Rapport hijackthis
Résolu
Utilisateur anonyme
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je tiens a poster ce rapport car je suspecte une infection sur mon pc , pouvez vous l'analyser pour me dire ce qu'il en est et en cas d'infection quoi faire ? car a chaque démarrage de mon pc , une erreur dll s'affiche !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:10, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\oodtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Users\Emilien\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: RtkHDMIService - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
je tiens a poster ce rapport car je suspecte une infection sur mon pc , pouvez vous l'analyser pour me dire ce qu'il en est et en cas d'infection quoi faire ? car a chaque démarrage de mon pc , une erreur dll s'affiche !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:10, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\oodtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Users\Emilien\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: RtkHDMIService - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Rapport hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
6 réponses
slt
colle le rapport antivir si tu l'as
puis
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
colle le rapport antivir si tu l'as
puis
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
voila le rapport de antivir !
Avira AntiVir Personal
Report file date: mercredi 26 novembre 2008 01:00
Scanning for 1052561 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: Emilien
Computer name: PC-DE-EMILIEN
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 22:26:59
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 05:03:52
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 17:15:21
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 23/11/2008 22:26:37
ANTIVIR3.VDF : 7.1.0.137 102400 Bytes 25/11/2008 22:26:59
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 17:15:25
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 22:12:30
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 14:26:59
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 17:15:24
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 22:12:30
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 22:12:29
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 21:18:05
AEGEN.DLL : 8.1.1.5 323956 Bytes 21/11/2008 21:18:03
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 21/11/2008 21:18:02
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 02/11/2008 05:03:54
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 26 novembre 2008 01:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'SetupX.exe' - '1' Module(s) have been scanned
Scan process 'ipclog.exe' - '1' Module(s) have been scanned
Scan process 'mfpmp.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'oodtray.exe' - '1' Module(s) have been scanned
Scan process 'MarketingTools.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'SPMService.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'NSUService.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'RTKAUDIOSERVICE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
90 processes with 90 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] In the drive 'D:\' no data medium is inserted!
Boot sector 'E:\'
[INFO] In the drive 'E:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '48' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: mercredi 26 novembre 2008 01:52
Used time: 52:32 Minute(s)
The scan has been done completely.
20878 Scanning directories
290045 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
290043 Files not concerned
2410 Archives were scanned
4 Warnings
0 Notes
Avira AntiVir Personal
Report file date: mercredi 26 novembre 2008 01:00
Scanning for 1052561 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: Emilien
Computer name: PC-DE-EMILIEN
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 22:26:59
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 05:03:52
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 17:15:21
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 23/11/2008 22:26:37
ANTIVIR3.VDF : 7.1.0.137 102400 Bytes 25/11/2008 22:26:59
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 17:15:25
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 22:12:30
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 14:26:59
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 17:15:24
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 22:12:30
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 22:12:29
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 21:18:05
AEGEN.DLL : 8.1.1.5 323956 Bytes 21/11/2008 21:18:03
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 21/11/2008 21:18:02
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 02/11/2008 05:03:54
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 26 novembre 2008 01:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'SetupX.exe' - '1' Module(s) have been scanned
Scan process 'ipclog.exe' - '1' Module(s) have been scanned
Scan process 'mfpmp.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'oodtray.exe' - '1' Module(s) have been scanned
Scan process 'MarketingTools.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'SPMService.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'NSUService.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'RTKAUDIOSERVICE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
90 processes with 90 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] In the drive 'D:\' no data medium is inserted!
Boot sector 'E:\'
[INFO] In the drive 'E:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '48' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: mercredi 26 novembre 2008 01:52
Used time: 52:32 Minute(s)
The scan has been done completely.
20878 Scanning directories
290045 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
290043 Files not concerned
2410 Archives were scanned
4 Warnings
0 Notes
et voila le rapport de combofix
ComboFix 08-11-26.01 - Emilien 2008-11-26 14:45:47.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1860 [GMT 1:00]
Lancé depuis: c:\users\Emilien\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
.
