|
|
Auteur
|
Message
|
1
2
|
|
|
|
Il semble que moi aussi je l'ai. Quelqu'un peut m'aider? s.v.p.
-->Message édité par braz34 le 07/05/2008 02:27:41<--
|
|
Modérateur/Helper
|
|
|
|
|
|
Désolé. Bonjour. (Le stress gagne sur les politesses j'imagine).
|
|
Modérateur/Helper
|
|
|
Re,
Pas de souci 
Bonjour,
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
Accepte la licence en cliquant sur Yes.
Clique sur "Do a system scan and save a logfile".
Poste ici le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
|
|
|
|
|
Voici.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:22:31, on 2008-05-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\kpjaapaf\wtqfwjal.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kpjaapaf] C:\ProgramData\kpjaapaf\wtqfwjal.exe
O4 - HKCU\..\Run: [Ph7mH0T81X] C:\ProgramData\anmpoxgl\unebgpmd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6F03894-E23B-40CF-A93D-CE78F9E615FB}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7244 bytes
|
|
Modérateur/Helper
|
|
|
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
|
|
|
|
|
Je suis de retour. Voici le rapport.
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 714
Type de recherche: Examen rapide
Eléments examinés: 29797
Temps écoulé: 4 minute(s), 20 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kpjaapaf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\ProgramData\kpjaapaf\wtqfwjal.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
|
|
Modérateur/Helper
|
|
|
Si tu as Vista, fais ceci avant :
Désactive l'UAC( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
Et affiche les dossiers/fichiers cachés : http://www.micro-astuce.com/Forum/topic1607.html
Si tu as XP, fais ceci avant :
[~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
Tu recocheras après.
[~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK
****
1) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !
Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt
2) Copie/colle un nouveau rapport HiJackThis avec.
-->Message édité par Mérillym le 04/05/2008 15:07:30<--
|
|
|
|
|
|
Ca va paraitre nul mais ou se trouve le poste de travail sur vista
|
|
Modérateur/Helper
|
|
|
Oups, j'ai oublié de préciser quelque chose dans mon message 
Passe directement à l'épate deux
|
|
|
|
|
|
|
Voici les deux rapports
ComboFix 08-05-01.3 - Philippe 2008-05-04 9:10:31.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1687 [GMT -4:00]
Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-04 to 2008-05-04 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 12:47 --------- d-----w C:\ProgramData\kpjaapaf
2008-05-04 12:32 --------- d-----w C:\Users\Philippe\AppData\Roaming\Malwarebytes
2008-05-04 12:32 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-04 12:32 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 12:31 --------- d-----w C:\Users\Philippe\AppData\Roaming\Download Manager
2008-05-04 12:22 --------- d-----w C:\Program Files\Trend Micro
2008-05-04 03:26 --------- d-----w C:\Users\Philippe\AppData\Roaming\uTorrent
2008-05-03 22:38 691 ----a-w C:\Users\Philippe\AppData\Roaming\GetValue.vbs
2008-05-03 22:38 35 ----a-w C:\Users\Philippe\AppData\Roaming\SetValue.bat
2008-05-03 22:38 3,714 ----a-w C:\Windows\System32\tmp.reg
2008-05-03 13:56 --------- d-----w C:\ProgramData\anmpoxgl
2008-05-03 10:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-01 23:27 --------- d-----w C:\Program Files\Yahoo!
2008-05-01 22:00 --------- d-----w C:\ProgramData\Symantec
2008-05-01 19:23 --------- d-----w C:\Program Files\Alwil Software
2008-05-01 19:11 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-01 18:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-28 12:03 82,944 ----a-w C:\Windows\System32\IEDFix.exe
2008-04-28 12:03 82,944 ----a-w C:\Windows\System32\404Fix.exe
2008-04-26 16:53 --------- d-----w C:\Program Files\WinAce
2008-04-24 12:10 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-04-23 11:59 --------- d-----w C:\Program Files\MagicISO
2008-04-19 13:06 --------- d-----w C:\Program Files\Apple Software Update
2008-04-12 15:12 --------- d-----w C:\Program Files\AudioConverter Studio
2008-04-10 13:15 --------- d-----w C:\Program Files\Red Kawa
2008-04-10 13:15 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-09 01:02 --------- d-----w C:\Program Files\DivX
2008-04-08 00:21 --------- d-----w C:\Program Files\iTunes
2008-04-08 00:21 --------- d-----w C:\Program Files\iPod
2008-04-08 00:19 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-29 18:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-20 17:33 --------- d-----w C:\Program Files\VideoLAN
2008-03-20 17:33 --------- d-----w C:\Program Files\Mindscape
2008-03-20 17:08 --------- d-----w C:\Program Files\free-downloads.net
2008-03-20 17:07 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-03-20 00:02 --------- d-----w C:\Users\Philippe\AppData\Roaming\MyDataZone
2008-03-16 17:33 79,072 ----a-w C:\Users\Philippe\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-09 00:51 --------- d-----w C:\Users\Philippe\AppData\Roaming\LANCITE
2008-03-05 03:32 --------- d-----w C:\Program Files\Maxis
2008-03-05 03:28 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-05 03:25 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-05 02:44 --------- d-----w C:\Users\Philippe\AppData\Roaming\Uniblue
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-24 18:10 30,060,544 ----a-w C:\Program Files\ir2007.exe
2008-02-24 18:03 509,798 ----a-w C:\Program Files\pa2007.bmd
2008-02-24 18:03 338,544 ----a-w C:\Program Files\ir2007.sro
2008-02-24 18:03 270,336 ----a-w C:\Program Files\ir2007at.dll
2008-02-24 18:02 1,024,000 ----a-w C:\Program Files\ir2007ir.dll
2008-02-24 17:45 69,632 ----a-w C:\Program Files\pa233597.dll
2008-02-24 17:45 27,648 ----a-w C:\Program Files\pa895078.dll
2008-02-24 17:45 27,648 ----a-w C:\Program Files\pa346689.dll
2008-02-24 17:43 6,327,660 ----a-w C:\Program Files\ir2007.qtd
2008-02-22 23:19 1,892,352 ----a-w C:\Program Files\ic2007xe.dll
2008-02-22 23:18 26,624 ----a-w C:\Program Files\ic2007xam.dll
2008-02-22 23:17 69,632 ----a-w C:\Program Files\ic2007pp.dll
2008-02-22 23:17 688,128 ----a-w C:\Program Files\python21.dll
2008-02-22 23:17 31,232 ----a-w C:\Program Files\ic2007ac.dll
2008-02-22 23:17 200,704 ----a-w C:\Program Files\ic2007ne.dll
2008-02-22 23:17 1,867,776 ----a-w C:\Program Files\ic2007xa.dll
2008-02-22 23:16 643,072 ----a-w C:\Program Files\ECLActiveX.ocx
2008-02-22 23:16 401,408 ----a-w C:\Program Files\MRQ_R4S001D07.dll
