AppData\Roaming\uTorrent\Ghost Recon Advanced Warfighter 2 keygen-HATRED.rar.torrent
C:\Users\Fabien\AppData\Roaming\uTorrent\keygen.exe.torrent
C:\Users\Fabien\AppData\Roaming\uTorrent\Mercenaries.2.World.In.Flames.Crackfix-RELOADED.torrent
C:\Users\Fabien\AppData\Roaming\uTorrent\Microsoft Office 2007 Keygen Updated.rar.torrent
C:\Users\Fabien\AppData\Roaming\uTorrent\Microsoft Office 2007 Keygen.exe.torrent
C:\Users\Fabien\AppData\Roaming\uTorrent\Microsoft Office 2007 Working Keygen.rar.torrent
C:\Users\Fabien\AppData\Roaming\uTorrent\Microsoft.Office.2007.Keygen.rar.torrent
C:\Users\Fabien\Documents\Football Manager 2008 (PC) + crack
C:\Users\Fabien\Documents\Football Manager 2008 (PC) + crack\fm.exe
C:\Users\Fabien\Documents\Football Manager 2008 (PC) + crack\FM2008.iso
C:\Users\Fabien\Documents\Football Manager 2008 (PC) + crack\How to get a Nintendo Wii for nothing (United Kingdom Residents only).rtf
C:\Users\Fabien\Documents\Football Manager 2008 (PC) + crack\instructions.txt


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 18/10/2008| 4:50 - Option : [1]

-----------\\ Fin du rapport a 4:50:29,69
0
Réponse 7 / 37
sonaquil
 
------------ UsbFix V2.395 ---------------

* User : Fabien - PC-DE-FABIEN
* Outils mis a jours le 19/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 22:42:45 le 19/10/2008
* Windows Vista - Internet Explorer 7.0.6001.18000


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\PresentationSettings.exe
C:\Users\Fabien\AppData\Local\Temp\3764.tmp\b2e.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe

--------------- [ Registre / Startup ] ----------------


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RtHDVCpl REG_SZ RtHDVCpl.exe


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe


--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38f680d3-15dd-11dd-8d86-e502b920a69e}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1927468796-954007364-4057346285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38f680d3-15dd-11dd-8d86-e502b920a69e}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89accbd-16b6-11dd-a3a3-81d9dd55b0d2}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1927468796-954007364-4057346285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89accbd-16b6-11dd-a3a3-81d9dd55b0d2}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------


--------------- ! Fin du rapport ! ----------------
0
Réponse 8 / 37
sonaquil
 
C:\Windows\system32\xa11785298.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.20 -
Panda 9.0.0.4 2008.10.20 -
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 -
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 385024 bytes
MD5...: 1423f42c1cd7376c81a654af4d3b4684
SHA1..: 564216c16bf9edc8b47f44feeadfbb98d194c24a
SHA256: 595152cc52f0277187b5258ef5325b4a8e3f4a8b8c7caf46cc47ec75d78bf40c
SHA512: 0a43b0df279ada21f19a9b02f9ff457a8c30d05d9e415a3158efaa5ac07b1f74
6318af061e15d80808a23d951b9d4e19cf7f1c598149068e606c7d2759bba9c0
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x416474
timedatestamp.....: 0x41336b64 (Mon Aug 30 18:01:08 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x17222 0x18000 6.35 626b1aba9f7f55dd221b3783ea199f7b
.rdata 0x19000 0x586c 0x6000 4.79 f9f8b70f97af122873a67bcc5e969595
.data 0x1f000 0x2584 0x3000 3.60 921e0695eb3844e4f555f1a1861bb717
.rsrc 0x22000 0x3b918 0x3c000 3.27 2a199c9a9269838547c52548ac800843

( 10 imports )
> AutoRunV.dll: _SetVersionString@CViewer@@QAEXVCString@@@Z, _SetFailsafeProgPath@CViewer@@QAEXVCString@@@Z, _SetTargetFileExtension@CViewer@@QAEXVCString@@@Z, _SetHasFailsafeProgram@CViewer@@QAEXH@Z, _SetProjectRegistryKey@CViewer@@QAEXVCString@@@Z, _SetTargetNum@CViewer@@QAEXH@Z, _SetHide@CViewer@@QAEXH@Z, _SetSplash@CViewer@@QAEXH@Z, _SetVerbose@CViewer@@QAEXH@Z, _SetDisplayConfirmation@CViewer@@QAEXH@Z, _SetFailsafeConfMessage@CViewer@@QAEXVCString@@@Z, _SetShowBackground@CImageViewer@@QAEXH@Z, _SetDuration@CImageViewer@@QAEXH@Z, _SetSoundFilename@CImageViewer@@QAEXVCString@@@Z, _SetImageFilename@CImageViewer@@QAEXVCString@@@Z, __1CFileViewer@@UAE@XZ, _SetTempPath@CViewer@@QAEXVCString@@@Z, __0CImageViewer@@QAE@XZ, _SetTestMode@CViewer@@QAEX_N@Z, __0CFolderViewer@@QAE@XZ, __0CWebViewer@@QAE@XZ, __0CZipViewer@@QAE@XZ, __0CMediaViewer@@QAE@XZ, __0CFlashViewer@@QAE@XZ, __0CSlideShowViewer@@QAE@XZ, __0CMenuViewer@@QAE@XZ, _SetViewerType@CViewer@@QAEXH@Z, __0CFileViewer@@QAE@XZ, _SetBackgroundColor@CImageViewer@@QAEXK@Z, _SetSuppressAOL@CViewer@@QAEXH@Z, _SetProgramDirectory@CViewer@@QAEXVCString@@@Z
> WINMM.dll: mciSendCommandA
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: exit, _XcptFilter, _exit, _terminate@@YAXXZ, _acmdln, _except_handler3, _onexit, __dllonexit, calloc, _splitpath, _errno, strncpy, _initterm, __getmainargs, _utime, realloc, _mbsicoll, mktime, _mbscoll, qsort, time, _CxxThrowException, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _chdir, _access, __1type_info@@UAE@XZ, __CxxFrameHandler, _setmbcp, _stricmp, strcpy, _mbsicmp, __set_app_type, memset, memcpy, _controlfp, strchr, strstr, memmove, malloc, _mbscmp, _purecall, strlen, atoi, free
> KERNEL32.dll: SetFilePointer, Sleep, GetTempPathA, FindFirstFileA, GetModuleFileNameA, SetCurrentDirectoryA, GetCurrentDirectoryA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, CreateFileA, lstrcatA, GetFileSize, MoveFileExA, GetWindowsDirectoryA, TerminateProcess, WaitForSingleObject, GetVersionExA, GetFullPathNameA, GetProcAddress, OpenProcess, FreeLibrary, HeapCreate, LoadLibraryA, HeapFree, HeapAlloc, HeapDestroy, SetFileAttributesA, GetDiskFreeSpaceA, GetDriveTypeA, SetVolumeLabelA, MoveFileA, CreateDirectoryA, DeleteFileA, FormatMessageA, GetLastError, LocalFree, GetStartupInfoA, GetModuleHandleA, CloseHandle, SetEndOfFile
> USER32.dll: GetClassInfoA, LoadCursorA, SetForegroundWindow, DrawIcon, UpdateWindow, DefWindowProcA, EnumWindows, PostMessageA, IsWindow, KillTimer, EnableWindow, GetSysColor, GetWindowRect, SetCursor, GetClientRect, IsIconic, GetSystemMetrics, FillRect, PtInRect, OemToCharBuffA, SendMessageA, GetWindowThreadProcessId, SetRect, SystemParametersInfoA, CharToOemBuffA, SetTimer, LoadIconA, FindWindowA, InvalidateRect, wsprintfA
> GDI32.dll: CreateCompatibleDC, BitBlt, GetTextExtentPoint32A, CreateCompatibleBitmap, GetObjectA, CreateFontIndirectA, CreateSolidBrush
> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegQueryValueExA, RegSetValueExA, RegCreateKeyExA
> SHELL32.dll: ShellExecuteA
> MSVCIRT.dll: __0ifstream@@QAE@XZ, _getline@istream@@QAEAAV1@PADHD@Z, ___Difstream@@QAEXXZ, _openprot@filebuf@@2HB, _open@ifstream@@QAEXPBDHH@Z, _close@ifstream@@QAEXXZ, __1ios@@UAE@XZ, __1ifstream@@UAE@XZ

( 0 exports )



AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.20 -
Panda 9.0.0.4 2008.10.20 -
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 -
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 385024 bytes
MD5...: 1423f42c1cd7376c81a654af4d3b4684
SHA1..: 564216c16bf9edc8b47f44feeadfbb98d194c24a
SHA256: 595152cc52f0277187b5258ef5325b4a8e3f4a8b8c7caf46cc47ec75d78bf40c
SHA512: 0a43b0df279ada21f19a9b02f9ff457a8c30d05d9e415a3158efaa5ac07b1f74
6318af061e15d80808a23d951b9d4e19cf7f1c598149068e606c7d2759bba9c0
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x416474
timedatestamp.....: 0x41336b64 (Mon Aug 30 18:01:08 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x17222 0x18000 6.35 626b1aba9f7f55dd221b3783ea199f7b
.rdata 0x19000 0x586c 0x6000 4.79 f9f8b70f97af122873a67bcc5e969595
.data 0x1f000 0x2584 0x3000 3.60 921e0695eb3844e4f555f1a1861bb717
.rsrc 0x22000 0x3b918 0x3c000 3.27 2a199c9a9269838547c52548ac800843

( 10 imports )
> AutoRunV.dll: _SetVersionString@CViewer@@QAEXVCString@@@Z, _SetFailsafeProgPath@CViewer@@QAEXVCString@@@Z, _SetTargetFileExtension@CViewer@@QAEXVCString@@@Z, _SetHasFailsafeProgram@CViewer@@QAEXH@Z, _SetProjectRegistryKey@CViewer@@QAEXVCString@@@Z, _SetTargetNum@CViewer@@QAEXH@Z, _SetHide@CViewer@@QAEXH@Z, _SetSplash@CViewer@@QAEXH@Z, _SetVerbose@CViewer@@QAEXH@Z, _SetDisplayConfirmation@CViewer@@QAEXH@Z, _SetFailsafeConfMessage@CViewer@@QAEXVCString@@@Z, _SetShowBackground@CImageViewer@@QAEXH@Z, _SetDuration@CImageViewer@@QAEXH@Z, _SetSoundFilename@CImageViewer@@QAEXVCString@@@Z, _SetImageFilename@CImageViewer@@QAEXVCString@@@Z, __1CFileViewer@@UAE@XZ, _SetTempPath@CViewer@@QAEXVCString@@@Z, __0CImageViewer@@QAE@XZ, _SetTestMode@CViewer@@QAEX_N@Z, __0CFolderViewer@@QAE@XZ, __0CWebViewer@@QAE@XZ, __0CZipViewer@@QAE@XZ, __0CMediaViewer@@QAE@XZ, __0CFlashViewer@@QAE@XZ, __0CSlideShowViewer@@QAE@XZ, __0CMenuViewer@@QAE@XZ, _SetViewerType@CViewer@@QAEXH@Z, __0CFileViewer@@QAE@XZ, _SetBackgroundColor@CImageViewer@@QAEXK@Z, _SetSuppressAOL@CViewer@@QAEXH@Z, _SetProgramDirectory@CViewer@@QAEXVCString@@@Z
> WINMM.dll: mciSendCommandA
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: exit, _XcptFilter, _exit, _terminate@@YAXXZ, _acmdln, _except_handler3, _onexit, __dllonexit, calloc, _splitpath, _errno, strncpy, _initterm, __getmainargs, _utime, realloc, _mbsicoll, mktime, _mbscoll, qsort, time, _CxxThrowException, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _chdir, _access, __1type_info@@UAE@XZ, __CxxFrameHandler, _setmbcp, _stricmp, strcpy, _mbsicmp, __set_app_type, memset, memcpy, _controlfp, strchr, strstr, memmove, malloc, _mbscmp, _purecall, strlen, atoi, free
> KERNEL32.dll: SetFilePointer, Sleep, GetTempPathA, FindFirstFileA, GetModuleFileNameA, SetCurrentDirectoryA, GetCurrentDirectoryA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, CreateFileA, lstrcatA, GetFileSize, MoveFileExA, GetWindowsDirectoryA, TerminateProcess, WaitForSingleObject, GetVersionExA, GetFullPathNameA, GetProcAddress, OpenProcess, FreeLibrary, HeapCreate, LoadLibraryA, HeapFree, HeapAlloc, HeapDestroy, SetFileAttributesA, GetDiskFreeSpaceA, GetDriveTypeA, SetVolumeLabelA, MoveFileA, CreateDirectoryA, DeleteFileA, FormatMessageA, GetLastError, LocalFree, GetStartupInfoA, GetModuleHandleA, CloseHandle, SetEndOfFile
> USER32.dll: GetClassInfoA, LoadCursorA, SetForegroundWindow, DrawIcon, UpdateWindow, DefWindowProcA, EnumWindows, PostMessageA, IsWindow, KillTimer, EnableWindow, GetSysColor, GetWindowRect, SetCursor, GetClientRect, IsIconic, GetSystemMetrics, FillRect, PtInRect, OemToCharBuffA, SendMessageA, GetWindowThreadProcessId, SetRect, SystemParametersInfoA, CharToOemBuffA, SetTimer, LoadIconA, FindWindowA, InvalidateRect, wsprintfA
> GDI32.dll: CreateCompatibleDC, BitBlt, GetTextExtentPoint32A, CreateCompatibleBitmap, GetObjectA, CreateFontIndirectA, CreateSolidBrush
> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegQueryValueExA, RegSetValueExA, RegCreateKeyExA
> SHELL32.dll: ShellExecuteA
> MSVCIRT.dll: __0ifstream@@QAE@XZ, _getline@istream@@QAEAAV1@PADHD@Z, ___Difstream@@QAEXXZ, _openprot@filebuf@@2HB, _open@ifstream@@QAEXPBDHH@Z, _close@ifstream@@QAEXXZ, __1ios@@UAE@XZ, __1ifstream@@UAE@XZ

( 0 exports )

C:\Windows\system32\wr46817.dll

ntivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.20 BHO.FQY
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 Trojan.Click.origin
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 Win32:Trojan-gen {Other}
Ikarus T3.1.1.44.0 2008.10.20 Trojan.Win32.BHO.g
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 Trojan:Win32/BHO.G
NOD32 3538 2008.10.20 a variant of Win32/BHO.NHM
Norman 5.80.02 2008.10.20 -
Panda 9.0.0.4 2008.10.20 -
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 Cloaked Malware
Rising 20.67.01.00 2008.10.20 Trojan.Win32.BHO.fgb
SecureWeb-Gateway 6.7.6 2008.10.20 LooksLike.Trojan
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 Trojan.Click
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 167936 bytes
MD5...: f1b4ce5ec59ba4b9f670abae8aee8186
SHA1..: 9f8de4a577282af7e38b301fa0b1f0de3921b803
SHA256: 5d5b33472b9d7114d1925a7bdb36c7a9f2a0d22db6c8017d550e84506a796aca
SHA512: 3241db7e818aa30d6048a23de03b4614243208bb57abdeb591108083b7faf0ad
4dbd13555e62afb2f2c21248a4d9feea18805c605d7302bc8bcc04b0649cd307
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1001585b
timedatestamp.....: 0x48d3659c (Fri Sep 19 08:41:00 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b423 0x1c000 6.30 ca0785156a409cc5a68a84bba2b5a93e
.rdata 0x1d000 0x3e30 0x4000 5.53 05fc8ba085c7b33c150d8d519d20ec38
.data 0x21000 0x496440 0x2000 1.75 eb0072f208e6cf9ef216b202b035db19
.rsrc 0x4b8000 0xaa0 0x1000 2.75 6d6f3a92c3cad476a2c23b1f04669999
.reloc 0x4b9000 0x4ca6 0x5000 2.60 94152202c44351319f757871095781db

( 10 imports )
> WININET.dll: InternetCloseHandle, InternetOpenA, InternetOpenUrlA, InternetReadFile
> urlmon.dll: UrlMkSetSessionOption, ObtainUserAgentString, URLDownloadToFileA
> KERNEL32.dll: GetVersionExA, GetACP, GetLocaleInfoA, GetThreadLocale, DeleteCriticalSection, LeaveCriticalSection, InterlockedIncrement, EnterCriticalSection, InterlockedDecrement, InitializeCriticalSection, MultiByteToWideChar, GetLastError, WideCharToMultiByte, lstrlenW, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, lstrcpynA, IsDBCSLeadByte, lstrcatA, CloseHandle, TerminateProcess, Sleep, ReleaseMutex, CreateMutexA, CreateSemaphoreA, lstrcatW, lstrcpyW, CreateProcessA, InterlockedExchange, SetFilePointer, VirtualQuery, GetSystemInfo, VirtualProtect, GetStringTypeW, GetStringTypeA, GetModuleFileNameA, lstrlenA, lstrcpyA, lstrcmpiA, DisableThreadLibraryCalls, LCMapStringA, LCMapStringW, ReadFile, SetStdHandle, GetCPInfo, GetOEMCP, IsBadCodePtr, IsBadReadPtr, LoadLibraryA, WriteFile, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, SetUnhandledExceptionFilter, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, TlsAlloc, TlsGetValue, SetLastError, TlsFree, GetCurrentProcessId, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlushFileBuffers, ExitProcess, RtlUnwind, HeapFree, RaiseException, HeapReAlloc, HeapAlloc, GetSystemTimeAsFileTime, GetCurrentThreadId, TlsSetValue, GetCommandLineA, GetProcAddress, GetModuleHandleA, GetCurrentProcess, HeapSize, QueryPerformanceCounter, GetTickCount, GetEnvironmentStrings
> USER32.dll: KillTimer, CharNextA, SetTimer, wsprintfA, wsprintfW
> ADVAPI32.dll: RegDeleteValueA, RegDeleteKeyA, RegOpenKeyA, RegQueryInfoKeyA, RegEnumKeyExA, RegCreateKeyExA, RegCreateKeyA, RegEnumKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA
> SHELL32.dll: SHGetSpecialFolderPathA, ShellExecuteA
> ole32.dll: CoTaskMemRealloc, CoCreateInstance, CoTaskMemAlloc, CoTaskMemFree, StringFromGUID2
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathFindExtensionA
> COMCTL32.dll: InitCommonControlsEx

