Sujet Précédent Sujet Suivant

Ya une fenetre qui 'ouvre tout seul sur le bu

sangonesall6 Messages postés 83 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
Depuis ce matin une fenétre nommée exodia s'ouvre sans arret sur mon bureau. Il met unable to write to c:\autorun.inf. Et parfois il met login incorrect. Même si je ferme ça revient toujours. Merci d'avance

12 réponses

Réponse 1 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut!!

▶ Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp

▶ Télécharge hijackthis et enregistre le fichier d'installation sur ton bureau.

▶ Ensuite double-cliques sur le fichier d'installation puis sur "exécuter".

▶ Cliques sur "Install" en vérifiant que le chemin d'installation est bien dans tes programmes et puis sur "I Accept".

▶ Cliques sur "Do a system scan and save a logfile".

▶ Laisse l'analyse se terminer jusqu'à l'apparition du rapport dans le bloc note.

▶ Ensuite fais un copié/collé du rapport dans ta prochaine réponse sur le forum

Comment copier/coller le rapport :

Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
0
Réponse 2 / 12
sangonesall6 Messages postés 83 Statut Membre 8
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:47, on 06/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
H:\lsass.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sn/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 3 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ton lecteur H: correspond à quoi ?
0
sangonesall6 Messages postés 83 Statut Membre 8
 
c ma clé usb
0
Réponse 4 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok...

▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Va dans démarrer puis panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.

▶ Telecharge UsbFix sur ton bureau

▶ Lance l installation avec les parametres par default

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix sur ton bureau

▶ Le pc va redémarer

▶ Apres redémarrage post le rapport UsbFix.txt

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" ,
"Nouvelle tâche" , tapes explorer.exe et valides
0
sangonesall6
 
je ne vois pas le rapport aprés le redemerrage.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
il se trouve là C:\UsbFix.txt
0
sangonesall6
 
-------------- UsbFix V2.395 ---------------

* User : TOSHIBA - PC-DE-TOSHIBA
* Outils mis a jours le 03/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 9:47:19 le 06/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\lsass.exe
C:\Windows\system32\Dwm.exe
C:\Users\TOSHIBA\AppData\Local\Temp\E2B0.tmp\b2e.exe
C:\Windows\system32\conime.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
H: - Lecteur amovible
I: - Lecteur amovible

+- Contenu de l'autorun : H:\autorun.inf

[Autorun]
Open=lsass.exe
Shellexe cute=SSCVIHOST.exe
Shell\Open\command=lsass.exe
Shell=Open
shell\open\Default=1

--------------- [ Registre / Startup ] ----------------


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
IgfxTray REG_SZ C:\Windows\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\Windows\system32\hkcmd.exe
Persistence REG_SZ C:\Windows\system32\igfxpers.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Camera Assistant Software REG_SZ "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
nod32kui REG_SZ "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
eMuleAutoStart REG_SZ C:\Program Files\eMule\emule.exe -AutoStart


--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33a93256-a721-11dd-8434-001e6846d806}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80ab24c2-a5dd-11dd-a3fc-001e6846d806}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80ab24c2-a5dd-11dd-a3fc-001e6846d806}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [06/11/2008 09:45] H:\autorun.inf
Supprimé ! - [08/03/2008 21:54] I:\b.com

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[18/09/2006 21:43][--a------] C:\autoexec.bat
[01/07/2008 10:58][-r-hs----] C:\lsass.exe
[01/07/2008 10:58][-r-hs----] D:\lsass.exe
[01/07/2008 10:58][-r-hs----] E:\lsass.exe
[01/07/2008 10:58][-r-hs----] H:\lsass.exe
[01/07/2008 10:58][-r-hs----] I:\lsass.exe

--------------- ! Fin du rapport ! ----------------
0
Réponse 6 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Télécharge Combofix de sUBs

▶ et enregistre le sur le Bureau.

▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

ensuite envois le rapport et refais un nouveau rapport hijackthis stp
0
sangonesall6
 
ComboFix 08-11-05.02 - TOSHIBA 2008-11-06 10:36:27.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1887 [GMT 0:00]
Lancé depuis: c:\users\TOSHIBA\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\lsass.exe
c:\windows\lsass.exe
D:\lsass.exe
E:\lsass.exe
H:\lsass.exe
I:\lsass.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-06 au 2008-11-06 ))))))))))))))))))))))))))))))))))))
.