2008-11-26 01:26 . 2008-11-26 01:26 4,767 --a------ c:\windows\Irremote.ini
2008-11-25 23:28 . 2008-11-26 01:11 <REP> d-------- c:\users\All Users\Nero
2008-11-25 23:28 . 2008-11-26 01:11 <REP> d-------- c:\programdata\Nero
2008-11-25 23:28 . 2008-11-26 01:23 <REP> d-------- c:\program files\Nero
2008-11-25 23:28 . 2008-11-26 01:44 <REP> d-------- c:\program files\Common Files\Nero
2008-11-25 22:33 . 2008-11-25 22:33 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 22:33 . 2008-11-25 22:33 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 22:33 . 2008-11-25 22:33 <REP> d-------- c:\program files\iTunes
2008-11-25 22:33 . 2008-11-25 22:33 <REP> d-------- c:\program files\iPod
2008-11-25 22:32 . 2008-11-25 22:32 <REP> d-------- c:\program files\QuickTime
2008-11-25 10:22 . 2008-11-25 10:22 103,936 --a------ c:\windows\update.3470.exe
2008-11-23 17:57 . 2008-11-23 19:12 <REP> d-------- c:\users\Emilien\AppData\Roaming\CVitae
2008-11-23 17:57 . 2008-11-23 17:57 <REP> d-------- c:\program files\MonProduit
2008-11-14 21:16 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 21:16 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 21:16 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 21:16 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 21:16 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 21:16 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 21:16 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 21:16 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 21:16 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 22:33 . 2008-11-13 22:33 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2008-11-12 20:45 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 20:45 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 20:45 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-07 23:55 . 2008-11-08 00:07 <REP> d-------- c:\program files\PhotoFiltre
2008-11-06 20:21 . 2008-11-06 20:34 <REP> d-------- c:\users\Emilien\AppData\Roaming\Scribus
2008-11-05 23:00 . 2008-11-05 23:00 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-11-05 23:00 . 2008-11-05 23:00 <REP> d-------- c:\users\Emilien\AppData\Roaming\Apple Computer
2008-11-05 23:00 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-11-05 23:00 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-11-05 22:59 . 2008-11-05 22:59 <REP> d-------- c:\program files\Bonjour
2008-11-05 22:58 . 2008-11-05 22:59 <REP> d-------- c:\users\All Users\Apple Computer
2008-11-05 22:58 . 2008-11-05 22:59 <REP> d-------- c:\programdata\Apple Computer
2008-11-05 22:58 . 2008-11-05 22:58 <REP> d-------- c:\program files\Apple Software Update
2008-11-05 22:57 . 2008-11-05 22:57 <REP> d-------- c:\users\All Users\Apple
2008-11-05 22:57 . 2008-11-05 22:57 <REP> d-------- c:\programdata\Apple
2008-11-05 22:57 . 2008-11-25 22:33 <REP> d-------- c:\program files\Common Files\Apple
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-02 21:42 . 2008-11-02 21:42 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-02 17:56 . 2008-11-02 17:56 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-11-02 17:56 . 2008-11-02 17:56 <REP> d-------- c:\programdata\Messenger Plus!
2008-11-02 06:01 . 2008-11-02 06:01 <REP> d-------- c:\users\All Users\Avira
2008-11-02 06:01 . 2008-11-02 06:01 <REP> d-------- c:\programdata\Avira
2008-11-02 06:01 . 2008-11-02 06:01 <REP> d-------- c:\program files\Avira
2008-11-02 01:44 . 2008-11-02 01:44 <REP> d-------- c:\program files\WinPcap
2008-11-01 18:55 . 2008-11-26 14:37 72,789 --a------ c:\windows\System32\oodbs.lor
2008-11-01 01:47 . 2008-11-01 01:47 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-31 22:18 . 2008-10-31 22:18 <REP> d-------- c:\program files\OO Software
2008-10-31 14:37 . 2008-10-31 14:37 249,592 --a------ c:\windows\System32\cssdll32.dll
2008-10-31 13:21 . 2008-10-31 13:21 <REP> d-------- c:\users\Emilien\AppData\Roaming\InterVideo
2008-10-31 13:21 . 2008-10-31 13:21 <REP> d-------- c:\users\All Users\InterVideo
2008-10-31 13:21 . 2008-10-31 13:21 <REP> d-------- c:\programdata\InterVideo
2008-10-30 21:19 . 2008-10-30 21:24 <REP> d-------- c:\users\All Users\eMule
2008-10-30 21:19 . 2008-10-30 21:24 <REP> d-------- c:\programdata\eMule
2008-10-29 17:43 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 17:43 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 17:43 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 23:55 --------- d-----w c:\users\Emilien\AppData\Roaming\uTorrent