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=4AAB3C88001D9DB5908502235FADBD004B2D9775

C:\Windows\system32\xa11601326.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.20 -
Panda 9.0.0.4 2008.10.20 -
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 -
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 385024 bytes
MD5...: 1423f42c1cd7376c81a654af4d3b4684
SHA1..: 564216c16bf9edc8b47f44feeadfbb98d194c24a
SHA256: 595152cc52f0277187b5258ef5325b4a8e3f4a8b8c7caf46cc47ec75d78bf40c
SHA512: 0a43b0df279ada21f19a9b02f9ff457a8c30d05d9e415a3158efaa5ac07b1f74
6318af061e15d80808a23d951b9d4e19cf7f1c598149068e606c7d2759bba9c0
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x416474
timedatestamp.....: 0x41336b64 (Mon Aug 30 18:01:08 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x17222 0x18000 6.35 626b1aba9f7f55dd221b3783ea199f7b
.rdata 0x19000 0x586c 0x6000 4.79 f9f8b70f97af122873a67bcc5e969595
.data 0x1f000 0x2584 0x3000 3.60 921e0695eb3844e4f555f1a1861bb717
.rsrc 0x22000 0x3b918 0x3c000 3.27 2a199c9a9269838547c52548ac800843

( 10 imports )
> AutoRunV.dll: _SetVersionString@CViewer@@QAEXVCString@@@Z, _SetFailsafeProgPath@CViewer@@QAEXVCString@@@Z, _SetTargetFileExtension@CViewer@@QAEXVCString@@@Z, _SetHasFailsafeProgram@CViewer@@QAEXH@Z, _SetProjectRegistryKey@CViewer@@QAEXVCString@@@Z, _SetTargetNum@CViewer@@QAEXH@Z, _SetHide@CViewer@@QAEXH@Z, _SetSplash@CViewer@@QAEXH@Z, _SetVerbose@CViewer@@QAEXH@Z, _SetDisplayConfirmation@CViewer@@QAEXH@Z, _SetFailsafeConfMessage@CViewer@@QAEXVCString@@@Z, _SetShowBackground@CImageViewer@@QAEXH@Z, _SetDuration@CImageViewer@@QAEXH@Z, _SetSoundFilename@CImageViewer@@QAEXVCString@@@Z, _SetImageFilename@CImageViewer@@QAEXVCString@@@Z, __1CFileViewer@@UAE@XZ, _SetTempPath@CViewer@@QAEXVCString@@@Z, __0CImageViewer@@QAE@XZ, _SetTestMode@CViewer@@QAEX_N@Z, __0CFolderViewer@@QAE@XZ, __0CWebViewer@@QAE@XZ, __0CZipViewer@@QAE@XZ, __0CMediaViewer@@QAE@XZ, __0CFlashViewer@@QAE@XZ, __0CSlideShowViewer@@QAE@XZ, __0CMenuViewer@@QAE@XZ, _SetViewerType@CViewer@@QAEXH@Z, __0CFileViewer@@QAE@XZ, _SetBackgroundColor@CImageViewer@@QAEXK@Z, _SetSuppressAOL@CViewer@@QAEXH@Z, _SetProgramDirectory@CViewer@@QAEXVCString@@@Z
> WINMM.dll: mciSendCommandA
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: exit, _XcptFilter, _exit, _terminate@@YAXXZ, _acmdln, _except_handler3, _onexit, __dllonexit, calloc, _splitpath, _errno, strncpy, _initterm, __getmainargs, _utime, realloc, _mbsicoll, mktime, _mbscoll, qsort, time, _CxxThrowException, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _chdir, _access, __1type_info@@UAE@XZ, __CxxFrameHandler, _setmbcp, _stricmp, strcpy, _mbsicmp, __set_app_type, memset, memcpy, _controlfp, strchr, strstr, memmove, malloc, _mbscmp, _purecall, strlen, atoi, free
> KERNEL32.dll: SetFilePointer, Sleep, GetTempPathA, FindFirstFileA, GetModuleFileNameA, SetCurrentDirectoryA, GetCurrentDirectoryA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, CreateFileA, lstrcatA, GetFileSize, MoveFileExA, GetWindowsDirectoryA, TerminateProcess, WaitForSingleObject, GetVersionExA, GetFullPathNameA, GetProcAddress, OpenProcess, FreeLibrary, HeapCreate, LoadLibraryA, HeapFree, HeapAlloc, HeapDestroy, SetFileAttributesA, GetDiskFreeSpaceA, GetDriveTypeA, SetVolumeLabelA, MoveFileA, CreateDirectoryA, DeleteFileA, FormatMessageA, GetLastError, LocalFree, GetStartupInfoA, GetModuleHandleA, CloseHandle, SetEndOfFile
> USER32.dll: GetClassInfoA, LoadCursorA, SetForegroundWindow, DrawIcon, UpdateWindow, DefWindowProcA, EnumWindows, PostMessageA, IsWindow, KillTimer, EnableWindow, GetSysColor, GetWindowRect, SetCursor, GetClientRect, IsIconic, GetSystemMetrics, FillRect, PtInRect, OemToCharBuffA, SendMessageA, GetWindowThreadProcessId, SetRect, SystemParametersInfoA, CharToOemBuffA, SetTimer, LoadIconA, FindWindowA, InvalidateRect, wsprintfA
> GDI32.dll: CreateCompatibleDC, BitBlt, GetTextExtentPoint32A, CreateCompatibleBitmap, GetObjectA, CreateFontIndirectA, CreateSolidBrush
> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegQueryValueExA, RegSetValueExA, RegCreateKeyExA
> SHELL32.dll: ShellExecuteA
> MSVCIRT.dll: __0ifstream@@QAE@XZ, _getline@istream@@QAEAAV1@PADHD@Z, ___Difstream@@QAEXXZ, _openprot@filebuf@@2HB, _open@ifstream@@QAEXPBDHH@Z, _close@ifstream@@QAEXXZ, __1ios@@UAE@XZ, __1ifstream@@UAE@XZ

A suivre le combo bix
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Très instructif ... passes à Combofix donc ....
-1
Réponse 9 / 37
sonaquil
 
et le rapport combo fix!

ComboFix 08-10-19.04 - Fabien 2008-10-20 18:58:29.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1300 [GMT 2:00]
Lancé depuis: C:\Users\Fabien\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-20 au 2008-10-20 ))))))))))))))))))))))))))))))))))))
.

