Sujet Précédent Sujet Suivant

MON PC plante tt le temps

drakans -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
mon ordinateur plante tout le temps.freez réguliers sur des jeux, application qui ne répondent plus. je voudrais savoir si mon pc était infecté
S' il vous plait aider moi , j 'en ai vraiment trop marre et je pe po bosser mon C++
voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43:27, on 01/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Stephane\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\StarUML\StarUML.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Stephane\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

16 réponses

Réponse 1 / 16
asusxtian Messages postés 4 Statut Membre
 
A priori ça ressemble à un problème de gestion de mémoire. De plus je constate que tu utilise la version Vista de Windows, ça pourrait être déjà une piste en soi.

As-tu mis à niveau ton ordinateur de Windows XP à Vista récemment ou l'ordinateur a été acheté avec Vista déjà installé ?
0
Réponse 2 / 16
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 3 / 16
drakans
 
merci,merci de m'avoir repondu si rapidement!!!!!!
mon pc a vista de base
je pense aussi que c un probleme de gestion de memoire vu les message derreur qui apparaissent

fichier TB.txt :

-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz )
BIOS : Ver 1.00PARTTBL
USER : Stephane ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081031-1] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:139 Go (Free:33 Go)
D:\ (USB)
E:\ (USB)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 01/11/2008| 2:39 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Burn4Free CD and DVD
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Burn4Free Toolbar
C:\Users\Stephane\AppData\Roaming\MICROS~1\Windows\Cookies\stephane@iredirect.burn4free[2].txt
C:\Users\Stephane\AppData\Roaming\MICROS~1\Windows\Cookies\stephane@iredirect468.burn4free[2].txt
C:\Program Files\Mozilla Firefox\extensions\support@burn4free-toolbar.com
C:\Program Files\Burn4Free
C:\Program Files\Burn4Free\bass.dll
C:\Program Files\Burn4Free\basscd.dll
C:\Program Files\Burn4Free\bassflac.dll
C:\Program Files\Burn4Free\basswma.dll
C:\Program Files\Burn4Free\basswv.dll
C:\Program Files\Burn4Free\bass_ape.dll
C:\Program Files\Burn4Free\bass_mpc.dll
C:\Program Files\Burn4Free\BURN4FREE.CFG
C:\Program Files\Burn4Free\Burn4Free.exe
C:\Program Files\Burn4Free\languages
C:\Program Files\Burn4Free\license.txt
C:\Program Files\Burn4Free\queue
C:\Program Files\Burn4Free\temp
C:\Program Files\Burn4Free\uninstall.exe
C:\Program Files\Burn4Free\wav
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Burn4Free CD and DVD
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Burn4Free Toolbar
C:\Program Files\Burn4Free Toolbar
C:\Program Files\Burn4Free Toolbar\uninstall.txt
C:\Program Files\Burn4Free Toolbar\v3.3.0.1
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Windows\Burn4Free_Toolbar_Uninstaller_3327.exe
C:\Users\Stephane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.club-vaio.com"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Page_URL"="http://www.club-vaio.com"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Stephane\Desktop\work\L3\semestre 1\docs\Nouveau dossier\crack
C:\Users\Stephane\Desktop\work\L3\semestre 1\docs\Nouveau dossier\crack\install.txt
C:\Users\Stephane\Desktop\work\L3\semestre 2\systŠmes Intelligents\docs\Nouveau dossier\crack
C:\Users\Stephane\Desktop\work\L3\semestre 2\systŠmes Intelligents\docs\Nouveau dossier\crack\install.txt

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 01/11/2008| 2:39 - Option : [1]

-----------\\ Fin du rapport a 2:39:49,26
0
Réponse 4 / 16
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

le rapport montre deux Toolbars.

Daemon Toolbar doit être éliminée?

Pour Burn4Free Toolbar c'est un peu plus compliqué. Il y a un risque de sécurité par envoi d'information. Par contre, le logiciel de gravure peut t'être nécessaire (mais il en existe d'autres).

Avant de poursuivre :

- utilise tu ce logiciel pour graver

- as tu le "source" sur Cd ou DVD (fourni avec tonngraveur par exemple)

-as tu les moyens de le télécharger (il figure sur plusieurs sites permettant de télécharger des logiciels)

Mon conseil est que tu exécutes le fix pour éliminer les 2 tiilbars (je te dirai comment faire) puis,à ton choix, que tu réinstalles Burn4Free si tu y tiens soit un autre logiciel de gravage.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
drakans
 
bonjour merci de ta réponse.
je suis d accord pour désinstaller les 2 (deamon toolbar et burn4free)
j attend ton fix
cordialement,
drakans
0
Réponse 6 / 16
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

alors :

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

fais aussi ça :

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt

(il faudra peut être que tu le découpes en morceaux pour le poster).