2008-11-06 09:28 . 2008-11-06 09:47 <REP> d-------- c:\program files\UsbFix
2008-11-06 08:53 . 2008-11-06 08:53 <REP> d-------- c:\program files\Trend Micro
2008-11-05 00:38 . 2008-11-05 00:38 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-11-05 00:38 . 2008-11-05 00:38 <REP> d-------- c:\programdata\Messenger Plus!
2008-11-05 00:00 . 2008-11-05 00:00 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-05 00:00 . 2008-11-05 00:00 <REP> d-------- c:\program files\Circle Developement
2008-11-04 03:01 . 2007-11-08 09:04 11,967,524 --a------ c:\windows\System32\korwbrkr.lex
2008-11-03 22:14 . 2008-04-26 08:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-11-03 22:14 . 2008-04-12 03:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-11-03 22:14 . 2008-04-05 01:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-11-03 22:14 . 2008-04-05 03:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-11-03 21:25 . 2008-11-03 21:25 17,408 --a------ c:\windows\System32\rpcnetp.exe
2008-11-03 21:25 . 2008-11-03 21:25 17,408 --a------ c:\windows\System32\rpcnetp.dll
2008-11-01 19:37 . 2008-11-01 19:38 <REP> d-------- c:\users\All Users\Yahoo!
2008-11-01 19:37 . 2008-11-01 19:38 <REP> d-------- c:\programdata\Yahoo!
2008-11-01 19:37 . 2008-11-01 19:37 <REP> d-------- c:\program files\Yahoo!
2008-11-01 19:33 . 2008-11-01 19:33 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\gtk-2.0
2008-11-01 19:32 . 2008-11-01 19:35 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\.purple
2008-11-01 19:23 . 2008-11-01 19:37 <REP> d-------- c:\program files\Pidgin
2008-11-01 19:23 . 2008-11-01 19:37 <REP> d-------- c:\program files\Common Files\GTK
2008-11-01 19:05 . 2008-11-01 19:05 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-01 18:49 . 2008-11-01 18:49 <REP> d-------- C:\PerfLogs
2008-11-01 18:25 . 2008-11-01 18:25 <REP> d-------- C:\3842c41e3a4954a3a1
2008-11-01 16:53 . 2008-05-10 03:35 885,248 --a------ c:\windows\System32\RacEngn.dll
2008-11-01 16:53 . 2008-05-09 22:22 9,127 --a------ c:\windows\System32\RacUR.xml
2008-11-01 16:53 . 2008-05-09 22:22 153 --a------ c:\windows\System32\RacUREx.xml
2008-11-01 16:11 . 2008-09-03 03:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-01 16:11 . 2008-09-03 03:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-01 15:31 . 2008-11-01 15:31 <REP> d-------- c:\windows\LARAUDIO
2008-11-01 15:31 . 2008-11-01 15:31 2,416 --a------ c:\windows\TTSDRV.INI
2008-11-01 15:31 . 2008-11-01 15:31 297 --a------ c:\windows\ADAPTA.INI
2008-11-01 14:27 . 2008-11-01 14:27 <REP> d-------- c:\windows\USB Vibration
2008-11-01 14:27 . 2008-11-01 14:27 <REP> d-------- c:\program files\USB Vibration
2008-10-31 12:39 . 2008-10-31 12:39 <REP> d-------- c:\users\TOSHIBA\NFS Underground2
2008-10-31 12:16 . 2008-10-31 12:16 <REP> d-------- c:\program files\EA GAMES
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\Apple Computer
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\program files\iTunes
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\program files\iPod
2008-10-31 12:12 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-10-31 12:12 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-10-31 12:11 . 2008-10-31 12:11 <REP> d-------- c:\program files\QuickTime
2008-10-31 12:11 . 2008-10-31 12:11 <REP> d-------- c:\program files\Bonjour
2008-10-31 12:09 . 2008-10-31 12:09 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-10-31 12:08 . 2008-10-31 12:08 <REP> d-------- c:\program files\Apple Software Update
2008-10-31 12:07 . 2008-10-31 12:11 <REP> d-------- c:\program files\Common Files\Apple
2008-10-30 22:34 . 2008-01-19 07:33 2,623,488 --a------ c:\windows\System32\SLsvc.exe
2008-10-30 22:34 . 2008-01-19 07:36 1,541,120 --a------ c:\windows\System32\onex.dll
2008-10-30 22:32 . 2008-01-19 07:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-10-30 22:31 . 2008-01-19 06:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-10-30 22:30 . 2008-01-19 07:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-10-30 22:30 . 2008-01-19 07:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-10-30 22:30 . 2008-01-19 07:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-10-30 22:30 . 2008-01-19 07:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-10-30 22:30 . 2008-01-19 07:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-10-30 22:30 . 2008-01-19 07:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-10-30 22:30 . 2008-01-19 07:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-10-30 22:30 . 2008-01-19 07:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-10-30 22:30 . 2008-01-19 07:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-10-30 22:30 . 2008-01-19 07:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-10-30 19:52 . 2007-09-13 14:14 184,320 --a------ c:\windows\System32\igfxres.dll
2008-10-30 12:08 . 2008-10-30 12:08 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\DAEMON Tools
2008-10-30 12:08 . 2008-10-30 12:08 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-10-30 10:46 . 2008-10-30 10:46 <REP> d-------- c:\program files\KONAMI
2008-10-30 07:03 . 2008-10-30 07:03 <REP> d-------- c:\program files\Free Music Zilla
2008-10-30 03:05 . 2008-10-30 03:05 269,312 --a------ c:\windows\System32\es.dll
2008-10-30 00:51 . 2008-10-30 00:51 <REP> d-------- c:\users\All Users\eMule
2008-10-30 00:51 . 2008-10-30 00:51 <REP> d-------- c:\programdata\eMule
2008-10-30 00:50 . 2008-11-05 10:23 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\LimeWire
2008-10-30 00:49 . 2008-10-30 00:49 <REP> d-------- c:\program files\Dactylo
2008-10-30 00:48 . 2008-10-30 00:49 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-10-30 00:48 . 2008-10-30 00:48 45 ---h----- c:\windows\dvis5054.dat
2008-10-30 00:47 . 2008-10-30 00:48 <REP> d-------- c:\program files\Java
2008-10-30 00:47 . 2008-10-30 00:47 <REP> d-------- c:\program files\Common Files\Java
2008-10-30 00:20 . 2008-11-01 15:39 <REP> d-------- c:\program files\adslTV
2008-10-30 00:09 . 2008-10-30 00:10 <REP> d-------- c:\program files\Common Files\Adobe
2008-10-30 00:03 . 2008-10-30 00:03 <REP> d-------- c:\windows\System32\Adobe
2008-10-30 00:02 . 2008-10-30 00:02 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2008-10-29 23:56 . 2008-10-29 23:56 <REP> d-------- c:\program files\Lavalys
2008-10-29 23:53 . 2008-10-29 23:53 <REP> d-------- c:\program files\Xilisoft
2008-10-29 23:52 . 2008-10-29 23:52 <REP> d-------- c:\program files\Xvid
2008-10-29 23:52 . 2008-10-29 23:52 <REP> d-------- c:\program files\DsNET Corp
2008-10-29 23:52 . 2007-06-28 18:52 765,952 --a------ c:\windows\System32\xvidcore.dll
2008-10-29 23:52 . 2007-06-28 18:54 180,224 --a------ c:\windows\System32\xvidvfw.dll
2008-10-29 23:52 . 2007-06-28 18:55 77,824 --a------ c:\windows\System32\xvid.ax
2008-10-29 23:51 . 2008-10-29 23:51 <REP> d-------- c:\program files\WinAVI MP4 Converter
2008-10-29 23:47 . 2008-10-29 23:47 <REP> d-------- c:\program files\WinISO
2008-10-29 23:45 . 2008-10-31 12:12 <REP> d-------- c:\users\All Users\Apple Computer
2008-10-29 23:45 . 2008-10-31 12:12 <REP> d-------- c:\programdata\Apple Computer
2008-10-29 23:44 . 2008-10-29 23:44 <REP> d-------- c:\users\All Users\Apple
2008-10-29 23:44 . 2008-10-29 23:44 <REP> d-------- c:\programdata\Apple
2008-10-29 23:42 . 2008-10-29 23:46 <REP> d-------- c:\program files\LimeWire
2008-10-29 23:41 . 2008-10-29 23:42 <REP> d-------- c:\program files\eMule
2008-10-29 23:41 . 2008-10-29 23:41 <REP> d-------- c:\program files\Ares
2008-10-29 23:40 . 2008-10-29 23:40 <REP> d-------- c:\program files\Opera
2008-10-29 23:40 . 2008-10-29 23:40 <REP> d-------- c:\program files\CCleaner
2008-10-29 23:38 . 2008-11-04 10:19 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\vlc
2008-10-29 23:24 . 2008-11-06 06:50 <REP> d-------- c:\program files\Larousse
2008-10-29 23:24 . 2008-10-29 23:24 <REP> d-------- c:\program files\directx
2008-10-29 23:24 . 1998-06-17 19:07 57,344 --a------ c:\windows\System32\Mfc42loc.dll
2008-10-29 21:22 . 2008-10-29 21:30 <REP> d-------- c:\program files\Windows Live Safety Center
2008-10-29 19:52 . 2008-10-30 17:18 <REP> d-------- c:\users\TOSHIBA\Logiciel
2008-10-29 19:52 . 2008-11-05 09:19 <REP> d-------- c:\users\TOSHIBA\BEM
2008-10-29 19:30 . 2008-07-20 17:44 324,120 --a------ c:\windows\System32\drivers\iaStor.sys
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\TOSHIBA\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\Intel
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\Public\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\Default\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\All Users\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\programdata\Roaming
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\users\All Users\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\programdata\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\program files\Common Files\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\program files\Cisco
2008-10-29 19:27 . 2008-10-29 19:27 <REP> d-------- c:\program files\Toshiba
2008-10-29 19:23 . 2008-10-29 19:23 <REP> d-------- c:\users\All Users\ma-config.com
2008-10-29 19:23 . 2008-10-29 19:23 <REP> d-------- c:\programdata\ma-config.com
2008-10-29 19:23 . 2008-10-29 19:24 <REP> d-------- c:\program files\ma-config.com
2008-10-29 19:00 . 2008-10-29 19:00 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-10-29 19:00 . 2008-10-29 19:00 272,896 --a------ c:\windows\System32\polstore.dll
2008-10-29 19:00 . 2008-10-29 19:00 61,440 --a------ c:\windows\System32\winipsec.dll
2008-10-29 19:00 . 2008-10-29 19:00 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-10-29 18:59 . 2008-10-29 18:59 1,820 --a------ c:\windows\System32\rasctrnm.h