2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Users\Fabien\AppData\Roaming\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 07:59 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-20 07:59 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-19 22:34 . 2008-10-20 07:50 <REP> d-------- C:\Program Files\UsbFix
2008-10-19 19:17 . 2008-10-19 19:55 <REP> d-------- C:\Program Files\Navilog1
2008-10-19 14:57 . 2008-10-19 14:57 <REP> d-------- C:\_OTMoveIt
2008-10-18 06:29 . 2008-10-18 06:29 <REP> d-------- C:\Program Files\SpeedFan
2008-10-18 06:29 . 2008-10-18 06:29 45 --a------ C:\Windows\System32\initdebug.nfo
2008-10-18 04:48 . 2008-10-19 15:55 <REP> d-------- C:\ToolBar SD
2008-10-16 17:49 . 2008-10-16 17:49 <REP> d-------- C:\rsit
2008-10-16 16:24 . 2008-10-16 16:24 <REP> d-------- C:\Program Files\Trend Micro
2008-10-15 19:12 . 2008-10-15 19:13 1,905 --a------ C:\Windows\diagwrn.xml
2008-10-15 19:12 . 2008-10-15 19:13 1,905 --a------ C:\Windows\diagerr.xml
2008-10-14 15:54 . 2008-10-14 15:54 <REP> d-------- C:\Program Files\7-Zip
2008-10-12 16:09 . 2008-10-12 16:09 <REP> d-------- C:\Users\All Users\Windows Genuine Advantage
2008-10-06 15:24 . 2008-10-06 15:24 <REP> d-------- C:\Program Files\RegCleaner
2008-10-06 14:56 . 2008-10-06 14:56 <REP> d-------- C:\Program Files\EA Sports
2008-10-06 14:42 . 2008-10-06 14:42 <REP> d-------- C:\Users\Fabien\Drivers
2008-10-05 17:48 . 2008-10-05 17:48 <REP> d-------- C:\Users\Fabien\AppData\Roaming\Leadertech
2008-09-22 18:45 . 2008-09-22 18:45 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-22 17:14 . 2008-10-16 16:54 <REP> d-------- C:\Users\Fabien\AppData\Roaming\OpenOffice.org2
2008-09-22 13:22 . 2008-09-22 13:22 0 --a------ C:\debug.crf
2008-09-22 13:18 . 2008-09-22 13:18 385,024 --a------ C:\Windows\System32\xa11785547.exe
2008-09-22 13:18 . 2008-09-22 13:18 385,024 --a------ C:\Windows\System32\xa11785298.exe
2008-09-22 13:16 . 2008-09-22 13:16 385,024 --a------ C:\Windows\System32\xa11672930.exe
2008-09-22 13:16 . 2008-09-22 13:16 385,024 --a------ C:\Windows\System32\xa11672681.exe
2008-09-22 13:15 . 2008-09-22 13:15 385,024 --a------ C:\Windows\System32\xa11601326.exe
2008-09-22 13:15 . 2008-09-22 13:15 385,024 --a------ C:\Windows\System32\xa11601045.exe
2008-09-22 13:15 . 2008-09-22 13:15 167,936 --a------ C:\Windows\System32\wr46817.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 12:57 --------- d-----w C:\Users\Fabien\AppData\Roaming\uTorrent
2008-10-18 03:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-18 03:20 --------- d-----w C:\Program Files\KONAMI
2008-10-16 14:46 --------- d---a-w C:\ProgramData\TEMP
2008-10-14 18:29 --------- d-----w C:\ProgramData\Ubisoft
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-09-24 15:09 --------- d-----w C:\Program Files\EA GAMES
2008-09-22 19:36 --------- d-----w C:\Program Files\Codemasters
2008-09-22 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-22 15:21 --------- d-----w C:\Program Files\Microsoft Works
2008-09-22 15:11 --------- d-----w C:\Program Files\Java
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-17 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 16:52 --------- d-----w C:\Program Files\Monte Cristo
2008-09-13 22:16 --------- d-----w C:\Users\Fabien\AppData\Roaming\DAEMON Tools
2008-09-13 22:16 --------- d-----w C:\ProgramData\Media Center Programs
2008-09-13 22:16 --------- d-----w C:\Program Files\UBISOFT
2008-09-13 22:16 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-09-12 22:35 --------- d-----w C:\Program Files\Alcohol Soft
2008-08-29 22:31 278,728 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-08-29 22:31 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-08-29 22:07 --------- d-----w C:\Program Files\X-Plane
2008-08-29 22:07 --------- d-----w C:\Program Files\Rockstar Games
2008-08-29 22:07 --------- d-----w C:\Program Files\DivX
2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys
2008-08-06 18:34 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-08-06 18:34 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-08-06 18:29 22,328 ----a-w C:\Users\Fabien\AppData\Roaming\PnkBstrK.sys
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-05-24 05:20 174 --sha-w C:\Program Files\desktop.ini
2008-05-12 20:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-12 20:07 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-12 20:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-19 22:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-19 22:35 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-19 22:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{D0A6304D-819B-411B-A0DD-349D66451688}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{44AEC2BE-C39B-4B4C-8ABC-0B7E421824EA}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{FF76204C-4C6D-40B4-997D-25EC1ABC4745}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{8A7BDEFA-8E15-47E7-91A6-E2C23A8F86EC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{41A2A3F5-16D1-4BF1-8A85-940F96080697}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{3841E113-9CDC-49AF-B6FD-1804928CE929}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{2E3B1A3E-7796-43F0-BAF9-74458A5985EF}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{4B89D9CC-B0B0-4F04-A6C1-99E4AA91EB44}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{7977D237-4D23-407C-81C9-187D356DC22B}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{0B175661-9182-4619-B0BC-74BCEFFFAC05}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{682F13C9-0636-49BA-94D5-58366C32634D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{086179B4-0A8C-4FB4-86B8-3934F0250573}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BE445D8C-2FF9-45A4-AEA5-FC17EA8FA5A7}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{66159B11-3615-41E9-951D-39E977CF3820}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{61127A9B-A244-438A-B558-9CD7AB7DC3BD}"= TCP:10093:port fm1
"{113C4C30-07FD-465A-AE15-83C7094A8BD4}"= UDP:10094:port fm2
"TCP Query User{68846C28-60CD-4DA3-81B8-64B9A66B2853}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6078DCA6-5351-482D-87FF-347C4F77F046}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7443B907-AFFD-4121-8540-B5A49A9F4347}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F99B7EDA-951D-45B6-8E7F-55792D6E6C6E}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{345C3572-A9FE-423A-965B-37646C621F5C}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{C4A692B4-5D24-4C23-BAA3-B936B2FD2FA8}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{20964DBA-10FB-474A-9891-534A5371A332}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008
"UDP Query User{965FCDAB-A616-424A-B420-29AC6FB9EDA7}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008
"{0884D3CC-A72E-4100-BBB2-24BFDBF381C3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6F643EB4-4832-403B-84DF-4C5CB9963E26}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3CA60563-B2D5-42E6-9940-C2835CD1D0FA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ED549A87-D3A4-43A2-8622-69DA1EAA2D69}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{26CAF261-D8FD-4D0F-8FD0-B0840F730474}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{83FBD664-D6A3-4A2A-A7E1-ECE00D0B08B5}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{CF6FECF6-2287-4578-B78C-D64572B2F06E}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{226FD81F-E0D0-4B94-9CFF-E71089D6D9DF}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{D002A002-7605-4039-9111-6BE92ECA5ECE}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CD6B0AE9-DECF-4279-A654-D129648C4358}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{6C1CA720-DC50-4048-8E1F-2D5539E7697D}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{C75D5198-BC1C-40F0-9645-18594BDE8A3A}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{E8E9A142-CC82-4B30-9BA4-63242CDDB3BE}"= UDP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{215B82E3-68C0-4F54-AF80-943BC8B7A886}"= TCP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{D6886498-3313-4C64-904A-8E9BDCABD9CB}"= UDP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"{A8B04E56-21E5-46DB-BFB4-C865EA47B992}"= TCP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"TCP Query User{FABEBB8E-E1A0-4019-8D3D-955FB064D5BF}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{4B3BA566-7277-40E8-A502-88F0A5AE8C62}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{D15AC1A2-D388-4A70-A4BD-5FEAEA726727}C:\\users\\fabien\\videos\\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\\parche pes 2008\\pes2008.exe"= UDP:C:\users\fabien\videos\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\parche pes 2008\pes2008.exe:pes2008.exe
"UDP Query User{B28EA3B5-D7F6-4491-9C98-E77CF0DF90A1}C:\\users\\fabien\\videos\\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\\parche pes 2008\\pes2008.exe"= TCP:C:\users\fabien\videos\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\parche pes 2008\pes2008.exe:pes2008.exe
"TCP Query User{E700B9A6-ECB9-4B39-98E5-8ED2008AF6C5}C:\\users\\fabien\\desktop\\vitality\\pes2008.exe"= UDP:C:\users\fabien\desktop\vitality\pes2008.exe:pes2008.exe
"UDP Query User{D0162477-ABC0-4520-8915-E737F22895F5}C:\\users\\fabien\\desktop\\vitality\\pes2008.exe"= TCP:C:\users\fabien\desktop\vitality\pes2008.exe:pes2008.exe
"TCP Query User{04497619-BE4A-4405-93D0-22E9C621D7B6}C:\\users\\fabien\\appdata\\local\\temp\\rar$ex02.620\\pes2008.exe"= UDP:C:\users\fabien\appdata\local\temp\rar$ex02.620\pes2008.exe:pes2008.exe
"UDP Query User{53B22F54-5A06-4C98-AE89-C4F1768E7F06}C:\\users\\fabien\\appdata\\local\\temp\\rar$ex02.620\\pes2008.exe"= TCP:C:\users\fabien\appdata\local\temp\rar$ex02.620\pes2008.exe:pes2008.exe
"{E7D00F54-ED7E-46DF-B501-CC101D813108}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{259D568A-126B-4BA8-8DF5-932D540D6605}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{255E43FA-F80E-44B1-85F3-D8D1D02B606D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{296D0095-3A55-4DB7-B184-02FCCFAC1372}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{AB75BDF4-E8E4-457E-A199-DD582C457886}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9C7C401D-3667-4744-9BDE-0B08B670B912}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{EEAAFA52-0891-4B07-AFBB-AFA0B11F104E}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6733538E-8346-4D37-BA90-48A1F1B3B69F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9F73D474-0CF0-4864-87CB-7188A1B2AB53}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{CAC193B6-A8F6-4D3D-B961-63DAA5984E63}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1912F05B-A748-4C1F-BB8D-B25BA635E8A0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{998CAEB4-70BF-4C91-9C9A-CE3581D85557}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{ABCD6DB2-BBF5-4162-AF4A-DDD18F62ACA7}C:\\program files\\ubisoft\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"UDP Query User{6CD2BED1-5817-4DE8-903F-8D9235792029}C:\\program files\\ubisoft\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{204280CF-F792-4EF5-97D3-CF710BDBDE52}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F97719EF-9A81-4457-B197-58A4F2DC0219}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{26E3CD33-77EB-4060-96D9-D74D6BD5BD7B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BA16E4E1-0A13-4E95-91A3-83DDBD275B50}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{1ABAC473-2EBB-4A89-89DC-0D37316AE8C8}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{56E5FC9E-A9CE-48CA-90D0-0BA8F1F2DA85}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"TCP Query User{34532869-7289-424D-84B2-FA59F98F6437}D:\\program files\\rsv\\binaries\\r6vegas2_game.exe"= UDP:D:\program files\rsv\binaries\r6vegas2_game.exe:R6Vegas2_Game
"UDP Query User{F9D4D1F0-AB32-4116-B494-4EF6915C1790}D:\\program files\\rsv\\binaries\\r6vegas2_game.exe"= TCP:D:\program files\rsv\binaries\r6vegas2_game.exe:R6Vegas2_Game
"{647B4118-76B4-4289-B451-52A4CC4215B4}"= UDP:D:\Program Files\pes 2009\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{50B40BC6-382A-4B5A-9F02-5DB634726B93}"= TCP:D:\Program Files\pes 2009\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51 13560]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 45648]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-11 2930176]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Fabien\AppData\Roaming\Mozilla\Firefox\Profiles\48bctutm.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 19:01:36
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Users\Fabien\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1283 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
Heure de fin: 2008-10-20 19:03:34
ComboFix-quarantined-files.txt 2008-10-20 17:03:30