0
Réponse 7 / 16
drakans
 
rapport : Toolbar-S&D

-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz )
BIOS : Ver 1.00PARTTBL
USER : Stephane ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081031-1] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:139 Go (Free:32 Go)
D:\ (USB)
E:\ (USB)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [2] ( 01/11/2008|17:30 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Burn4Free CD and DVD
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Burn4Free Toolbar
Supprime! - C:\Users\Stephane\AppData\Roaming\MICROS~1\Windows\Cookies\stephane@iredirect.burn4free[2].txt
Supprime! - C:\Users\Stephane\AppData\Roaming\MICROS~1\Windows\Cookies\stephane@iredirect468.burn4free[2].txt
Supprime! - C:\Program Files\Mozilla Firefox\extensions\support@burn4free-toolbar.com
Supprime! - C:\Program Files\Burn4Free\bass.dll
Supprime! - C:\Program Files\Burn4Free\basscd.dll
Supprime! - C:\Program Files\Burn4Free\bassflac.dll
Supprime! - C:\Program Files\Burn4Free\basswma.dll
Supprime! - C:\Program Files\Burn4Free\basswv.dll
Supprime! - C:\Program Files\Burn4Free\bass_ape.dll
Supprime! - C:\Program Files\Burn4Free\bass_mpc.dll
Supprime! - C:\Program Files\Burn4Free\BURN4FREE.CFG
Supprime! - C:\Program Files\Burn4Free\Burn4Free.exe
Supprime! - C:\Program Files\Burn4Free\languages
Supprime! - C:\Program Files\Burn4Free\license.txt
Supprime! - C:\Program Files\Burn4Free\queue
Supprime! - C:\Program Files\Burn4Free\temp
Supprime! - C:\Program Files\Burn4Free\uninstall.exe
Supprime! - C:\Program Files\Burn4Free\wav
Supprime! - C:\Program Files\Burn4Free Toolbar\uninstall.txt
Supprime! - C:\Program Files\Burn4Free Toolbar\v3.3.0.1
Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Windows\Burn4Free_Toolbar_Uninstaller_3327.exe
Supprime! - C:\Users\Stephane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
Supprime! - C:\Program Files\Burn4Free
Supprime! - C:\Program Files\Burn4Free Toolbar
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.club-vaio.com"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="http://www.club-vaio.com"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Stephane\Desktop\work\L3\semestre 1\docs\Nouveau dossier\crack
C:\Users\Stephane\Desktop\work\L3\semestre 1\docs\Nouveau dossier\crack\install.txt
C:\Users\Stephane\Desktop\work\L3\semestre 2\systŠmes Intelligents\docs\Nouveau dossier\crack
C:\Users\Stephane\Desktop\work\L3\semestre 2\systŠmes Intelligents\docs\Nouveau dossier\crack\install.txt

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 01/11/2008| 2:39 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 01/11/2008|17:33 - Option : [2]

-----------\\ Fin du rapport a 17:33:11,37

je fais la suite
a tt a leure
=)
0
Réponse 8 / 16
drakans
 
log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Stephane at 2008-11-01 17:37:11
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 34 GB (23%) free of 143 GB
Total RAM: 2046 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:18, on 01/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Stephane\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Users\Stephane\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Reveil.gadget\app\lancementMev.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\StarUML\StarUML.exe
C:\Program Files\CodeBlocks\codeblocks.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stephane\Desktop\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Stephane.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Stephane\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 9 / 16
drakans
 
log.txt (suite)