2008-11-24 23:43 --------- d-----w c:\users\Emilien\AppData\Roaming\LimeWire
2008-11-23 17:24 --------- d-----w c:\users\Emilien\AppData\Roaming\DivX
2008-11-02 20:42 --------- d-----w c:\program files\Java
2008-11-02 15:16 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-02 15:14 --------- d-----w c:\program files\Windows Live
2008-11-02 15:09 --------- d-----w c:\programdata\WLInstaller
2008-10-28 16:36 --------- d-----w c:\programdata\Sony Corporation
2008-10-27 14:27 --------- d-----w c:\users\Emilien\AppData\Roaming\vlc
2008-10-27 14:27 --------- d-----w c:\program files\adslTV
2008-10-27 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 14:18 --------- d-----w c:\programdata\Pinnacle
2008-10-24 18:48 --------- d-----w c:\users\Emilien\AppData\Roaming\Sony Corporation
2008-10-23 22:50 --------- d-----w c:\program files\Pinnacle
2008-10-22 00:01 --------- d-----w c:\program files\LimeWire
2008-10-21 22:42 --------- d-----w c:\program files\Trend Micro
2008-10-21 21:15 --------- d-----w c:\program files\DivX
2008-10-21 20:40 --------- d-----w c:\program files\Google
2008-10-21 20:15 --------- d-----w c:\program files\Microsoft
2008-10-21 20:09 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-21 19:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-20 23:49 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 20:48 --------- d-----w c:\programdata\Microsoft Help
2008-10-20 20:48 --------- d-----w c:\program files\Microsoft Works
2008-10-20 20:45 --------- d-----w c:\program files\NeoSmart Technologies
2008-10-20 20:44 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-10-20 20:12 --------- d-----w c:\program files\Yahoo!
2008-10-20 19:15 --------- d-----w c:\program files\CCleaner
2008-10-20 19:03 --------- d-----w c:\program files\uTorrent
2008-10-20 18:32 --------- d-----w c:\users\Emilien\AppData\Roaming\ArcSoft
2008-10-20 08:46 --------- d-----w c:\programdata\McAfee
2008-10-20 08:41 --------- d-----w c:\programdata\SiteAdvisor
2008-10-20 02:41 --------- d-----w c:\program files\Windows Mail
2008-10-20 02:03 --------- d-----w c:\program files\MSXML 4.0
2008-10-20 01:37 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-20 01:31 --------- d-----w c:\program files\Common Files\Adobe
2008-10-20 01:07 --------- d-----w c:\program files\Sun
2008-10-20 00:57 --------- d-----w c:\users\Emilien\AppData\Roaming\ATI
2008-10-20 00:56 0 ---ha-r c:\windows\system32\drivers\Sony_VGN-FW11M.mrk
2008-10-20 00:47 --------- d-----w c:\programdata\ATI
2008-10-20 00:37 --------- d-----w c:\programdata\Roaming
2008-10-20 00:37 --------- d-----w c:\programdata\Intel
2008-10-20 00:37 --------- d-----w c:\program files\Sony
2008-10-20 00:37 --------- d-----w c:\program files\Intel
2008-10-20 00:37 --------- d-----w c:\program files\Common Files\Intel
2008-10-20 00:37 --------- d-----w c:\program files\Cisco
2008-10-20 00:36 --------- d-----w c:\program files\Common Files\ArcSoft
2008-10-20 00:36 --------- d-----w c:\program files\ArcSoft
2008-10-20 00:32 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-20 00:28 --------- d-----w c:\programdata\Uninstall
2008-10-20 00:28 --------- d-----w c:\programdata\Skype
2008-10-20 00:28 --------- d-----w c:\program files\Skype
2008-10-20 00:28 --------- d-----w c:\program files\Common Files\Skype
2008-10-20 00:27 --------- d-----w c:\programdata\Sonic
2008-10-20 00:27 --------- d-----w c:\program files\Roxio
2008-10-20 00:27 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-10-20 00:27 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-20 00:27 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-10-20 00:20 --------- d-----w c:\programdata\Sony
2008-10-20 00:11 --------- d-----w c:\program files\Picasa2
2008-10-20 00:11 --------- d-----w c:\program files\Google BAE
2008-10-20 00:10 --------- d-----w c:\program files\ATI Technologies
2008-10-20 00:10 --------- d-----w c:\program files\ATI
2008-10-20 00:09 --------- d-----w c:\program files\BFG
2008-10-20 00:08 --------- d-----w c:\program files\InterVideo
2008-10-20 00:08 --------- d-----w c:\program files\Common Files\InterVideo
2008-10-19 23:54 --------- d-----w c:\program files\Microsoft.NET
2008-10-19 23:51 --------- d-----w c:\program files\Lecteur CANALPLAY