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 18:59 174 --sha-w c:\program files\desktop.ini
2008-11-01 18:52 --------- d-----w c:\program files\Windows Sidebar
2008-11-01 18:52 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-01 18:52 --------- d-----w c:\program files\Windows Mail
2008-11-01 18:52 --------- d-----w c:\program files\Windows Journal
2008-11-01 18:52 --------- d-----w c:\program files\Windows Collaboration
2008-11-01 18:52 --------- d-----w c:\program files\Windows Calendar
2008-11-01 18:51 --------- d-----w c:\program files\Windows Defender
2008-11-01 18:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-01 18:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-29 18:58 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-29 18:58 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-29 18:58 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 18:58 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-29 18:58 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 18:35 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-10-29 13:10 --------- d-----w c:\program files\MSBuild
2008-10-29 10:28 --------- d-sh--w c:\programdata\Modèles
2008-10-29 10:28 --------- d-sh--w c:\programdata\Menu Démarrer
2008-10-29 10:28 --------- d-sh--w c:\programdata\Favoris
2008-10-29 10:28 --------- d-sh--w c:\programdata\Bureau
2008-10-29 10:28 --------- d-sh--w c:\program files\Fichiers communs
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-08-29 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 09:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-20 16:24 774,144 ----a-w c:\windows\System32\wlihvui.dll
2008-08-20 16:18 987,136 ----a-w c:\windows\System32\iwmssvc.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-29 949376]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hyperappel du Petit Larousse 2009.lnk - c:\program files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [2008-11-06 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7DE29AAA-CF77-4573-9C62-192BF414065A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2218B1AF-E0FD-4880-8B2E-F46719BDB171}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{B98B3EF2-8558-49F2-8206-973F3900DFBF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{E5576112-D07F-4381-B12D-4B7545226AA9}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{7F49B2AC-8C84-44A2-AEAE-D2AB8C2CB298}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{5AC1AF45-1C3E-4A1F-ACF2-99C7F639F2A5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{93DFF1A9-C917-42B4-9E86-2379665BF836}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{3F93EABF-596E-4E68-ACC5-D96D37F549DD}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{A1DAE003-BF0C-41F4-BE7C-992D7C6308C8}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7C324F92-8DE2-42C3-B38C-008E0F1F24C4}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{3A6DD3C3-BA15-4E60-87C1-04176CAE3444}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{0925CBC1-59A5-4C42-BA0A-BA27D79FCC24}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{A3BB271A-33BB-41EE-BCD2-2A3AA106ECC1}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C62E622B-1091-4C8E-B25E-C226513A38F1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E610001E-AA17-4905-AF96-9279C2779DE0}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{651DEA55-CFDD-408B-A2C8-F21B2EC5F72E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"{CB199C02-737D-42A1-8141-F6BEFBC65466}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0BE5EFD7-C00A-47FE-9652-B39FDF186AEA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{03239B30-CDDB-4B27-AC73-7906BB8BC6E9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7FE57755-644F-420F-96AF-141485E63DF4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{62EDDBD9-8BFE-4029-8B3D-84DB336644D9}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{13929A16-05D4-47AF-B1A1-24131B741815}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"{6668C407-4EEB-4CE1-B505-09916628035B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E41161C-4E46-4469-B257-DB6C317B1403}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E7635AFE-5345-40FF-85A2-1E2AB28A3CF4}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{E4E7D761-3BA9-4D7F-8F34-9C17E553F9C9}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F6EB45D1-E8F8-49E4-ADBC-A7031E02FACE}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{B93D1CCE-2750-4B9C-8466-7EEFB85F3FCE}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{6BF1B7CA-CB4D-444E-8633-D432D559EA6F}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-10-29 240128]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-10-28 195752]
S3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-06 c:\windows\Tasks\User_Feed_Synchronization-{B282DC8A-121F-42D5-A3DE-78D9D5B277D7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.
.
------- Examen supplémentaire -------
.
O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_0_3_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 10:44:55
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-06 10:46:45
ComboFix-quarantined-files.txt 2008-11-06 10:46:41

Avant-CF: 39 179 800 576 octets libres
Après-CF: 38,938,095,616 octets libres

268 --- E O F --- 2008-11-05 14:12:44
0
Réponse 7 / 12
sangonesall6
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:47, on 06/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
H:\lsass.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sn/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 8 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok maintenant refais un nouveau rapport hijackthis stp
0
Réponse 9 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Copie le texte en gras ci-dessous :

File::
C:\lsass.exe
c:\windows\lsass.exe
D:\lsass.exe
E:\lsass.exe
H:\lsass.exe
I:\lsass.exe

Folder::

Registry::

▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

▶ Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
sangonesall6
 
ComboFix 08-11-05.02 - TOSHIBA 2008-11-06 15:05:43.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1698 [GMT 0:00]
Lancé depuis: c:\users\TOSHIBA\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\TOSHIBA\Downloads\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active


FILE ::
C:\lsass.exe
c:\windows\lsass.exe
D:\lsass.exe
E:\lsass.exe
H:\lsass.exe
I:\lsass.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-06 au 2008-11-06 ))))))))))))))))))))))))))))))))))))
.