Avant-CF: 29,291,356,160 octets libres
Après-CF: 29,240,680,448 octets libres

223 --- E O F --- 2008-10-15 22:04:57
0
Réponse 10 / 37
sonaquil
 
le voila,j'ai fais à nouveau les manip suivies a la lettre..

ComboFix 08-10-19.04 - Fabien 2008-10-20 22:19:40.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1161 [GMT 2:00]
Lancé depuis: C:\Users\Fabien\Downloads\ComboFix.exe
Commutateurs utilisés :: C:\Users\Fabien\Desktop\CFScript.lnk
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-20 au 2008-10-20 ))))))))))))))))))))))))))))))))))))
.

2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Users\Fabien\AppData\Roaming\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 07:59 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-20 07:59 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-19 22:34 . 2008-10-20 07:50 <REP> d-------- C:\Program Files\UsbFix
2008-10-19 19:17 . 2008-10-19 19:55 <REP> d-------- C:\Program Files\Navilog1
2008-10-19 14:57 . 2008-10-19 14:57 <REP> d-------- C:\_OTMoveIt
2008-10-18 06:29 . 2008-10-18 06:29 <REP> d-------- C:\Program Files\SpeedFan
2008-10-18 06:29 . 2008-10-18 06:29 45 --a------ C:\Windows\System32\initdebug.nfo
2008-10-18 04:48 . 2008-10-19 15:55 <REP> d-------- C:\ToolBar SD
2008-10-16 17:49 . 2008-10-16 17:49 <REP> d-------- C:\rsit
2008-10-16 16:24 . 2008-10-16 16:24 <REP> d-------- C:\Program Files\Trend Micro
2008-10-15 19:12 . 2008-10-15 19:13 1,905 --a------ C:\Windows\diagwrn.xml
2008-10-15 19:12 . 2008-10-15 19:13 1,905 --a------ C:\Windows\diagerr.xml
2008-10-14 15:54 . 2008-10-14 15:54 <REP> d-------- C:\Program Files\7-Zip
2008-10-12 16:09 . 2008-10-12 16:09 <REP> d-------- C:\Users\All Users\Windows Genuine Advantage
2008-10-06 15:24 . 2008-10-06 15:24 <REP> d-------- C:\Program Files\RegCleaner
2008-10-06 14:56 . 2008-10-06 14:56 <REP> d-------- C:\Program Files\EA Sports
2008-10-06 14:42 . 2008-10-06 14:42 <REP> d-------- C:\Users\Fabien\Drivers
2008-10-05 17:48 . 2008-10-05 17:48 <REP> d-------- C:\Users\Fabien\AppData\Roaming\Leadertech
2008-09-22 18:45 . 2008-09-22 18:45 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-22 17:14 . 2008-10-16 16:54 <REP> d-------- C:\Users\Fabien\AppData\Roaming\OpenOffice.org2
2008-09-22 13:22 . 2008-09-22 13:22 0 --a------ C:\debug.crf
2008-09-22 13:18 . 2008-09-22 13:18 385,024 --a------ C:\Windows\System32\xa11785547.exe
2008-09-22 13:18 . 2008-09-22 13:18 385,024 --a------ C:\Windows\System32\xa11785298.exe
2008-09-22 13:16 . 2008-09-22 13:16 385,024 --a------ C:\Windows\System32\xa11672930.exe
2008-09-22 13:16 . 2008-09-22 13:16 385,024 --a------ C:\Windows\System32\xa11672681.exe
2008-09-22 13:15 . 2008-09-22 13:15 385,024 --a------ C:\Windows\System32\xa11601326.exe
2008-09-22 13:15 . 2008-09-22 13:15 385,024 --a------ C:\Windows\System32\xa11601045.exe
2008-09-22 13:15 . 2008-09-22 13:15 167,936 --a------ C:\Windows\System32\wr46817.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 12:57 --------- d-----w C:\Users\Fabien\AppData\Roaming\uTorrent
2008-10-18 03:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-18 03:20 --------- d-----w C:\Program Files\KONAMI
2008-10-16 14:46 --------- d---a-w C:\ProgramData\TEMP
2008-10-14 18:29 --------- d-----w C:\ProgramData\Ubisoft
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-09-24 15:09 --------- d-----w C:\Program Files\EA GAMES
2008-09-22 19:36 --------- d-----w C:\Program Files\Codemasters
2008-09-22 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-22 15:21 --------- d-----w C:\Program Files\Microsoft Works
2008-09-22 15:11 --------- d-----w C:\Program Files\Java
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-17 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 16:52 --------- d-----w C:\Program Files\Monte Cristo
2008-09-13 22:16 --------- d-----w C:\Users\Fabien\AppData\Roaming\DAEMON Tools
2008-09-13 22:16 --------- d-----w C:\ProgramData\Media Center Programs
2008-09-13 22:16 --------- d-----w C:\Program Files\UBISOFT
2008-09-13 22:16 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-09-12 22:35 --------- d-----w C:\Program Files\Alcohol Soft
2008-08-29 22:31 278,728 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-08-29 22:31 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-08-29 22:07 --------- d-----w C:\Program Files\X-Plane
2008-08-29 22:07 --------- d-----w C:\Program Files\Rockstar Games
2008-08-29 22:07 --------- d-----w C:\Program Files\DivX
2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys
2008-08-06 18:34 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-08-06 18:34 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-08-06 18:29 22,328 ----a-w C:\Users\Fabien\AppData\Roaming\PnkBstrK.sys
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-05-24 05:20 174 --sha-w C:\Program Files\desktop.ini
2008-05-12 20:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-12 20:07 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-12 20:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-19 22:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-19 22:35 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-19 22:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-20_19.02.17.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-20 17:01:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-20 20:22:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-20 20:22:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{D0A6304D-819B-411B-A0DD-349D66451688}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{44AEC2BE-C39B-4B4C-8ABC-0B7E421824EA}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{FF76204C-4C6D-40B4-997D-25EC1ABC4745}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{8A7BDEFA-8E15-47E7-91A6-E2C23A8F86EC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{41A2A3F5-16D1-4BF1-8A85-940F96080697}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{3841E113-9CDC-49AF-B6FD-1804928CE929}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{2E3B1A3E-7796-43F0-BAF9-74458A5985EF}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{4B89D9CC-B0B0-4F04-A6C1-99E4AA91EB44}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{7977D237-4D23-407C-81C9-187D356DC22B}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{0B175661-9182-4619-B0BC-74BCEFFFAC05}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{682F13C9-0636-49BA-94D5-58366C32634D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{086179B4-0A8C-4FB4-86B8-3934F0250573}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BE445D8C-2FF9-45A4-AEA5-FC17EA8FA5A7}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{66159B11-3615-41E9-951D-39E977CF3820}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{61127A9B-A244-438A-B558-9CD7AB7DC3BD}"= TCP:10093:port fm1
"{113C4C30-07FD-465A-AE15-83C7094A8BD4}"= UDP:10094:port fm2
"TCP Query User{68846C28-60CD-4DA3-81B8-64B9A66B2853}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6078DCA6-5351-482D-87FF-347C4F77F046}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7443B907-AFFD-4121-8540-B5A49A9F4347}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F99B7EDA-951D-45B6-8E7F-55792D6E6C6E}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{345C3572-A9FE-423A-965B-37646C621F5C}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{C4A692B4-5D24-4C23-BAA3-B936B2FD2FA8}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{20964DBA-10FB-474A-9891-534A5371A332}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008
"UDP Query User{965FCDAB-A616-424A-B420-29AC6FB9EDA7}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008