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 12:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-16 00:14 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\System32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-08-29 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-02 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-20 36864]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-12 22:45 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
--a------ 2008-04-22 16:08 262144 c:\program files\Sony\Network Utility\LANUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{24E8D696-3BB1-4F14-A371-53B41C77179E}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{D745AE43-1F28-446E-9288-7B756CC8FFAA}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EFF410C4-8FF5-4F95-9D70-DE4522175692}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{22BC8C56-771C-4FAF-A309-5675A46EA4CB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{47FA2281-2DBB-479C-B24A-4438000E7A5E}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{CEAB4918-0B66-41F1-86CD-7C93814746F4}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{AA9D22CC-6D6A-40A4-806D-EF3820193EA0}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{52E821A8-776C-4E6F-B735-CF2FD0D6894C}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{EB9D2438-CA84-4C2C-A544-48F15E0BF34E}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{C2213694-2414-41DA-9B05-3C92A301E631}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{37A5501A-9430-4BC2-A273-59ED2B17C88E}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{6C7DB788-7247-4FF0-9295-0AAEA51516BA}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{DD804432-9A18-4211-9BB4-9CFED90A422F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3239D1DA-FF0C-4647-A5A3-C5880CF28EC4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{154AA15A-BAF0-4AEE-B702-89A852461A02}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EF06E51B-17B4-41AE-B515-C4A88BC41078}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{39FD0D11-48E9-4AC6-86F7-F4A2258C41FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NSUService;NSUService;"c:\program files\Sony\Network Utility\NSUService.exe" [2008-10-20 229376]
R2 regi;regi;\??\c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RtkAudioService.exe [2008-05-19 98304]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-10-20 104960]
R2 VAIO Power Management;VAIO Power Management;"c:\program files\Sony\VAIO Power Management\SPMService.exe" [2008-05-19 411488]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-10-20 17408]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-05-19 3537408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-05-19 28464]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2008-10-21 13440]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 Service CANALPLAY;Service CANALPLAY;"c:\program files\Lecteur CANALPLAY\CanalPlayService.exe" [2008-10-20 423584]
S3 SOHCImp;VAIO Media plus Content Importer;"c:\program files\Sony\VAIO Media plus\SOHCImp.exe" [2008-10-20 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;"c:\program files\Sony\VAIO Media plus\SOHDms.exe" [2008-10-20 350048]
S3 SOHDs;VAIO Media plus Device Searcher;"c:\program files\Sony\VAIO Media plus\SOHDs.exe" [2008-10-20 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2008-10-20 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2008-10-20 87328]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-26 c:\windows\Tasks\User_Feed_Synchronization-{3444ECFE-4C80-4587-BDFD-E9BA8240FF4F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MSServer - c:\windows\system32\xxyyaYQG.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Emilien\AppData\Roaming\Mozilla\Firefox\Profiles\11jtbu5r.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 14:47:14
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(5740)
c:\windows\system32\btmmhook.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Heure de fin: 2008-11-26 14:48:06
ComboFix-quarantined-files.txt 2008-11-26 13:48:01
Avant-CF: 171 376 959 488 octets libres
Après-CF: 173,253,427,200 octets libres
290 --- E O F --- 2008-11-25 15:21:20
ComboFix 08-11-26.01 - Emilien 2008-11-26 14:45:47.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1860 [GMT 1:00]
Lancé depuis: c:\users\Emilien\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\PlayMP3z
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
.