2008-11-06 09:28 . 2008-11-06 09:47 <REP> d-------- c:\program files\UsbFix
2008-11-06 08:53 . 2008-11-06 08:53 <REP> d-------- c:\program files\Trend Micro
2008-11-05 00:38 . 2008-11-05 00:38 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-11-05 00:38 . 2008-11-05 00:38 <REP> d-------- c:\programdata\Messenger Plus!
2008-11-05 00:00 . 2008-11-05 00:00 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-05 00:00 . 2008-11-05 00:00 <REP> d-------- c:\program files\Circle Developement
2008-11-03 22:14 . 2008-04-26 08:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-11-03 22:14 . 2008-04-12 03:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-11-03 22:14 . 2008-04-05 01:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-11-03 22:14 . 2008-04-05 03:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-11-03 21:25 . 2008-11-03 21:25 17,408 --a------ c:\windows\System32\rpcnetp.exe
2008-11-03 21:25 . 2008-11-03 21:25 17,408 --a------ c:\windows\System32\rpcnetp.dll
2008-11-01 19:37 . 2008-11-01 19:38 <REP> d-------- c:\users\All Users\Yahoo!
2008-11-01 19:37 . 2008-11-01 19:38 <REP> d-------- c:\programdata\Yahoo!
2008-11-01 19:37 . 2008-11-01 19:37 <REP> d-------- c:\program files\Yahoo!
2008-11-01 19:33 . 2008-11-01 19:33 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\gtk-2.0
2008-11-01 19:32 . 2008-11-01 19:35 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\.purple
2008-11-01 19:23 . 2008-11-01 19:37 <REP> d-------- c:\program files\Pidgin
2008-11-01 19:23 . 2008-11-01 19:37 <REP> d-------- c:\program files\Common Files\GTK
2008-11-01 19:05 . 2008-11-01 19:05 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-01 18:49 . 2008-11-01 18:49 <REP> d-------- C:\PerfLogs
2008-11-01 18:25 . 2008-11-01 18:25 <REP> d-------- C:\3842c41e3a4954a3a1
2008-11-01 16:53 . 2008-05-10 03:35 885,248 --a------ c:\windows\System32\RacEngn.dll
2008-11-01 16:53 . 2008-05-09 22:22 9,127 --a------ c:\windows\System32\RacUR.xml
2008-11-01 16:53 . 2008-05-09 22:22 153 --a------ c:\windows\System32\RacUREx.xml
2008-11-01 16:11 . 2008-09-03 03:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-01 16:11 . 2008-09-03 03:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-01 15:31 . 2008-11-01 15:31 <REP> d-------- c:\windows\LARAUDIO
2008-11-01 15:31 . 2008-11-01 15:31 2,416 --a------ c:\windows\TTSDRV.INI
2008-11-01 15:31 . 2008-11-01 15:31 297 --a------ c:\windows\ADAPTA.INI
2008-11-01 14:27 . 2008-11-01 14:27 <REP> d-------- c:\windows\USB Vibration
2008-11-01 14:27 . 2008-11-01 14:27 <REP> d-------- c:\program files\USB Vibration
2008-10-31 12:39 . 2008-10-31 12:39 <REP> d-------- c:\users\TOSHIBA\NFS Underground2
2008-10-31 12:16 . 2008-10-31 12:16 <REP> d-------- c:\program files\EA GAMES
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\Apple Computer
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\program files\iTunes
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\program files\iPod
2008-10-31 12:12 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-10-31 12:12 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-10-31 12:11 . 2008-10-31 12:11 <REP> d-------- c:\program files\QuickTime
2008-10-31 12:11 . 2008-10-31 12:11 <REP> d-------- c:\program files\Bonjour
2008-10-31 12:09 . 2008-10-31 12:09 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-10-31 12:08 . 2008-10-31 12:08 <REP> d-------- c:\program files\Apple Software Update
2008-10-31 12:07 . 2008-10-31 12:11 <REP> d-------- c:\program files\Common Files\Apple
2008-10-30 22:34 . 2008-01-19 07:33 2,623,488 --a------ c:\windows\System32\SLsvc.exe
2008-10-30 22:34 . 2008-01-19 07:36 1,541,120 --a------ c:\windows\System32\onex.dll
2008-10-30 22:32 . 2008-01-19 07:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-10-30 22:31 . 2008-01-19 06:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-10-30 22:30 . 2008-01-19 07:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-10-30 22:30 . 2008-01-19 07:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-10-30 22:30 . 2008-01-19 07:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-10-30 22:30 . 2008-01-19 07:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-10-30 22:30 . 2008-01-19 07:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-10-30 22:30 . 2008-01-19 07:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-10-30 22:30 . 2008-01-19 07:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-10-30 22:30 . 2008-01-19 07:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-10-30 22:30 . 2008-01-19 07:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-10-30 22:30 . 2008-01-19 07:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-10-30 19:52 . 2007-09-13 14:14 184,320 --a------ c:\windows\System32\igfxres.dll
2008-10-30 12:08 . 2008-10-30 12:08 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\DAEMON Tools
2008-10-30 12:08 . 2008-10-30 12:08 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-10-30 10:46 . 2008-10-30 10:46 <REP> d-------- c:\program files\KONAMI
2008-10-30 07:03 . 2008-10-30 07:03 <REP> d-------- c:\program files\Free Music Zilla
2008-10-30 03:05 . 2008-10-30 03:05 269,312 --a------ c:\windows\System32\es.dll
2008-10-30 00:51 . 2008-10-30 00:51 <REP> d-------- c:\users\All Users\eMule
2008-10-30 00:51 . 2008-10-30 00:51 <REP> d-------- c:\programdata\eMule
2008-10-30 00:50 . 2008-11-05 10:23 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\LimeWire
2008-10-30 00:49 . 2008-10-30 00:49 <REP> d-------- c:\program files\Dactylo
2008-10-30 00:48 . 2008-10-30 00:49 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-10-30 00:48 . 2008-10-30 00:48 45 ---h----- c:\windows\dvis5054.dat
2008-10-30 00:47 . 2008-10-30 00:48 <REP> d-------- c:\program files\Java
2008-10-30 00:47 . 2008-10-30 00:47 <REP> d-------- c:\program files\Common Files\Java
2008-10-30 00:20 . 2008-11-01 15:39 <REP> d-------- c:\program files\adslTV
2008-10-30 00:09 . 2008-10-30 00:10 <REP> d-------- c:\program files\Common Files\Adobe
2008-10-30 00:03 . 2008-10-30 00:03 <REP> d-------- c:\windows\System32\Adobe
2008-10-30 00:02 . 2008-10-30 00:02 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2008-10-29 23:56 . 2008-10-29 23:56 <REP> d-------- c:\program files\Lavalys
2008-10-29 23:53 . 2008-10-29 23:53 <REP> d-------- c:\program files\Xilisoft
2008-10-29 23:52 . 2008-10-29 23:52 <REP> d-------- c:\program files\Xvid
2008-10-29 23:52 . 2008-10-29 23:52 <REP> d-------- c:\program files\DsNET Corp
2008-10-29 23:52 . 2007-06-28 18:52 765,952 --a------ c:\windows\System32\xvidcore.dll
2008-10-29 23:52 . 2007-06-28 18:54 180,224 --a------ c:\windows\System32\xvidvfw.dll
2008-10-29 23:52 . 2007-06-28 18:55 77,824 --a------ c:\windows\System32\xvid.ax
2008-10-29 23:51 . 2008-10-29 23:51 <REP> d-------- c:\program files\WinAVI MP4 Converter
2008-10-29 23:47 . 2008-10-29 23:47 <REP> d-------- c:\program files\WinISO
2008-10-29 23:45 . 2008-10-31 12:12 <REP> d-------- c:\users\All Users\Apple Computer
2008-10-29 23:45 . 2008-10-31 12:12 <REP> d-------- c:\programdata\Apple Computer
2008-10-29 23:44 . 2008-10-29 23:44 <REP> d-------- c:\users\All Users\Apple
2008-10-29 23:44 . 2008-10-29 23:44 <REP> d-------- c:\programdata\Apple
2008-10-29 23:42 . 2008-10-29 23:46 <REP> d-------- c:\program files\LimeWire
2008-10-29 23:41 . 2008-10-29 23:42 <REP> d-------- c:\program files\eMule
2008-10-29 23:41 . 2008-10-29 23:41 <REP> d-------- c:\program files\Ares
2008-10-29 23:40 . 2008-10-29 23:40 <REP> d-------- c:\program files\Opera
2008-10-29 23:40 . 2008-10-29 23:40 <REP> d-------- c:\program files\CCleaner
2008-10-29 23:38 . 2008-11-06 12:44 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\vlc
2008-10-29 23:24 . 2008-11-06 06:50 <REP> d-------- c:\program files\Larousse
2008-10-29 23:24 . 2008-10-29 23:24 <REP> d-------- c:\program files\directx
2008-10-29 23:24 . 1998-06-17 19:07 57,344 --a------ c:\windows\System32\Mfc42loc.dll
2008-10-29 21:22 . 2008-10-29 21:30 <REP> d-------- c:\program files\Windows Live Safety Center
2008-10-29 19:52 . 2008-10-30 17:18 <REP> d-------- c:\users\TOSHIBA\Logiciel
2008-10-29 19:52 . 2008-11-05 09:19 <REP> d-------- c:\users\TOSHIBA\BEM
2008-10-29 19:30 . 2008-07-20 17:44 324,120 --a------ c:\windows\System32\drivers\iaStor.sys
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\TOSHIBA\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\Intel
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\Public\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\Default\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\All Users\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\programdata\Roaming
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\users\All Users\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\programdata\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\program files\Common Files\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\program files\Cisco
2008-10-29 19:27 . 2008-10-29 19:27 <REP> d-------- c:\program files\Toshiba
2008-10-29 19:23 . 2008-10-29 19:23 <REP> d-------- c:\users\All Users\ma-config.com
2008-10-29 19:23 . 2008-10-29 19:23 <REP> d-------- c:\programdata\ma-config.com
2008-10-29 19:23 . 2008-10-29 19:24 <REP> d-------- c:\program files\ma-config.com
2008-10-29 19:00 . 2008-10-29 19:00 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-10-29 19:00 . 2008-10-29 19:00 272,896 --a------ c:\windows\System32\polstore.dll
2008-10-29 19:00 . 2008-10-29 19:00 61,440 --a------ c:\windows\System32\winipsec.dll
2008-10-29 19:00 . 2008-10-29 19:00 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-10-29 18:59 . 2008-10-29 18:59 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-10-29 18:58 . 2008-10-29 18:58 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 18:59 174 --sha-w c:\program files\desktop.ini
2008-11-01 18:52 --------- d-----w c:\program files\Windows Sidebar
2008-11-01 18:52 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-01 18:52 --------- d-----w c:\program files\Windows Mail
2008-11-01 18:52 --------- d-----w c:\program files\Windows Journal
2008-11-01 18:52 --------- d-----w c:\program files\Windows Collaboration
2008-11-01 18:52 --------- d-----w c:\program files\Windows Calendar
2008-11-01 18:51 --------- d-----w c:\program files\Windows Defender
2008-11-01 18:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-01 18:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-29 18:58 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-29 18:58 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-29 18:58 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 18:58 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-29 18:58 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 18:35 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-10-29 13:10 --------- d-----w c:\program files\MSBuild
2008-10-29 10:28 --------- d-sh--w c:\programdata\Modèles
2008-10-29 10:28 --------- d-sh--w c:\programdata\Menu Démarrer
2008-10-29 10:28 --------- d-sh--w c:\programdata\Favoris
2008-10-29 10:28 --------- d-sh--w c:\programdata\Bureau
2008-10-29 10:28 --------- d-sh--w c:\program files\Fichiers communs
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-08-29 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 09:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-20 16:24 774,144 ----a-w c:\windows\System32\wlihvui.dll
2008-08-20 16:18 987,136 ----a-w c:\windows\System32\iwmssvc.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_10.45.35,55 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-06 09:46:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-06 10:53:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-06 09:46:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-06 10:53:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-06 09:48:23 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-06 15:04:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-06 15:04:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-06 09:48:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-06 12:05:26 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-06 12:05:26 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-11-06 12:59:22 2,456 ----a-w c:\windows\System32\networklist\icons\{200BEA1B-B8DD-4860-A10D-19C68A873AC5}_24.bin
+ 2008-11-06 12:59:22 4,280 ----a-w c:\windows\System32\networklist\icons\{200BEA1B-B8DD-4860-A10D-19C68A873AC5}_32.bin
+ 2008-11-06 12:59:22 9,560 ----a-w c:\windows\System32\networklist\icons\{200BEA1B-B8DD-4860-A10D-19C68A873AC5}_48.bin
- 2008-11-06 09:53:42 102,094 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-06 15:07:10 102,094 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-06 09:53:42 124,434 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-06 15:07:10 124,434 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-06 09:53:42 590,082 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-06 15:07:10 590,082 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-06 09:53:42 672,322 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-06 15:07:10 672,322 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-06 09:48:52 6,548 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1800692337-3776960856-3704569264-1000_UserData.bin
+ 2008-11-06 10:55:00 6,588 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1800692337-3776960856-3704569264-1000_UserData.bin
- 2008-11-06 09:48:52 61,888 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-06 10:54:59 62,070 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-06 10:52:11 1,662 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-06 09:48:48 33,948 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-06 10:54:58 34,004 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-29 949376]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hyperappel du Petit Larousse 2009.lnk - c:\program files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [2008-11-06 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7DE29AAA-CF77-4573-9C62-192BF414065A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2218B1AF-E0FD-4880-8B2E-F46719BDB171}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{B98B3EF2-8558-49F2-8206-973F3900DFBF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{E5576112-D07F-4381-B12D-4B7545226AA9}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{7F49B2AC-8C84-44A2-AEAE-D2AB8C2CB298}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{5AC1AF45-1C3E-4A1F-ACF2-99C7F639F2A5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{93DFF1A9-C917-42B4-9E86-2379665BF836}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{3F93EABF-596E-4E68-ACC5-D96D37F549DD}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{A1DAE003-BF0C-41F4-BE7C-992D7C6308C8}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7C324F92-8DE2-42C3-B38C-008E0F1F24C4}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{3A6DD3C3-BA15-4E60-87C1-04176CAE3444}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{0925CBC1-59A5-4C42-BA0A-BA27D79FCC24}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{A3BB271A-33BB-41EE-BCD2-2A3AA106ECC1}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C62E622B-1091-4C8E-B25E-C226513A38F1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E610001E-AA17-4905-AF96-9279C2779DE0}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{651DEA55-CFDD-408B-A2C8-F21B2EC5F72E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"{CB199C02-737D-42A1-8141-F6BEFBC65466}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0BE5EFD7-C00A-47FE-9652-B39FDF186AEA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{03239B30-CDDB-4B27-AC73-7906BB8BC6E9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7FE57755-644F-420F-96AF-141485E63DF4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{62EDDBD9-8BFE-4029-8B3D-84DB336644D9}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{13929A16-05D4-47AF-B1A1-24131B741815}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"{6668C407-4EEB-4CE1-B505-09916628035B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E41161C-4E46-4469-B257-DB6C317B1403}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E7635AFE-5345-40FF-85A2-1E2AB28A3CF4}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{E4E7D761-3BA9-4D7F-8F34-9C17E553F9C9}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F6EB45D1-E8F8-49E4-ADBC-A7031E02FACE}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{B93D1CCE-2750-4B9C-8466-7EEFB85F3FCE}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{6BF1B7CA-CB4D-444E-8633-D432D559EA6F}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-10-29 240128]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-10-28 195752]
S3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]
.
Contenu du dossier 'Tâches planifiées'