======List of files/folders modified in the last 1 months======

2008-11-01 17:36:35 ----D---- C:\Windows\Temp
2008-11-01 17:36:35 ----D---- C:\Windows\Prefetch
2008-11-01 17:32:34 ----RD---- C:\Program Files
2008-11-01 17:31:46 ----D---- C:\Windows
2008-11-01 03:03:32 ----D---- C:\Windows\System32
2008-11-01 03:03:31 ----D---- C:\Windows\inf
2008-11-01 03:03:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-01 02:57:27 ----D---- C:\Windows\system32\catroot2
2008-11-01 02:27:00 ----SHD---- C:\System Volume Information
2008-11-01 00:26:18 ----D---- C:\Windows\system32\drivers
2008-10-31 20:21:46 ----SHD---- C:\Windows\Installer
2008-10-30 03:01:35 ----D---- C:\Windows\winsxs
2008-10-29 15:30:09 ----D---- C:\ProgramData\Adobe
2008-10-29 15:28:46 ----D---- C:\Program Files\Common Files
2008-10-29 15:28:46 ----D---- C:\Program Files\Adobe
2008-10-29 07:43:30 ----D---- C:\Windows\system32\catroot
2008-10-22 09:37:18 ----D---- C:\Windows\LiveKernelReports
2008-10-21 14:24:23 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-19 20:05:29 ----SD---- C:\Users\Stephane\AppData\Roaming\Microsoft
2008-10-16 12:37:09 ----D---- C:\Windows\system32\NDF
2008-10-16 02:11:00 ----D---- C:\Program Files\Windows Mail
2008-10-16 02:11:00 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:10:59 ----D---- C:\Windows\system32\migration
2008-10-16 02:10:57 ----D---- C:\Windows\AppPatch
2008-10-15 22:18:13 ----D---- C:\Windows\system32\Tasks
2008-10-14 23:04:25 ----HD---- C:\ProgramData
2008-10-14 23:03:51 ----D---- C:\ProgramData\Sonic
2008-10-14 20:30:22 ----SD---- C:\ProgramData\Microsoft
2008-10-11 15:10:21 ----D---- C:\Windows\system32\WDI
2008-10-08 19:45:44 ----SD---- C:\Windows\Downloaded Program Files
2008-10-07 02:01:36 ----D---- C:\Windows\servicing
2008-10-06 02:12:39 ----D---- C:\Windows\rescache
2008-10-06 02:09:56 ----D---- C:\Windows\system32\fr-FR
2008-10-05 02:48:44 ----D---- C:\Windows\Microsoft.NET
2008-10-05 02:48:43 ----RSD---- C:\Windows\assembly
2008-10-05 02:43:40 ----ASH---- C:\Program Files\desktop.ini
2008-10-05 02:39:03 ----D---- C:\Windows\system32\ras
2008-10-05 02:39:03 ----D---- C:\Windows\system32\icsxml
2008-10-05 02:39:03 ----D---- C:\Program Files\Windows Calendar
2008-10-05 02:39:02 ----D---- C:\Windows\system32\wbem
2008-10-05 02:39:02 ----D---- C:\Program Files\Common Files\System
2008-10-05 02:39:01 ----D---- C:\Windows\system32\XPSViewer
2008-10-05 02:39:00 ----D---- C:\Windows\ehome
2008-10-05 02:39:00 ----D---- C:\Program Files\Windows Media Player
2008-10-05 02:38:57 ----D---- C:\Windows\system32\SLUI
2008-10-05 02:38:56 ----D---- C:\Program Files\Windows Sidebar
2008-10-05 02:01:35 ----D---- C:\Windows\SoftwareDistribution
2008-10-04 19:13:36 ----D---- C:\ProgramData\Sony Corporation
2008-10-04 18:40:28 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-04 17:43:04 ----D---- C:\Windows\system32\LogFiles
2008-10-04 17:33:22 ----D---- C:\Program Files\Google
2008-10-04 17:32:30 ----D---- C:\ProgramData\Symantec
2008-10-04 17:32:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-04 17:32:25 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-04 17:12:14 ----D---- C:\ProgramData\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2006-10-18 10216]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-05-16 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-16 8192]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-05 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-05-16 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-05-16 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-28 1747936]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-05-16 2216448]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-05-08 7497696]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-04-04 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-04-04 43904]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2007-01-10 27520]
R3 SonyImgF;Sony Image Conversion Filter Driver; C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-11 326656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-09 181560]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-02-08 807424]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2007-05-25 132608]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-05-16 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-08 240128]
S3 a3y3nqse;a3y3nqse; C:\Windows\system32\drivers\a3y3nqse.sys []
S3 AVerM115S;AVerM115S service; C:\Windows\system32\DRIVERS\AVerM115S.sys [2007-05-14 785280]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-02-22 113920]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-03-30 41856]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 matlabserver;MATLAB Server; C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe [2005-07-27 536576]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-05 28933976]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\stacsv.exe [2007-05-11 94208]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [2007-03-09 182392]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2006-11-28 172032]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2006-11-28 135168]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-05-16 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2006-11-28 274432]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-28 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [2007-01-24 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [2006-12-14 69632]
S3 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [2007-01-24 75320]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-01-10 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2007-01-16 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-01-08 491520]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2007-02-05 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-05 240416]

-----------------EOF-----------------
0
Réponse 10 / 16
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

supprime (si il existe Combofix.exe sur ton Bureau ainsi que le répertoire Qoobox à la racine du disque, en général C:\Qoobox).