2008-11-26 01:26 . 2008-11-26 01:26 4,767 --a------ c:\windows\Irremote.ini
2008-11-25 23:28 . 2008-11-26 01:11 <REP> d-------- c:\users\All Users\Nero
2008-11-25 23:28 . 2008-11-26 01:11 <REP> d-------- c:\programdata\Nero
2008-11-25 23:28 . 2008-11-26 01:23 <REP> d-------- c:\program files\Nero
2008-11-25 23:28 . 2008-11-26 01:44 <REP> d-------- c:\program files\Common Files\Nero
2008-11-25 22:33 . 2008-11-25 22:33 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 22:33 . 2008-11-25 22:33 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 22:33 . 2008-11-25 22:33 <REP> d-------- c:\program files\iTunes
2008-11-25 22:33 . 2008-11-25 22:33 <REP> d-------- c:\program files\iPod
2008-11-25 22:32 . 2008-11-25 22:32 <REP> d-------- c:\program files\QuickTime
2008-11-25 10:22 . 2008-11-25 10:22 103,936 --a------ c:\windows\update.3470.exe
2008-11-23 17:57 . 2008-11-23 19:12 <REP> d-------- c:\users\Emilien\AppData\Roaming\CVitae
2008-11-23 17:57 . 2008-11-23 17:57 <REP> d-------- c:\program files\MonProduit
2008-11-14 21:16 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 21:16 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 21:16 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 21:16 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 21:16 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 21:16 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 21:16 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 21:16 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 21:16 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 22:33 . 2008-11-13 22:33 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2008-11-12 20:45 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 20:45 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 20:45 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-07 23:55 . 2008-11-08 00:07 <REP> d-------- c:\program files\PhotoFiltre
2008-11-06 20:21 . 2008-11-06 20:34 <REP> d-------- c:\users\Emilien\AppData\Roaming\Scribus
2008-11-05 23:00 . 2008-11-05 23:00 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-11-05 23:00 . 2008-11-05 23:00 <REP> d-------- c:\users\Emilien\AppData\Roaming\Apple Computer
2008-11-05 23:00 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-11-05 23:00 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-11-05 22:59 . 2008-11-05 22:59 <REP> d-------- c:\program files\Bonjour
2008-11-05 22:58 . 2008-11-05 22:59 <REP> d-------- c:\users\All Users\Apple Computer
2008-11-05 22:58 . 2008-11-05 22:59 <REP> d-------- c:\programdata\Apple Computer
2008-11-05 22:58 . 2008-11-05 22:58 <REP> d-------- c:\program files\Apple Software Update
2008-11-05 22:57 . 2008-11-05 22:57 <REP> d-------- c:\users\All Users\Apple
2008-11-05 22:57 . 2008-11-05 22:57 <REP> d-------- c:\programdata\Apple
2008-11-05 22:57 . 2008-11-25 22:33 <REP> d-------- c:\program files\Common Files\Apple
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-02 21:42 . 2008-11-02 21:42 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-02 17:56 . 2008-11-02 17:56 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-11-02 17:56 . 2008-11-02 17:56 <REP> d-------- c:\programdata\Messenger Plus!
2008-11-02 06:01 . 2008-11-02 06:01 <REP> d-------- c:\users\All Users\Avira
2008-11-02 06:01 . 2008-11-02 06:01 <REP> d-------- c:\programdata\Avira
2008-11-02 06:01 . 2008-11-02 06:01 <REP> d-------- c:\program files\Avira
2008-11-02 01:44 . 2008-11-02 01:44 <REP> d-------- c:\program files\WinPcap
2008-11-01 18:55 . 2008-11-26 14:37 72,789 --a------ c:\windows\System32\oodbs.lor
2008-11-01 01:47 . 2008-11-01 01:47 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-31 22:18 . 2008-10-31 22:18 <REP> d-------- c:\program files\OO Software
2008-10-31 14:37 . 2008-10-31 14:37 249,592 --a------ c:\windows\System32\cssdll32.dll
2008-10-31 13:21 . 2008-10-31 13:21 <REP> d-------- c:\users\Emilien\AppData\Roaming\InterVideo
2008-10-31 13:21 . 2008-10-31 13:21 <REP> d-------- c:\users\All Users\InterVideo
2008-10-31 13:21 . 2008-10-31 13:21 <REP> d-------- c:\programdata\InterVideo
2008-10-30 21:19 . 2008-10-30 21:24 <REP> d-------- c:\users\All Users\eMule
2008-10-30 21:19 . 2008-10-30 21:24 <REP> d-------- c:\programdata\eMule
2008-10-29 17:43 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 17:43 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 17:43 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 23:55 --------- d-----w c:\users\Emilien\AppData\Roaming\uTorrent
2008-11-24 23:43 --------- d-----w c:\users\Emilien\AppData\Roaming\LimeWire
2008-11-23 17:24 --------- d-----w c:\users\Emilien\AppData\Roaming\DivX
2008-11-02 20:42 --------- d-----w c:\program files\Java