2008-11-06 c:\windows\Tasks\User_Feed_Synchronization-{B282DC8A-121F-42D5-A3DE-78D9D5B277D7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 15:13:22
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\TOSHIBA\AppData\Local\Temp\~DF9AA.tmp 16384 bytes
c:\users\TOSHIBA\AppData\Local\Temp\~DFA46.tmp 512 bytes
c:\users\TOSHIBA\AppData\Local\Temp\~DFFEC1.tmp 163840 bytes
c:\users\TOSHIBA\AppData\Local\Temp\~DFFECA.tmp 512 bytes

Scan terminé avec succès
Fichiers cachés: 4

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\Explorer.exe
-> g:\windows\system32\Normaliz.dll
.
Heure de fin: 2008-11-06 15:15:05
ComboFix-quarantined-files.txt 2008-11-06 15:14:58
ComboFix2.txt 2008-11-06 10:46:46

Avant-CF: 37 907 935 232 octets libres
Après-CF: 37,662,593,024 octets libres

298 --- E O F --- 2008-11-05 14:12:44
0
Réponse 10 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
refais un nouveau rapport hijackthis stp
0
sangonesall6
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:47, on 06/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
H:\lsass.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.sn/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 11 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
supprime combofix et retélécharges le en l installant sur le bureau stp

ensuite refais une analyse et poste son rapport stp (il était mal installé)
0
sangonesall6
 
ComboFix 08-11-05.02 - TOSHIBA 2008-11-06 16:34:47.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1663 [GMT 0:00]
Lancé depuis: c:\users\TOSHIBA\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\TOSHIBA\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active


FILE ::
C:\lsass.exe
c:\windows\lsass.exe
D:\lsass.exe
E:\lsass.exe
H:\lsass.exe
I:\lsass.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-06 au 2008-11-06 ))))))))))))))))))))))))))))))))))))
.