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 11 / 16
drakans
 
Re voici le rapport log.txt
ComboFix 08-10-31.02 - Stephane 2008-11-01 20:01:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.977 [GMT 1:00]
Lancé depuis: C:\Users\Stephane\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-01 au 2008-11-01 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 19:05 --------- d-----w C:\Users\Stephane\AppData\Roaming\DNA
2008-11-01 18:58 --------- d-----w C:\Users\Stephane\AppData\Roaming\Skype
2008-11-01 18:57 --------- d-----w C:\Users\Stephane\AppData\Roaming\codeblocks
2008-11-01 18:51 --------- d---a-w C:\ProgramData\TEMP
2008-11-01 18:49 50,688 ----a-w C:\Windows\System32\wbhelp2.dll
2008-11-01 18:49 --------- d-----w C:\ProgramData\SpeedBit
2008-11-01 18:49 --------- d-----w C:\Program Files\DAP
2008-11-01 01:57 79,036 ----a-w C:\Users\Stephane\AppData\Roaming\nvModes.dat
2008-11-01 00:43 --------- d-----w C:\Program Files\Trend Micro
2008-10-29 14:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-26 14:33 --------- d-----w C:\Program Files\StarUML
2008-10-21 14:02 --------- d-----w C:\Program Files\7-Zip
2008-10-21 13:47 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-10-21 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-21 13:24 --------- d-----w C:\Program Files\Ubisoft
2008-10-18 13:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-16 14:32 --------- d-----w C:\Users\Stephane\AppData\Roaming\SPORE
2008-10-16 14:28 --------- d--h--r C:\Users\Stephane\AppData\Roaming\SecuROM
2008-10-16 10:41 --------- d-----w C:\Program Files\Electronic Arts
2008-10-16 01:11 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 14:01 --------- d-----w C:\Users\Stephane\AppData\Roaming\MathWorks
2008-10-15 13:56 --------- d-----w C:\Program Files\MATLAB71
2008-10-14 22:04 --------- d-----w C:\Users\Stephane\AppData\Roaming\Roxio
2008-10-14 22:04 --------- d-----w C:\ProgramData\Roxio
2008-10-14 22:03 --------- d-----w C:\ProgramData\Sonic
2008-10-14 22:02 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-10-14 21:51 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-10-14 21:51 --------- d-----w C:\Users\Stephane\AppData\Roaming\DAEMON Tools
2008-10-11 15:30 --------- d-----w C:\Users\Stephane\AppData\Roaming\LimeWire
2008-10-11 15:23 --------- d-----w C:\Program Files\LimeWire
2008-10-10 21:17 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
2008-10-08 21:51 --------- d-----w C:\Program Files\CodeBlocks
2008-10-07 18:31 --------- d-----w C:\Program Files\BitComet
2008-10-06 22:17 --------- d-----w C:\Users\Stephane\AppData\Roaming\FileZilla
2008-10-06 20:11 --------- d-----w C:\Program Files\Crimson Editor
2008-10-06 19:53 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-10-06 01:04 268,800 ----a-w C:\Windows\System32\es.dll
2008-10-06 01:03 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-10-05 01:43 174 --sha-w C:\Program Files\desktop.ini
2008-10-05 01:39 --------- d-----w C:\Program Files\Windows Calendar
2008-10-05 01:38 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-05 01:32 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-10-05 01:32 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-10-05 01:32 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-10-05 01:32 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-10-05 01:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-10-05 01:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-10-05 01:30 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-10-05 01:30 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-10-05 01:30 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-10-05 01:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-10-05 01:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-10-05 01:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-10-05 01:29 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-10-05 01:29 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-10-05 01:29 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-10-05 01:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-10-05 01:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-10-05 01:23 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-10-05 01:23 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-10-05 01:22 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-10-05 01:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-10-05 01:21 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-10-05 01:20 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-10-05 01:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-10-05 01:20 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-10-05 01:20 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-10-05 01:19 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-10-05 01:19 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-10-05 01:19 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-10-05 01:19 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-10-05 01:19 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-10-05 01:19 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-10-05 01:19 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-10-05 01:19 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-10-05 01:19 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-10-05 01:17 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-10-05 01:17 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-10-05 01:17 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-10-05 01:17 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-10-05 01:17 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-10-05 01:17 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-10-05 01:16 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-10-05 01:16 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-10-05 01:13 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll
2008-10-05 01:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-10-05 01:08 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-10-05 01:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-10-05 01:08 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-10-05 01:07 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-10-05 01:07 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-10-05 01:07 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-10-05 01:07 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-10-05 01:07 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-10-05 01:07 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-10-05 01:07 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-10-05 01:07 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-10-05 01:07 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-10-05 01:07 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-10-05 01:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-10-05 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-09-08 3513344]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"BitTorrent DNA"="C:\Users\Stephane\Program Files\DNA\btdna.exe" [2008-10-05 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-11-01 3061248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 835584]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-08 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-08 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-08 81920]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 411768]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-04-02 321656]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2007-04-12 415864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-28 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-28 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-03-09 08:55 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1E86A23D-AD17-4FA0-94B5-BC2D9CB13AA0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{845A27CF-5A33-411B-A52D-DE26B6026DF8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0274EE86-9B81-4CBB-8701-2E6CD79C3E04}"= Disabled:UDP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{2C813080-919B-47BE-9265-1CEFC8E52507}"= Disabled:TCP:C:\Program Files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{E20E69ED-F93A-473D-992E-CF020B77EB58}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{D0AEF550-D6F1-4AD4-A6BC-D5B1A498C55B}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"{8BFCC121-AA9F-4B93-B3E7-737327271A74}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{57DC822E-D41B-4149-A727-65263CF3847B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{74F8A527-0B30-40A0-A4D6-6F085102F9D7}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{00458505-B976-497F-834D-8EAC479ED0BA}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{F57A290C-8C4E-4350-990E-F29486659A8C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{9AD4D007-6828-4624-9A6E-C710DCF7E05A}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{2D11D796-C218-42A9-ADC4-0412D45909D8}C:\\program files\\softnyx\\wolfteam\\wolfteam.bin"= UDP:C:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam
"UDP Query User{C48385AF-56D0-4FB8-9103-566C840EC28D}C:\\program files\\softnyx\\wolfteam\\wolfteam.bin"= TCP:C:\program files\softnyx\wolfteam\wolfteam.bin:WolfTeam