2008-11-02 15:16 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-02 15:14 --------- d-----w c:\program files\Windows Live
2008-11-02 15:09 --------- d-----w c:\programdata\WLInstaller
2008-10-28 16:36 --------- d-----w c:\programdata\Sony Corporation
2008-10-27 14:27 --------- d-----w c:\users\Emilien\AppData\Roaming\vlc
2008-10-27 14:27 --------- d-----w c:\program files\adslTV
2008-10-27 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 14:18 --------- d-----w c:\programdata\Pinnacle
2008-10-24 18:48 --------- d-----w c:\users\Emilien\AppData\Roaming\Sony Corporation
2008-10-23 22:50 --------- d-----w c:\program files\Pinnacle
2008-10-22 00:01 --------- d-----w c:\program files\LimeWire
2008-10-21 22:42 --------- d-----w c:\program files\Trend Micro
2008-10-21 21:15 --------- d-----w c:\program files\DivX
2008-10-21 20:40 --------- d-----w c:\program files\Google
2008-10-21 20:15 --------- d-----w c:\program files\Microsoft
2008-10-21 20:09 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-21 19:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-20 23:49 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 20:48 --------- d-----w c:\programdata\Microsoft Help
2008-10-20 20:48 --------- d-----w c:\program files\Microsoft Works
2008-10-20 20:45 --------- d-----w c:\program files\NeoSmart Technologies
2008-10-20 20:44 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-10-20 20:12 --------- d-----w c:\program files\Yahoo!
2008-10-20 19:15 --------- d-----w c:\program files\CCleaner
2008-10-20 19:03 --------- d-----w c:\program files\uTorrent
2008-10-20 18:32 --------- d-----w c:\users\Emilien\AppData\Roaming\ArcSoft
2008-10-20 08:46 --------- d-----w c:\programdata\McAfee
2008-10-20 08:41 --------- d-----w c:\programdata\SiteAdvisor
2008-10-20 02:41 --------- d-----w c:\program files\Windows Mail
2008-10-20 02:03 --------- d-----w c:\program files\MSXML 4.0
2008-10-20 01:37 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-20 01:31 --------- d-----w c:\program files\Common Files\Adobe
2008-10-20 01:07 --------- d-----w c:\program files\Sun
2008-10-20 00:57 --------- d-----w c:\users\Emilien\AppData\Roaming\ATI
2008-10-20 00:56 0 ---ha-r c:\windows\system32\drivers\Sony_VGN-FW11M.mrk
2008-10-20 00:47 --------- d-----w c:\programdata\ATI
2008-10-20 00:37 --------- d-----w c:\programdata\Roaming
2008-10-20 00:37 --------- d-----w c:\programdata\Intel
2008-10-20 00:37 --------- d-----w c:\program files\Sony
2008-10-20 00:37 --------- d-----w c:\program files\Intel
2008-10-20 00:37 --------- d-----w c:\program files\Common Files\Intel
2008-10-20 00:37 --------- d-----w c:\program files\Cisco
2008-10-20 00:36 --------- d-----w c:\program files\Common Files\ArcSoft
2008-10-20 00:36 --------- d-----w c:\program files\ArcSoft
2008-10-20 00:32 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-20 00:28 --------- d-----w c:\programdata\Uninstall
2008-10-20 00:28 --------- d-----w c:\programdata\Skype
2008-10-20 00:28 --------- d-----w c:\program files\Skype
2008-10-20 00:28 --------- d-----w c:\program files\Common Files\Skype
2008-10-20 00:27 --------- d-----w c:\programdata\Sonic
2008-10-20 00:27 --------- d-----w c:\program files\Roxio
2008-10-20 00:27 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-10-20 00:27 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-20 00:27 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-10-20 00:20 --------- d-----w c:\programdata\Sony
2008-10-20 00:11 --------- d-----w c:\program files\Picasa2
2008-10-20 00:11 --------- d-----w c:\program files\Google BAE
2008-10-20 00:10 --------- d-----w c:\program files\ATI Technologies
2008-10-20 00:10 --------- d-----w c:\program files\ATI
2008-10-20 00:09 --------- d-----w c:\program files\BFG
2008-10-20 00:08 --------- d-----w c:\program files\InterVideo
2008-10-20 00:08 --------- d-----w c:\program files\Common Files\InterVideo
2008-10-19 23:54 --------- d-----w c:\program files\Microsoft.NET
2008-10-19 23:51 --------- d-----w c:\program files\Lecteur CANALPLAY
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 12:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-16 00:14 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\System32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-08-29 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-02 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-20 36864]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-12 22:45 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