"{0884D3CC-A72E-4100-BBB2-24BFDBF381C3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6F643EB4-4832-403B-84DF-4C5CB9963E26}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3CA60563-B2D5-42E6-9940-C2835CD1D0FA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ED549A87-D3A4-43A2-8622-69DA1EAA2D69}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{26CAF261-D8FD-4D0F-8FD0-B0840F730474}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{83FBD664-D6A3-4A2A-A7E1-ECE00D0B08B5}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{CF6FECF6-2287-4578-B78C-D64572B2F06E}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{226FD81F-E0D0-4B94-9CFF-E71089D6D9DF}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{D002A002-7605-4039-9111-6BE92ECA5ECE}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CD6B0AE9-DECF-4279-A654-D129648C4358}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{6C1CA720-DC50-4048-8E1F-2D5539E7697D}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{C75D5198-BC1C-40F0-9645-18594BDE8A3A}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{E8E9A142-CC82-4B30-9BA4-63242CDDB3BE}"= UDP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{215B82E3-68C0-4F54-AF80-943BC8B7A886}"= TCP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{D6886498-3313-4C64-904A-8E9BDCABD9CB}"= UDP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"{A8B04E56-21E5-46DB-BFB4-C865EA47B992}"= TCP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"TCP Query User{FABEBB8E-E1A0-4019-8D3D-955FB064D5BF}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{4B3BA566-7277-40E8-A502-88F0A5AE8C62}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{D15AC1A2-D388-4A70-A4BD-5FEAEA726727}C:\\users\\fabien\\videos\\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\\parche pes 2008\\pes2008.exe"= UDP:C:\users\fabien\videos\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\parche pes 2008\pes2008.exe:pes2008.exe
"UDP Query User{B28EA3B5-D7F6-4491-9C98-E77CF0DF90A1}C:\\users\\fabien\\videos\\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\\parche pes 2008\\pes2008.exe"= TCP:C:\users\fabien\videos\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\parche pes 2008\pes2008.exe:pes2008.exe
"TCP Query User{E700B9A6-ECB9-4B39-98E5-8ED2008AF6C5}C:\\users\\fabien\\desktop\\vitality\\pes2008.exe"= UDP:C:\users\fabien\desktop\vitality\pes2008.exe:pes2008.exe
"UDP Query User{D0162477-ABC0-4520-8915-E737F22895F5}C:\\users\\fabien\\desktop\\vitality\\pes2008.exe"= TCP:C:\users\fabien\desktop\vitality\pes2008.exe:pes2008.exe
"TCP Query User{04497619-BE4A-4405-93D0-22E9C621D7B6}C:\\users\\fabien\\appdata\\local\\temp\\rar$ex02.620\\pes2008.exe"= UDP:C:\users\fabien\appdata\local\temp\rar$ex02.620\pes2008.exe:pes2008.exe
"UDP Query User{53B22F54-5A06-4C98-AE89-C4F1768E7F06}C:\\users\\fabien\\appdata\\local\\temp\\rar$ex02.620\\pes2008.exe"= TCP:C:\users\fabien\appdata\local\temp\rar$ex02.620\pes2008.exe:pes2008.exe
"{E7D00F54-ED7E-46DF-B501-CC101D813108}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{259D568A-126B-4BA8-8DF5-932D540D6605}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{255E43FA-F80E-44B1-85F3-D8D1D02B606D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{296D0095-3A55-4DB7-B184-02FCCFAC1372}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{AB75BDF4-E8E4-457E-A199-DD582C457886}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9C7C401D-3667-4744-9BDE-0B08B670B912}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{EEAAFA52-0891-4B07-AFBB-AFA0B11F104E}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6733538E-8346-4D37-BA90-48A1F1B3B69F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9F73D474-0CF0-4864-87CB-7188A1B2AB53}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{CAC193B6-A8F6-4D3D-B961-63DAA5984E63}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1912F05B-A748-4C1F-BB8D-B25BA635E8A0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{998CAEB4-70BF-4C91-9C9A-CE3581D85557}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{ABCD6DB2-BBF5-4162-AF4A-DDD18F62ACA7}C:\\program files\\ubisoft\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"UDP Query User{6CD2BED1-5817-4DE8-903F-8D9235792029}C:\\program files\\ubisoft\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{204280CF-F792-4EF5-97D3-CF710BDBDE52}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F97719EF-9A81-4457-B197-58A4F2DC0219}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{26E3CD33-77EB-4060-96D9-D74D6BD5BD7B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BA16E4E1-0A13-4E95-91A3-83DDBD275B50}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{1ABAC473-2EBB-4A89-89DC-0D37316AE8C8}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{56E5FC9E-A9CE-48CA-90D0-0BA8F1F2DA85}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"TCP Query User{34532869-7289-424D-84B2-FA59F98F6437}D:\\program files\\rsv\\binaries\\r6vegas2_game.exe"= UDP:D:\program files\rsv\binaries\r6vegas2_game.exe:R6Vegas2_Game
"UDP Query User{F9D4D1F0-AB32-4116-B494-4EF6915C1790}D:\\program files\\rsv\\binaries\\r6vegas2_game.exe"= TCP:D:\program files\rsv\binaries\r6vegas2_game.exe:R6Vegas2_Game
"{647B4118-76B4-4289-B451-52A4CC4215B4}"= UDP:D:\Program Files\pes 2009\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{50B40BC6-382A-4B5A-9F02-5DB634726B93}"= TCP:D:\Program Files\pes 2009\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51 13560]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 45648]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-11 2930176]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 22:22:22
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Users\Fabien\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1283 bytes hidden from API


**************************************************************************
.
Heure de fin: 2008-10-20 22:25:12
ComboFix-quarantined-files.txt 2008-10-20 20:24:06
ComboFix2.txt 2008-10-20 17:41:45
ComboFix3.txt 2008-10-20 17:03:35

Avant-CF: 28,798,668,800 octets libres
Après-CF: 29,117,374,464 octets libres

216 --- E O F --- 2008-10-15 22:04:57
0
Réponse 11 / 37
sonaquil
 
ok post lu, je m'y remets dem matin en espérant que cette fois ci sera la bonne!As tu une idée pour le bureau qui ne s'affiche pas au démarrage? Et comment se fait-il que j'ai autant d'infections alors que j'ai un antivirus actif(Avast)??
tout autant de questions qui méritent eclaircicement..:)

A+ et encore merci pour ton aide
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Avast , qui n'est pas le top non plus , ne peux pas faire tout le boulot ... il faut le coupler avec un Anti spyware et multiplier les scan ... On verra cela une fois le PC clean ... Pour ton prb de bureau , je n'ai pas oublié , on va réglé cela aussi ...

A demain pour les résultats ... Désactives bien l'UAC avant d'attaquer !....


bonne nuit ... ;)
-1
sonaquil > sKe69 Messages postés 21955 Statut Contributeur sécurité
 
ok a dem!
0
Réponse 12 / 37
sonaquil
 
salut,je n'arrive pas a poster mon msg il me met msg deja posté...
0
Réponse 13 / 37
sonaquil
 
Coucou,

ComboFix 08-10-19.04 - Fabien 2008-10-21 17:27:10.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1302 [GMT 2:00]
Lancé depuis: C:\Users\Fabien\Downloads\ComboFix.exe
Commutateurs utilisés :: C:\Users\Fabien\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\wr46817.dll
C:\Windows\System32\xa11601045.exe
C:\Windows\System32\xa11601326.exe
C:\Windows\System32\xa11672681.exe
C:\Windows\System32\xa11672930.exe
C:\Windows\System32\xa11785298.exe
C:\Windows\System32\xa11785547.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\wr46817.dll
C:\Windows\System32\xa11601045.exe
C:\Windows\System32\xa11601326.exe
C:\Windows\System32\xa11672681.exe
C:\Windows\System32\xa11672930.exe
C:\Windows\System32\xa11785298.exe
C:\Windows\System32\xa11785547.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_CLTNetCnService


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.