2008-11-06 09:28 . 2008-11-06 09:47 <REP> d-------- c:\program files\UsbFix
2008-11-06 08:53 . 2008-11-06 08:53 <REP> d-------- c:\program files\Trend Micro
2008-11-05 00:38 . 2008-11-05 00:38 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-11-05 00:38 . 2008-11-05 00:38 <REP> d-------- c:\programdata\Messenger Plus!
2008-11-05 00:00 . 2008-11-05 00:00 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-05 00:00 . 2008-11-05 00:00 <REP> d-------- c:\program files\Circle Developement
2008-11-03 22:14 . 2008-04-26 08:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-11-03 22:14 . 2008-04-12 03:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-11-03 22:14 . 2008-04-05 01:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-11-03 22:14 . 2008-04-05 03:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-11-03 21:25 . 2008-11-03 21:25 17,408 --a------ c:\windows\System32\rpcnetp.exe
2008-11-03 21:25 . 2008-11-03 21:25 17,408 --a------ c:\windows\System32\rpcnetp.dll
2008-11-01 19:37 . 2008-11-01 19:38 <REP> d-------- c:\users\All Users\Yahoo!
2008-11-01 19:37 . 2008-11-01 19:38 <REP> d-------- c:\programdata\Yahoo!
2008-11-01 19:37 . 2008-11-01 19:37 <REP> d-------- c:\program files\Yahoo!
2008-11-01 19:33 . 2008-11-01 19:33 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\gtk-2.0
2008-11-01 19:32 . 2008-11-01 19:35 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\.purple
2008-11-01 19:23 . 2008-11-01 19:37 <REP> d-------- c:\program files\Pidgin
2008-11-01 19:23 . 2008-11-01 19:37 <REP> d-------- c:\program files\Common Files\GTK
2008-11-01 19:05 . 2008-11-01 19:05 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-01 18:49 . 2008-11-01 18:49 <REP> d-------- C:\PerfLogs
2008-11-01 18:25 . 2008-11-01 18:25 <REP> d-------- C:\3842c41e3a4954a3a1
2008-11-01 16:53 . 2008-05-10 03:35 885,248 --a------ c:\windows\System32\RacEngn.dll
2008-11-01 16:53 . 2008-05-09 22:22 9,127 --a------ c:\windows\System32\RacUR.xml
2008-11-01 16:53 . 2008-05-09 22:22 153 --a------ c:\windows\System32\RacUREx.xml
2008-11-01 16:11 . 2008-09-03 03:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-01 16:11 . 2008-09-03 03:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-01 15:31 . 2008-11-01 15:31 <REP> d-------- c:\windows\LARAUDIO
2008-11-01 15:31 . 2008-11-01 15:31 2,416 --a------ c:\windows\TTSDRV.INI
2008-11-01 15:31 . 2008-11-01 15:31 297 --a------ c:\windows\ADAPTA.INI
2008-11-01 14:27 . 2008-11-01 14:27 <REP> d-------- c:\windows\USB Vibration
2008-11-01 14:27 . 2008-11-01 14:27 <REP> d-------- c:\program files\USB Vibration
2008-10-31 12:39 . 2008-10-31 12:39 <REP> d-------- c:\users\TOSHIBA\NFS Underground2
2008-10-31 12:16 . 2008-10-31 12:16 <REP> d-------- c:\program files\EA GAMES
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\Apple Computer
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\program files\iTunes
2008-10-31 12:12 . 2008-10-31 12:12 <REP> d-------- c:\program files\iPod
2008-10-31 12:12 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-10-31 12:12 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-10-31 12:11 . 2008-10-31 12:11 <REP> d-------- c:\program files\QuickTime
2008-10-31 12:11 . 2008-10-31 12:11 <REP> d-------- c:\program files\Bonjour
2008-10-31 12:09 . 2008-10-31 12:09 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-10-31 12:08 . 2008-10-31 12:08 <REP> d-------- c:\program files\Apple Software Update
2008-10-31 12:07 . 2008-10-31 12:11 <REP> d-------- c:\program files\Common Files\Apple
2008-10-30 22:34 . 2008-01-19 07:33 2,623,488 --a------ c:\windows\System32\SLsvc.exe
2008-10-30 22:34 . 2008-01-19 07:36 1,541,120 --a------ c:\windows\System32\onex.dll
2008-10-30 22:32 . 2008-01-19 07:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-10-30 22:31 . 2008-01-19 06:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-10-30 22:30 . 2008-01-19 07:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-10-30 22:30 . 2008-01-19 07:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-10-30 22:30 . 2008-01-19 07:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-10-30 22:30 . 2008-01-19 07:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-10-30 22:30 . 2008-01-19 07:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-10-30 22:30 . 2008-01-19 07:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-10-30 22:30 . 2008-01-19 07:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-10-30 22:30 . 2008-01-19 07:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-10-30 22:30 . 2008-01-19 07:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-10-30 22:30 . 2008-01-19 07:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-10-30 19:52 . 2007-09-13 14:14 184,320 --a------ c:\windows\System32\igfxres.dll
2008-10-30 12:08 . 2008-10-30 12:08 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\DAEMON Tools
2008-10-30 12:08 . 2008-10-30 12:08 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-10-30 10:46 . 2008-10-30 10:46 <REP> d-------- c:\program files\KONAMI
2008-10-30 07:03 . 2008-10-30 07:03 <REP> d-------- c:\program files\Free Music Zilla
2008-10-30 03:05 . 2008-10-30 03:05 269,312 --a------ c:\windows\System32\es.dll
2008-10-30 00:51 . 2008-10-30 00:51 <REP> d-------- c:\users\All Users\eMule
2008-10-30 00:51 . 2008-10-30 00:51 <REP> d-------- c:\programdata\eMule
2008-10-30 00:50 . 2008-11-05 10:23 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\LimeWire
2008-10-30 00:49 . 2008-10-30 00:49 <REP> d-------- c:\program files\Dactylo
2008-10-30 00:48 . 2008-10-30 00:49 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-10-30 00:48 . 2008-10-30 00:48 45 ---h----- c:\windows\dvis5054.dat
2008-10-30 00:47 . 2008-10-30 00:48 <REP> d-------- c:\program files\Java
2008-10-30 00:47 . 2008-10-30 00:47 <REP> d-------- c:\program files\Common Files\Java
2008-10-30 00:20 . 2008-11-01 15:39 <REP> d-------- c:\program files\adslTV
2008-10-30 00:09 . 2008-10-30 00:10 <REP> d-------- c:\program files\Common Files\Adobe
2008-10-30 00:03 . 2008-10-30 00:03 <REP> d-------- c:\windows\System32\Adobe
2008-10-30 00:02 . 2008-10-30 00:02 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2008-10-29 23:56 . 2008-10-29 23:56 <REP> d-------- c:\program files\Lavalys
2008-10-29 23:53 . 2008-10-29 23:53 <REP> d-------- c:\program files\Xilisoft
2008-10-29 23:52 . 2008-10-29 23:52 <REP> d-------- c:\program files\Xvid
2008-10-29 23:52 . 2008-10-29 23:52 <REP> d-------- c:\program files\DsNET Corp
2008-10-29 23:52 . 2007-06-28 18:52 765,952 --a------ c:\windows\System32\xvidcore.dll
2008-10-29 23:52 . 2007-06-28 18:54 180,224 --a------ c:\windows\System32\xvidvfw.dll
2008-10-29 23:52 . 2007-06-28 18:55 77,824 --a------ c:\windows\System32\xvid.ax
2008-10-29 23:51 . 2008-10-29 23:51 <REP> d-------- c:\program files\WinAVI MP4 Converter
2008-10-29 23:47 . 2008-10-29 23:47 <REP> d-------- c:\program files\WinISO
2008-10-29 23:45 . 2008-10-31 12:12 <REP> d-------- c:\users\All Users\Apple Computer
2008-10-29 23:45 . 2008-10-31 12:12 <REP> d-------- c:\programdata\Apple Computer
2008-10-29 23:44 . 2008-10-29 23:44 <REP> d-------- c:\users\All Users\Apple
2008-10-29 23:44 . 2008-10-29 23:44 <REP> d-------- c:\programdata\Apple
2008-10-29 23:42 . 2008-10-29 23:46 <REP> d-------- c:\program files\LimeWire
2008-10-29 23:41 . 2008-10-29 23:42 <REP> d-------- c:\program files\eMule
2008-10-29 23:41 . 2008-10-29 23:41 <REP> d-------- c:\program files\Ares
2008-10-29 23:40 . 2008-10-29 23:40 <REP> d-------- c:\program files\Opera
2008-10-29 23:40 . 2008-10-29 23:40 <REP> d-------- c:\program files\CCleaner
2008-10-29 23:38 . 2008-11-06 12:44 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\vlc
2008-10-29 23:24 . 2008-11-06 06:50 <REP> d-------- c:\program files\Larousse
2008-10-29 23:24 . 2008-10-29 23:24 <REP> d-------- c:\program files\directx
2008-10-29 23:24 . 1998-06-17 19:07 57,344 --a------ c:\windows\System32\Mfc42loc.dll
2008-10-29 21:22 . 2008-10-29 21:30 <REP> d-------- c:\program files\Windows Live Safety Center
2008-10-29 19:52 . 2008-10-30 17:18 <REP> d-------- c:\users\TOSHIBA\Logiciel
2008-10-29 19:52 . 2008-11-05 09:19 <REP> d-------- c:\users\TOSHIBA\BEM
2008-10-29 19:30 . 2008-07-20 17:44 324,120 --a------ c:\windows\System32\drivers\iaStor.sys
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\TOSHIBA\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\TOSHIBA\AppData\Roaming\Intel