2008-02-22 23:16 163,840 ----a-w C:\Program Files\IDAutomationDMATRIX6.DLL
2008-02-22 23:14 491,520 ----a-w C:\Program Files\TlTran32.dll
2008-02-22 23:14 20,489 ----a-w C:\Program Files\qttxl.chm
2008-02-22 23:14 114,688 ----a-w C:\Program Files\IDAutomationPDF417e.dll
2008-02-22 23:14 1,712,201 ----a-w C:\Windows\System32\InetClnt.dll
2008-02-22 23:14 1,024,000 ----a-w C:\Program Files\qttxl32.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-03_17.57.06,35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-03 12:37:52 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-04 13:09:47 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-03 12:41:33 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-05-04 12:59:49 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-05-03 12:41:33 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-05-04 12:59:49 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-05-03 20:59:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-04 13:00:17 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-03 10:31:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-04 13:08:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-03 21:52:11 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-04 13:01:19 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-03 10:31:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-04 13:08:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-03 18:54:40 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-04 12:59:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-03 18:54:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-04 12:59:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-03 18:54:40 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-04 12:59:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2004-07-31 22:50:36 51,200 ----a-w C:\Windows\System32\dumphive.exe
- 2008-05-03 10:37:08 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-04 13:02:54 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-03 10:37:08 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-04 13:02:54 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-03 10:37:08 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-04 13:02:54 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-03 10:37:08 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-04 13:02:54 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2003-06-06 01:13:00 53,248 ----a-w C:\Windows\System32\Process.exe
+ 2006-04-27 21:49:30 288,417 ----a-w C:\Windows\System32\SrchSTS.exe
+ 2007-09-06 04:22:23 289,144 ----a-w C:\Windows\System32\VCCLSID.exe
- 2008-05-03 10:31:27 6,526 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2008369395-2232807879-1470617257-1000_UserData.bin
+ 2008-05-04 13:00:02 6,670 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2008369395-2232807879-1470617257-1000_UserData.bin
- 2008-05-03 10:31:27 60,056 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-04 13:00:02 60,642 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-13 13:04:23 2,974 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-05-04 12:33:26 2,724 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-05-03 10:31:26 37,934 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-04 13:00:00 38,880 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-03 12:37:55 286,854 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-05-04 11:37:44 290,906 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2007-10-04 04:36:46 25,600 ----a-w C:\Windows\System32\WS2Fix.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-03 04:03 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"Ph7mH0T81X"="C:\ProgramData\anmpoxgl\unebgpmd.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-10 13:13 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-01 14:12 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-01 14:11 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-01 14:11 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 09:52 4702208 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-06 21:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 11:24 54840]
"DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 18:56 278528]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 10:09 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{37089D57-7145-4ED8-A77F-1E022615A99D}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{35C0791C-E054-4B44-83DB-A85E38B3E721}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3C1869C7-0A6D-4081-8A11-D42A2A2414FD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6968512D-3F05-4EDF-8E8E-5265B2295DCD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{306396D4-2EE2-4367-94EF-99C1600C56AC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0D5E5DE0-3F24-431B-870C-8BE4C6E67EFD}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F7A17793-4B7D-4C88-98BA-0E8179501365}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{31C99500-DB2D-4C14-B6F2-D1822AFC8415}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{360B8039-B75E-40EE-AFF4-70AECA102ECD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 15:26]
S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-24 05:19]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09912af9-ea64-11dc-9005-001d60e0e8ef}]
\shell\AutoRun\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bd2958a-d191-11dc-a308-001d60e0e8ef}]
\shell\AutoRun\command - "J:\Install FreeAgent Tools.exe" /run
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bc71c97-eac0-11dc-8ccf-001d60e0e8ef}]
\shell\AutoRun\command - K:\RunGame.exe
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-04 19:24:03 C:\Windows\Tasks\HPCeeScheduleForPhilippe.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForPhilippe (null)
"2008-05-03 19:43:10 C:\Windows\Tasks\User_Feed_Synchronization-{FE1DBB5E-5581-4901-9B18-3A4B112CB82B}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 09:13:06
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-04 9:13:47
ComboFix-quarantined-files.txt 2008-05-04 13:13:28
ComboFix2.txt 2008-05-03 21:57:30
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
251 --- E O F --- 2008-05-03 15:44:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:44, on 2008-05-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Ph7mH0T81X] C:\ProgramData\anmpoxgl\unebgpmd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6478 bytes
|
|
Modérateur/Helper
|
|
|
Re,
Tu peux me poster un rapport hijackthis fait en mode normal ?