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-05 28933976]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-04 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-04 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 31104]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-02-08 807424]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-08 240128]
S3 AVerM115S;AVerM115S service;C:\Windows\system32\DRIVERS\AVerM115S.sys [2007-05-14 785280]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{694270e3-9a3b-11dd-a35a-001b77739deb}]
\shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca6004a8-9a25-11dd-8621-001b77739deb}]
\shell\AutoRun\command - d.com
\shell\explore\Command - d.com
\shell\open\Command - d.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Stephane\AppData\Roaming\Mozilla\Firefox\Profiles\dwsiwfce.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Users\Stephane\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 20:07:46
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-01 20:09:00
ComboFix-quarantined-files.txt 2008-11-01 19:08:55

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 34,698,547,200 octets libres

223 --- E O F --- 2008-10-30 02:01:36
0
Réponse 12 / 16
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
0
Réponse 13 / 16
drakans
 
rapport : usbfix

-------------- UsbFix V2.395 ---------------

* User : Stephane - PC-DE-STEPHANE
* Outils mis a jours le 01/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 23:17:42 le 01/11/2008
* Windows Vista - Internet Explorer 7.0.6000.16757

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Stephane\AppData\Local\Temp\BF77.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
F: - Lecteur de CD-ROM
G: - Lecteur fixe

--------------- [ Registre / Startup ] ----------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RtHDVCpl REG_SZ RtHDVCpl.exe
Skytel REG_SZ Skytel.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
VAIOCameraUtility REG_SZ "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
ISBMgr.exe REG_SZ "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
AppMon Utility REG_SZ "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
DownloadAccelerator REG_SZ "C:\Program Files\DAP\DAP.EXE" /STARTUP

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{694270e3-9a3b-11dd-a35a-001b77739deb}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca6004a8-9a25-11dd-8621-001b77739deb}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca6004a8-9a25-11dd-8621-001b77739deb}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca6004a8-9a25-11dd-8621-001b77739deb}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[18/09/2006 22:43][--a------] C:\autoexec.bat

--------------- ! Fin du rapport ! ----------------
0
Réponse 14 / 16
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu peux rechercher si tu trouves d.com sur ton disque dur et si oui me dire dans quel(s) répertoire(s) tu le trouves ?
0
Réponse 15 / 16
drakans
 
non il n' y a pas de fichier d.com sur mon pc
0
Réponse 16 / 16
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu remets un rapport RSIT.
0