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\Public\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\Default\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\users\All Users\Roaming
2008-10-29 19:29 . 2008-10-29 19:29 <REP> d-------- c:\programdata\Roaming
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\users\All Users\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\programdata\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\program files\Common Files\Intel
2008-10-29 19:28 . 2008-10-29 19:28 <REP> d-------- c:\program files\Cisco
2008-10-29 19:27 . 2008-10-29 19:27 <REP> d-------- c:\program files\Toshiba
2008-10-29 19:23 . 2008-10-29 19:23 <REP> d-------- c:\users\All Users\ma-config.com
2008-10-29 19:23 . 2008-10-29 19:23 <REP> d-------- c:\programdata\ma-config.com
2008-10-29 19:23 . 2008-10-29 19:24 <REP> d-------- c:\program files\ma-config.com
2008-10-29 19:00 . 2008-10-29 19:00 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-10-29 19:00 . 2008-10-29 19:00 272,896 --a------ c:\windows\System32\polstore.dll
2008-10-29 19:00 . 2008-10-29 19:00 61,440 --a------ c:\windows\System32\winipsec.dll
2008-10-29 19:00 . 2008-10-29 19:00 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-10-29 18:59 . 2008-10-29 18:59 1,820 --a------ c:\windows\System32\rasctrnm.h
2008-10-29 18:58 . 2008-10-29 18:58 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 18:59 174 --sha-w c:\program files\desktop.ini
2008-11-01 18:52 --------- d-----w c:\program files\Windows Sidebar
2008-11-01 18:52 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-01 18:52 --------- d-----w c:\program files\Windows Mail
2008-11-01 18:52 --------- d-----w c:\program files\Windows Journal
2008-11-01 18:52 --------- d-----w c:\program files\Windows Collaboration
2008-11-01 18:52 --------- d-----w c:\program files\Windows Calendar
2008-11-01 18:51 --------- d-----w c:\program files\Windows Defender
2008-11-01 18:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-01 18:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-29 18:58 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-29 18:58 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-29 18:58 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 18:58 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-29 18:58 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 18:35 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-10-29 13:10 --------- d-----w c:\program files\MSBuild
2008-10-29 10:28 --------- d-sh--w c:\programdata\Modèles
2008-10-29 10:28 --------- d-sh--w c:\programdata\Menu Démarrer
2008-10-29 10:28 --------- d-sh--w c:\programdata\Favoris
2008-10-29 10:28 --------- d-sh--w c:\programdata\Bureau
2008-10-29 10:28 --------- d-sh--w c:\program files\Fichiers communs
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-08-29 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 09:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-20 16:24 774,144 ----a-w c:\windows\System32\wlihvui.dll
2008-08-20 16:18 987,136 ----a-w c:\windows\System32\iwmssvc.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_10.45.35,55 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-06 09:46:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-06 10:53:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-06 09:46:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-06 10:53:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-06 09:48:23 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-06 15:04:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-06 15:04:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-06 09:48:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-06 12:05:26 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-06 12:05:26 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-11-06 12:59:22 2,456 ----a-w c:\windows\System32\networklist\icons\{200BEA1B-B8DD-4860-A10D-19C68A873AC5}_24.bin
+ 2008-11-06 12:59:22 4,280 ----a-w c:\windows\System32\networklist\icons\{200BEA1B-B8DD-4860-A10D-19C68A873AC5}_32.bin
+ 2008-11-06 12:59:22 9,560 ----a-w c:\windows\System32\networklist\icons\{200BEA1B-B8DD-4860-A10D-19C68A873AC5}_48.bin
- 2008-11-06 09:53:42 102,094 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-06 15:07:10 102,094 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-06 09:53:42 124,434 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-06 15:07:10 124,434 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-06 09:53:42 590,082 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-06 15:07:10 590,082 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-06 09:53:42 672,322 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-06 15:07:10 672,322 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-06 09:48:52 6,548 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1800692337-3776960856-3704569264-1000_UserData.bin
+ 2008-11-06 10:55:00 6,588 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1800692337-3776960856-3704569264-1000_UserData.bin
- 2008-11-06 09:48:52 61,888 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-06 10:54:59 62,070 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-06 10:52:11 1,662 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-06 09:48:48 33,948 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-06 10:54:58 34,004 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-29 949376]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hyperappel du Petit Larousse 2009.lnk - c:\program files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [2008-11-06 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7DE29AAA-CF77-4573-9C62-192BF414065A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2218B1AF-E0FD-4880-8B2E-F46719BDB171}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{B98B3EF2-8558-49F2-8206-973F3900DFBF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{E5576112-D07F-4381-B12D-4B7545226AA9}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{7F49B2AC-8C84-44A2-AEAE-D2AB8C2CB298}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{5AC1AF45-1C3E-4A1F-ACF2-99C7F639F2A5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{93DFF1A9-C917-42B4-9E86-2379665BF836}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{3F93EABF-596E-4E68-ACC5-D96D37F549DD}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{A1DAE003-BF0C-41F4-BE7C-992D7C6308C8}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7C324F92-8DE2-42C3-B38C-008E0F1F24C4}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{3A6DD3C3-BA15-4E60-87C1-04176CAE3444}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{0925CBC1-59A5-4C42-BA0A-BA27D79FCC24}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{A3BB271A-33BB-41EE-BCD2-2A3AA106ECC1}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C62E622B-1091-4C8E-B25E-C226513A38F1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E610001E-AA17-4905-AF96-9279C2779DE0}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query User{651DEA55-CFDD-408B-A2C8-F21B2EC5F72E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"{CB199C02-737D-42A1-8141-F6BEFBC65466}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0BE5EFD7-C00A-47FE-9652-B39FDF186AEA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{03239B30-CDDB-4B27-AC73-7906BB8BC6E9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7FE57755-644F-420F-96AF-141485E63DF4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{62EDDBD9-8BFE-4029-8B3D-84DB336644D9}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{13929A16-05D4-47AF-B1A1-24131B741815}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"{6668C407-4EEB-4CE1-B505-09916628035B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E41161C-4E46-4469-B257-DB6C317B1403}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E7635AFE-5345-40FF-85A2-1E2AB28A3CF4}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{E4E7D761-3BA9-4D7F-8F34-9C17E553F9C9}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F6EB45D1-E8F8-49E4-ADBC-A7031E02FACE}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{B93D1CCE-2750-4B9C-8466-7EEFB85F3FCE}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{6BF1B7CA-CB4D-444E-8633-D432D559EA6F}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-10-29 240128]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-10-28 195752]
S3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]
.
Contenu du dossier 'Tâches planifiées'