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:25, on 2008-05-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Ph7mH0T81X] C:\ProgramData\anmpoxgl\unebgpmd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6F03894-E23B-40CF-A93D-CE78F9E615FB}: NameServer = 207.164.234.129 207.164.234.193
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ic2007pp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7412 bytes
|
|
Modérateur/Helper
|
|
|
Re,
Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :
O4 - HKCU\..\Run: [Ph7mH0T81X] C:\ProgramData\anmpoxgl\unebgpmd.exe
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !
*****
Désinstalle via Ajout/Suppression de Programmes (si présents) :
Avast!
Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html
Télécharge Ccleaner sur ton Bureau.
Clique sur "download the latest version"
Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner
Lance le Nettoyage
Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner.
***************
Télécharge AntiVir sur ton Bureau.
Double clique sur l'exécutable téléchargé pour lancer l'installation.
A la fin de l'installation, clique sur Finish.
Ouvre Antivir, assure-toi qu'il soit bien à jour !
Dans l'onglet Local Protection, choisis Scanner.
Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..
Note : Pour une éradication des menaces plus efficaces, lance le scan en mode sans échec.
De plus, si tu n’arrives pas à mettre à jour antivir, fais-le manuellement en suivant cette méthode.
Pourquoi changer ? Avast vs Antivir.
Aide : Comment installer et utiliser AntiVir.
|
|
|
|
|
Quand je fais le nettoyage, il me dit que la version d'essai ne peut tout faire. Qu'est-ce que je fait?
Pour ce qui est de avira je télécharge une version corrompue?
|
|
|
|
|
|
J'ai rien dit pour avira. Ca marche.
|
|
Modérateur/Helper
|
|
|
Oki, j'attends le rapport une fois qu'il est fait 
|
|
|
|
|
Et voila,
Avira AntiVir Personal
Report file date: 4 mai 2008 11:35
Scanning for 1248213 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Save mode
Username: Philippe
Computer name: PC-DE-PHILIPPE
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 2008-04-22 15:27:26
ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 2008-05-02 15:27:28
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 2008-05-04 15:27:42
AESCN.DLL : 8.1.0.15 119157 Bytes 2008-05-04 15:27:40
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-04 15:27:39
AEPACK.DLL : 8.1.1.4 364918 Bytes 2008-05-04 15:27:37
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-04 15:27:36
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 2008-05-04 15:27:35
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-04 15:27:31
AEGEN.DLL : 8.1.0.18 299381 Bytes 2008-05-04 15:27:30
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 21:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-05-04 15:27:29
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11
Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922
Start of the scan: 4 mai 2008 11:35
Starting search for hidden objects.
The driver could not be initialized.
End of the scan: 4 mai 2008 11:35
Used time: 00:02 min
The scan has been done completely.
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
|
|
|
|
|
|
Je crois que ca n'a pas fonctionné. Je recommance.
|
|
Modérateur/Helper
|
|
|
|
0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
Tu n'as rien scanné du tout là 
|
|
|
|
|
Bon là je l'ai.
Avira AntiVir Personal
Report file date: 4 mai 2008 11:40
Scanning for 1248213 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: Philippe
Computer name: PC-DE-PHILIPPE
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 2008-04-22 15:27:26
ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 2008-05-02 15:27:28
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 2008-05-04 15:27:42
AESCN.DLL : 8.1.0.15 119157 Bytes 2008-05-04 15:27:40
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-04 15:27:39
AEPACK.DLL : 8.1.1.4 364918 Bytes 2008-05-04 15:27:37
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-04 15:27:36
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 2008-05-04 15:27:35
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-04 15:27:31
AEGEN.DLL : 8.1.0.18 299381 Bytes 2008-05-04 15:27:30
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 21:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-05-04 15:27:29
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:, G:, H:, I:, E:, J:, K:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 4 mai 2008 11:40
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan p | | |