2008-10-21 17:21 . 2008-10-21 17:21 <REP> d-------- C:\32788R22FWJFW
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Users\Fabien\AppData\Roaming\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-20 07:59 . 2008-10-20 07:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 07:59 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-20 07:59 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-19 22:34 . 2008-10-20 07:50 <REP> d-------- C:\Program Files\UsbFix
2008-10-19 19:17 . 2008-10-19 19:55 <REP> d-------- C:\Program Files\Navilog1
2008-10-19 14:57 . 2008-10-19 14:57 <REP> d-------- C:\_OTMoveIt
2008-10-18 06:29 . 2008-10-18 06:29 <REP> d-------- C:\Program Files\SpeedFan
2008-10-18 06:29 . 2008-10-18 06:29 45 --a------ C:\Windows\System32\initdebug.nfo
2008-10-18 04:48 . 2008-10-19 15:55 <REP> d-------- C:\ToolBar SD
2008-10-16 17:49 . 2008-10-16 17:49 <REP> d-------- C:\rsit
2008-10-16 16:24 . 2008-10-16 16:24 <REP> d-------- C:\Program Files\Trend Micro
2008-10-15 19:12 . 2008-10-15 19:13 1,905 --a------ C:\Windows\diagwrn.xml
2008-10-15 19:12 . 2008-10-15 19:13 1,905 --a------ C:\Windows\diagerr.xml
2008-10-14 15:54 . 2008-10-14 15:54 <REP> d-------- C:\Program Files\7-Zip
2008-10-12 16:09 . 2008-10-12 16:09 <REP> d-------- C:\Users\All Users\Windows Genuine Advantage
2008-10-06 15:24 . 2008-10-06 15:24 <REP> d-------- C:\Program Files\RegCleaner
2008-10-06 14:56 . 2008-10-06 14:56 <REP> d-------- C:\Program Files\EA Sports
2008-10-06 14:42 . 2008-10-06 14:42 <REP> d-------- C:\Users\Fabien\Drivers
2008-10-05 17:48 . 2008-10-05 17:48 <REP> d-------- C:\Users\Fabien\AppData\Roaming\Leadertech
2008-09-22 18:45 . 2008-09-22 18:45 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-22 17:14 . 2008-10-20 22:54 <REP> d-------- C:\Users\Fabien\AppData\Roaming\OpenOffice.org2
2008-09-22 13:22 . 2008-09-22 13:22 0 --a------ C:\debug.crf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 12:57 --------- d-----w C:\Users\Fabien\AppData\Roaming\uTorrent
2008-10-18 03:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-18 03:20 --------- d-----w C:\Program Files\KONAMI
2008-10-16 14:46 --------- d---a-w C:\ProgramData\TEMP
2008-10-14 18:29 --------- d-----w C:\ProgramData\Ubisoft
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-09-24 15:09 --------- d-----w C:\Program Files\EA GAMES
2008-09-22 19:36 --------- d-----w C:\Program Files\Codemasters
2008-09-22 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-22 15:21 --------- d-----w C:\Program Files\Microsoft Works
2008-09-22 15:11 --------- d-----w C:\Program Files\Java
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-17 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 16:52 --------- d-----w C:\Program Files\Monte Cristo
2008-09-13 22:16 --------- d-----w C:\Users\Fabien\AppData\Roaming\DAEMON Tools
2008-09-13 22:16 --------- d-----w C:\ProgramData\Media Center Programs
2008-09-13 22:16 --------- d-----w C:\Program Files\UBISOFT
2008-09-13 22:16 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-09-12 22:35 --------- d-----w C:\Program Files\Alcohol Soft
2008-08-29 22:31 278,728 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-08-29 22:31 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-08-29 22:07 --------- d-----w C:\Program Files\X-Plane
2008-08-29 22:07 --------- d-----w C:\Program Files\Rockstar Games
2008-08-29 22:07 --------- d-----w C:\Program Files\DivX
2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys
2008-08-06 18:34 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-08-06 18:34 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-08-06 18:29 22,328 ----a-w C:\Users\Fabien\AppData\Roaming\PnkBstrK.sys
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-05-24 05:20 174 --sha-w C:\Program Files\desktop.ini
2008-05-12 20:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-12 20:07 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-12 20:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-19 22:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-19 22:35 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-19 22:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-20_19.02.17.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\ERDNT\subs\ERDNT.EXE
- 2008-10-20 16:48:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-21 15:31:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-20 16:48:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-21 15:31:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-20 16:51:09 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-21 15:35:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-21 15:35:22 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-20 17:01:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 15:35:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-20 16:49:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 15:31:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-20 16:49:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-21 15:31:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-20 16:49:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-21 15:31:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-20 16:55:38 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-21 15:17:57 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-20 16:55:38 123,556 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-10-21 15:17:57 123,556 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-10-20 16:55:38 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-21 15:17:57 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-20 16:55:38 669,578 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-10-21 15:17:57 669,578 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-10-20 16:50:58 9,682 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1927468796-954007364-4057346285-1000_UserData.bin
+ 2008-10-21 15:17:57 9,718 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1927468796-954007364-4057346285-1000_UserData.bin
- 2008-10-20 16:50:58 93,616 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-21 15:17:55 93,726 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-20 14:45:49 60,474 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-21 15:17:54 60,624 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{D0A6304D-819B-411B-A0DD-349D66451688}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{44AEC2BE-C39B-4B4C-8ABC-0B7E421824EA}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{FF76204C-4C6D-40B4-997D-25EC1ABC4745}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{8A7BDEFA-8E15-47E7-91A6-E2C23A8F86EC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{41A2A3F5-16D1-4BF1-8A85-940F96080697}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{3841E113-9CDC-49AF-B6FD-1804928CE929}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{2E3B1A3E-7796-43F0-BAF9-74458A5985EF}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{4B89D9CC-B0B0-4F04-A6C1-99E4AA91EB44}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{7977D237-4D23-407C-81C9-187D356DC22B}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{0B175661-9182-4619-B0BC-74BCEFFFAC05}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{682F13C9-0636-49BA-94D5-58366C32634D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{086179B4-0A8C-4FB4-86B8-3934F0250573}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BE445D8C-2FF9-45A4-AEA5-FC17EA8FA5A7}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{66159B11-3615-41E9-951D-39E977CF3820}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{61127A9B-A244-438A-B558-9CD7AB7DC3BD}"= TCP:10093:port fm1
"{113C4C30-07FD-465A-AE15-83C7094A8BD4}"= UDP:10094:port fm2
"TCP Query User{68846C28-60CD-4DA3-81B8-64B9A66B2853}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6078DCA6-5351-482D-87FF-347C4F77F046}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7443B907-AFFD-4121-8540-B5A49A9F4347}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F99B7EDA-951D-45B6-8E7F-55792D6E6C6E}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{345C3572-A9FE-423A-965B-37646C621F5C}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{C4A692B4-5D24-4C23-BAA3-B936B2FD2FA8}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{20964DBA-10FB-474A-9891-534A5371A332}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008
"UDP Query User{965FCDAB-A616-424A-B420-29AC6FB9EDA7}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008
"{0884D3CC-A72E-4100-BBB2-24BFDBF381C3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6F643EB4-4832-403B-84DF-4C5CB9963E26}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3CA60563-B2D5-42E6-9940-C2835CD1D0FA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ED549A87-D3A4-43A2-8622-69DA1EAA2D69}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{26CAF261-D8FD-4D0F-8FD0-B0840F730474}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{83FBD664-D6A3-4A2A-A7E1-ECE00D0B08B5}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{CF6FECF6-2287-4578-B78C-D64572B2F06E}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{226FD81F-E0D0-4B94-9CFF-E71089D6D9DF}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{D002A002-7605-4039-9111-6BE92ECA5ECE}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CD6B0AE9-DECF-4279-A654-D129648C4358}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{6C1CA720-DC50-4048-8E1F-2D5539E7697D}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{C75D5198-BC1C-40F0-9645-18594BDE8A3A}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{E8E9A142-CC82-4B30-9BA4-63242CDDB3BE}"= UDP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{215B82E3-68C0-4F54-AF80-943BC8B7A886}"= TCP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{D6886498-3313-4C64-904A-8E9BDCABD9CB}"= UDP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"{A8B04E56-21E5-46DB-BFB4-C865EA47B992}"= TCP:C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:Ghost Recon Advanced Warfighter® 2 Dedicated Server
"TCP Query User{FABEBB8E-E1A0-4019-8D3D-955FB064D5BF}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{4B3BA566-7277-40E8-A502-88F0A5AE8C62}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"TCP Query User{D15AC1A2-D388-4A70-A4BD-5FEAEA726727}C:\\users\\fabien\\videos\\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\\parche pes 2008\\pes2008.exe"= UDP:C:\users\fabien\videos\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\parche pes 2008\pes2008.exe:pes2008.exe
"UDP Query User{B28EA3B5-D7F6-4491-9C98-E77CF0DF90A1}C:\\users\\fabien\\videos\\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\\parche pes 2008\\pes2008.exe"= TCP:C:\users\fabien\videos\pes 2008 pc [www.lokotorrents.com][by cerealkiller]\parche pes 2008\pes2008.exe:pes2008.exe
"TCP Query User{E700B9A6-ECB9-4B39-98E5-8ED2008AF6C5}C:\\users\\fabien\\desktop\\vitality\\pes2008.exe"= UDP:C:\users\fabien\desktop\vitality\pes2008.exe:pes2008.exe
"UDP Query User{D0162477-ABC0-4520-8915-E737F22895F5}C:\\users\\fabien\\desktop\\vitality\\pes2008.exe"= TCP:C:\users\fabien\desktop\vitality\pes2008.exe:pes2008.exe
"TCP Query User{04497619-BE4A-4405-93D0-22E9C621D7B6}C:\\users\\fabien\\appdata\\local\\temp\\rar$ex02.620\\pes2008.exe"= UDP:C:\users\fabien\appdata\local\temp\rar$ex02.620\pes2008.exe:pes2008.exe
"UDP Query User{53B22F54-5A06-4C98-AE89-C4F1768E7F06}C:\\users\\fabien\\appdata\\local\\temp\\rar$ex02.620\\pes2008.exe"= TCP:C:\users\fabien\appdata\local\temp\rar$ex02.620\pes2008.exe:pes2008.exe
"{E7D00F54-ED7E-46DF-B501-CC101D813108}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{259D568A-126B-4BA8-8DF5-932D540D6605}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{255E43FA-F80E-44B1-85F3-D8D1D02B606D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{296D0095-3A55-4DB7-B184-02FCCFAC1372}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{AB75BDF4-E8E4-457E-A199-DD582C457886}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9C7C401D-3667-4744-9BDE-0B08B670B912}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{EEAAFA52-0891-4B07-AFBB-AFA0B11F104E}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6733538E-8346-4D37-BA90-48A1F1B3B69F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9F73D474-0CF0-4864-87CB-7188A1B2AB53}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{CAC193B6-A8F6-4D3D-B961-63DAA5984E63}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1912F05B-A748-4C1F-BB8D-B25BA635E8A0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{998CAEB4-70BF-4C91-9C9A-CE3581D85557}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{ABCD6DB2-BBF5-4162-AF4A-DDD18F62ACA7}C:\\program files\\ubisoft\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"UDP Query User{6CD2BED1-5817-4DE8-903F-8D9235792029}C:\\program files\\ubisoft\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{204280CF-F792-4EF5-97D3-CF710BDBDE52}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F97719EF-9A81-4457-B197-58A4F2DC0219}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{26E3CD33-77EB-4060-96D9-D74D6BD5BD7B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BA16E4E1-0A13-4E95-91A3-83DDBD275B50}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{1ABAC473-2EBB-4A89-89DC-0D37316AE8C8}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{56E5FC9E-A9CE-48CA-90D0-0BA8F1F2DA85}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"TCP Query User{34532869-7289-424D-84B2-FA59F98F6437}D:\\program files\\rsv\\binaries\\r6vegas2_game.exe"= UDP:D:\program files\rsv\binaries\r6vegas2_game.exe:R6Vegas2_Game
"UDP Query User{F9D4D1F0-AB32-4116-B494-4EF6915C1790}D:\\program files\\rsv\\binaries\\r6vegas2_game.exe"= TCP:D:\program files\rsv\binaries\r6vegas2_game.exe:R6Vegas2_Game
"{647B4118-76B4-4289-B451-52A4CC4215B4}"= UDP:D:\Program Files\pes 2009\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{50B40BC6-382A-4B5A-9F02-5DB634726B93}"= TCP:D:\Program Files\pes 2009\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51 13560]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 45648]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-11 2930176]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 17:36:12
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes
C:\Users\Fabien\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1283 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\conime.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Users\Fabien\AppData\Local\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Heure de fin: 2008-10-21 17:40:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-21 15:39:53
ComboFix2.txt 2008-10-20 20:25:13
ComboFix3.txt 2008-10-20 17:41:45
ComboFix4.txt 2008-10-20 17:03:35