2008-11-06 c:\windows\Tasks\User_Feed_Synchronization-{B282DC8A-121F-42D5-A3DE-78D9D5B277D7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 16:42:16
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

[0] 0x0FDB3102

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-06 16:44:13
ComboFix-quarantined-files.txt 2008-11-06 16:44:06
ComboFix2.txt 2008-11-06 15:15:06
ComboFix3.txt 2008-11-06 10:46:46

Avant-CF: 45 380 345 856 octets libres
Après-CF: 45,133,217,792 octets libres

292 --- E O F --- 2008-11-05 14:12:44
0
Réponse 12 / 12
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok maintenant refais le message 13 stp

http://www.commentcamarche.net/forum/affich 9282319 ya une fenetre qui ouvre tout seul sur le bu?#13
0

Discussions similaires

Xiaomi Redmi Note 11 : volume augment tout seul
Wasa -
oblixx -

3 réponses
Redmi note 8 pro problème son
mtex1131 -
Daf -

112 réponses
Powershell s’ouvre tout seul
Natcgn -
bazfile -

15 réponses
[Sujet Groupé] Accès impossible à MarketPlace/Facebook
AnaChris59 -
decottttt -

45 réponses
Son qui monte tout seul
AllezLOUya -
Didi64_549 -

1 réponse