--a------ 2008-04-22 16:08 262144 c:\program files\Sony\Network Utility\LANUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{24E8D696-3BB1-4F14-A371-53B41C77179E}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{D745AE43-1F28-446E-9288-7B756CC8FFAA}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EFF410C4-8FF5-4F95-9D70-DE4522175692}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{22BC8C56-771C-4FAF-A309-5675A46EA4CB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{47FA2281-2DBB-479C-B24A-4438000E7A5E}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{CEAB4918-0B66-41F1-86CD-7C93814746F4}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{AA9D22CC-6D6A-40A4-806D-EF3820193EA0}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{52E821A8-776C-4E6F-B735-CF2FD0D6894C}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{EB9D2438-CA84-4C2C-A544-48F15E0BF34E}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{C2213694-2414-41DA-9B05-3C92A301E631}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{37A5501A-9430-4BC2-A273-59ED2B17C88E}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{6C7DB788-7247-4FF0-9295-0AAEA51516BA}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{DD804432-9A18-4211-9BB4-9CFED90A422F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3239D1DA-FF0C-4647-A5A3-C5880CF28EC4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{154AA15A-BAF0-4AEE-B702-89A852461A02}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EF06E51B-17B4-41AE-B515-C4A88BC41078}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{39FD0D11-48E9-4AC6-86F7-F4A2258C41FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 NSUService;NSUService;"c:\program files\Sony\Network Utility\NSUService.exe" [2008-10-20 229376]
R2 regi;regi;\??\c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RtkAudioService.exe [2008-05-19 98304]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-10-20 104960]
R2 VAIO Power Management;VAIO Power Management;"c:\program files\Sony\VAIO Power Management\SPMService.exe" [2008-05-19 411488]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-10-20 17408]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-05-19 3537408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-05-19 28464]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2008-10-21 13440]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 Service CANALPLAY;Service CANALPLAY;"c:\program files\Lecteur CANALPLAY\CanalPlayService.exe" [2008-10-20 423584]
S3 SOHCImp;VAIO Media plus Content Importer;"c:\program files\Sony\VAIO Media plus\SOHCImp.exe" [2008-10-20 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;"c:\program files\Sony\VAIO Media plus\SOHDms.exe" [2008-10-20 350048]
S3 SOHDs;VAIO Media plus Device Searcher;"c:\program files\Sony\VAIO Media plus\SOHDs.exe" [2008-10-20 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2008-10-20 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2008-10-20 87328]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-26 c:\windows\Tasks\User_Feed_Synchronization-{3444ECFE-4C80-4587-BDFD-E9BA8240FF4F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MSServer - c:\windows\system32\xxyyaYQG.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Emilien\AppData\Roaming\Mozilla\Firefox\Profiles\11jtbu5r.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 14:47:14
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(5740)
c:\windows\system32\btmmhook.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Heure de fin: 2008-11-26 14:48:06
ComboFix-quarantined-files.txt 2008-11-26 13:48:01
Avant-CF: 171 376 959 488 octets libres
Après-CF: 173,253,427,200 octets libres
290 --- E O F --- 2008-11-25 15:21:20
je ne sais pas vraiment ce que sa a fait , je n'y connais rien , mais l'application qui me donnait l'erreur a disparu !
j'ai l'impression que le problème est réglé et je m'en réjouit !
j'attends tout de méme ton avis !
merci beaucoup
j'ai l'impression que le problème est réglé et je m'en réjouit !
j'attends tout de méme ton avis !
merci beaucoup
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok c'est bon tu peux virer combofix et hijakchtis
lance ccleaner pour virer régulièrement les traces de surf
https://www.malekal.com/tutoriel-ccleaner/
et
ajoute en complément des tes protections pour les espions SPYBOT sans activer le tea timer lors de l'installation car windows defender fait déjà une analyse en temps réel
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
bonne suite
lance ccleaner pour virer régulièrement les traces de surf
https://www.malekal.com/tutoriel-ccleaner/
et
ajoute en complément des tes protections pour les espions SPYBOT sans activer le tea timer lors de l'installation car windows defender fait déjà une analyse en temps réel
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
bonne suite