Avant-CF: 29 071 572 992 octets libres
Après-CF: 28,755,771,392 octets libres

294 --- E O F --- 2008-10-15 22:04:57
0
Réponse 14 / 37
sonaquil
 
ça marche enfin le rapport hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:26, on 21/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Fabien\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 15 / 37
sonaquil
 
b écoute il lagg moins qd meme et il me semble aller plus vite.je fais le reste...
0
Réponse 16 / 37
sonaquil
 
[ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\UsbFix: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\UsbFix: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\UsbFix: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\Fabien\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\Fabien\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\Fabien\Desktop\HijackThis.lnk: trouvé !
C:\Users\Fabien\Desktop\hijackthis.log: trouvé !
C:\Users\Fabien\Downloads\Msnfix.zip: trouvé !
C:\Users\Fabien\Downloads\Navilog1.exe: trouvé !
C:\Users\Fabien\Downloads\ComboFix.exe: trouvé !
C:\Users\Fabien\Downloads\ToolBarSD.exe: trouvé !
C:\Users\Fabien\Downloads\UsbFix.exe: trouvé !
C:\Users\Public\Desktop\Navilog1.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Users\Fabien\Desktop\HijackThis.lnk: supprimé !
C:\Users\Fabien\Downloads\Msnfix.zip: supprimé !
C:\Users\Fabien\Downloads\Navilog1.exe: supprimé !
C:\Users\Fabien\Downloads\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Users\Fabien\Downloads\ToolBarSD.exe: supprimé !
C:\Users\Public\Desktop\Navilog1.lnk: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\Fabien\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\Fabien\Desktop\hijackthis.log: supprimé !
C:\Users\Fabien\Downloads\UsbFix.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\UsbFix: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix: supprimé !
C:\Users\Fabien\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 17 / 37
sonaquil
 
En ce qui concerne l'analyse bit defender il ne trouve pas de virus et l'onglet exporter est grisé dc pas possible de le poster...
0
Réponse 18 / 37
sonaquil
 
ok sinon le bureau a enfin réapparut après 4 mois de disparition..géniaaal!!
0
Réponse 19 / 37
sonaquil
 
of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:58, on 21/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Fabien\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 20 / 37
sonaquil
 
quelles étaient les raisons du non affichage du bureau??le fait que je n'avais pas la bulle avast dans la barre en bas à droite( je ne sais plus son nom )n'a pas eu une influence sur l'intrusion de virus??
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
quelles étaient les raisons du non affichage du bureau??
--> cause viral + conflit entre Avast et ton anscien AV ( Norton ... )


d'ailleur un prb encore de ce côté là ....


1- Nettoyes correctement les restes de Norton ainsi :

Télécharges Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Déconnectes toi .
Ensuite désinstalles Norton avec "Norton removal tool": tu doubles click dessus et te laisses guider ... il faut le désinstaller correctement ( fait la manipe 2 fois si possible ).


2- Avast n'apparait plus au démarrage du PC ... il va falloire le désinstaller et le réinstalller proprement :

* pour désinstaller proprement Avast suit cette astuce :
http://www.commentcamarche.net/faq/sujet 8172 desinstaller proprement avast

* Retélécharges et réinstalles avast :
http://www.commentcamarche.net/telecharger/telecharger 34055246 utilitaire de desinstallation de avast


3- refais undernier scan hijack , postes le rapport obtenu et attends la suite ...
-1
sonaquil > sKe69 Messages postés 21955 Statut Contributeur sécurité
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:41, on 21/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Fabien\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Discussions similaires

Recherche multi exp dans pokémon heart gold
tom -
Estebalignon -

6 réponses
Pokémon SoulSilver multi exp
Randy62 -
rieulebg -

8 réponses
2eme multi exp?
sohanejeff30 -
missing you -

1 réponse
Multi Exp dans Pokemon Diamant
Tomoko -
lol -

63 réponses
ovh multisite
Chris -
Chris -

4 réponses