Fenetres IE intempestives ******* A l'aide
Dernière réponse : dans Sécurité
Bonjour
Depuis quelques jours, j'ai plein de fenetres qui s'ouvrent sous ie (Pub ou erreur HTTP 404) pendant que je suis en train de surfer.
Je suis sous Vista et j'ai bitdefender 2008 à jour.
J'ai fait des recherches mais je ne trouve rien pour régler mon probleme. Spybot à bien corriger quelque trucs mais ca n'a rien changé au fentetre qui s'ouvrent.
Si quelqu'un peut m'aider ?
Merci
Depuis quelques jours, j'ai plein de fenetres qui s'ouvrent sous ie (Pub ou erreur HTTP 404) pendant que je suis en train de surfer.
Je suis sous Vista et j'ai bitdefender 2008 à jour.
J'ai fait des recherches mais je ne trouve rien pour régler mon probleme. Spybot à bien corriger quelque trucs mais ca n'a rien changé au fentetre qui s'ouvrent.
Si quelqu'un peut m'aider ?
Merci
Autres pages sur : fenetres intempestives aide
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Bonjour et Merci
Vola le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:19, on 28/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Claude\AppData\Local\Temp\oPihhijH.dll,c
O4 - HKCU\..\Run: [68ceac1f] rundll32.exe "C:\Users\Claude\AppData\Local\Temp\ifikhmja.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/g...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: DPWLN - C:\Windows\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8995 bytes
Vola le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:19, on 28/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Claude\AppData\Local\Temp\oPihhijH.dll,c
O4 - HKCU\..\Run: [68ceac1f] rundll32.exe "C:\Users\Claude\AppData\Local\Temp\ifikhmja.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/g...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: DPWLN - C:\Windows\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8995 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Re,
Rapport ComboFix
ComboFix 08-05-27.4 - Claude 2008-05-28 19:43:15.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2051 [GMT 2:00]
Endroit: C:\Users\Claude\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
K:\copy.exe
K:\Knight.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 19:41 . 2008-05-28 19:42 <REP> d-------- C:\327882R2FWJFW
2008-05-28 19:25 . 2008-05-28 19:25 <REP> d-------- C:\Program Files\Trend Micro
2008-05-28 13:31 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 13:31 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-28 07:25 . 2008-05-28 07:25 <REP> d-------- C:\Users\Claude\AppData\Roaming\Apple Computer
2008-05-28 07:24 . 2008-05-28 07:24 <REP> d-------- C:\Program Files\Bonjour
2008-05-28 07:23 . 2008-05-28 12:16 <REP> d-------- C:\Users\All Users\Apple Computer
2008-05-28 07:23 . 2008-05-28 12:16 <REP> d-------- C:\ProgramData\Apple Computer
2008-05-28 07:22 . 2008-05-28 07:22 <REP> d-------- C:\Users\All Users\Apple
2008-05-28 07:22 . 2008-05-28 07:22 <REP> d-------- C:\ProgramData\Apple
2008-05-27 19:59 . 2008-05-27 20:03 <REP> d-------- C:\Users\All Users\ma-config.com
2008-05-27 19:59 . 2008-05-27 20:03 <REP> d-------- C:\ProgramData\ma-config.com
2008-05-27 19:59 . 2008-05-27 20:00 <REP> d-------- C:\Program Files\ma-config.com
2008-05-27 06:10 . 2008-05-28 19:21 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-27 06:10 . 2008-05-28 19:21 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-27 06:10 . 2008-05-28 19:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 18:43 . 2008-05-24 18:43 42 --a------ C:\Windows\System32\RegistryEasy.lie
2008-05-24 18:35 . 2008-05-24 20:06 <REP> d-------- C:\Program Files\Registry Easy
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\Windows\System32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\Windows\System32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\Windows\System32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\Windows\System32\dpufr.qm
2008-05-08 09:49 . 2008-05-08 09:49 0 --a------ C:\Parrot_vcf.vcf
2008-05-08 09:48 . 2007-01-09 11:19 311,296 --a------ C:\Windows\System32\Parrot_VCF Creator2.exe
2008-05-07 14:25 . 2008-05-07 14:25 <REP> d-------- C:\Users\All Users\eMule
2008-05-07 14:25 . 2008-05-07 14:25 <REP> d-------- C:\ProgramData\eMule
2008-05-07 14:24 . 2008-05-07 14:24 <REP> d-------- C:\Users\Claude\AppData\Roaming\eMule
2008-05-07 14:24 . 2008-05-07 14:24 <REP> d-------- C:\Program Files\eMule
2008-05-07 07:43 . 2008-05-07 07:43 <REP> d-------- C:\Users\Claude\AppData\Roaming\DivX
2008-05-05 23:23 . 2008-05-25 08:53 <REP> d-------- C:\Program Files\DivX
2008-05-05 23:23 . 2008-05-05 23:23 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-01 14:35 . 2008-05-01 14:35 <REP> d-------- C:\Program Files\IDT
2008-05-01 11:54 . 2008-05-01 11:54 <REP> d-------- C:\Program Files\Google
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 17:29 --------- d-----w C:\Users\Claude\AppData\Roaming\Spamihilator
2008-05-28 08:49 --------- d-----w C:\Users\Claude\AppData\Roaming\Azureus
2008-05-27 18:08 --------- d-----w C:\Program Files\Windows Live
2008-05-24 16:54 --------- d-----w C:\ProgramData\WLInstaller
2008-05-24 06:13 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-23 04:47 --------- d-----w C:\Program Files\IncrediMail
2008-05-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 01:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-07 04:58 --------- d-----w C:\Program Files\SKTools
2008-05-02 00:40 84,496 ----a-w C:\Windows\System32\KemXML.dll
2008-05-02 00:40 117,264 ----a-w C:\Windows\System32\KemWnd.dll
2008-05-02 00:39 170,512 ----a-w C:\Windows\System32\kemutb.dll
2008-05-02 00:39 145,936 ----a-w C:\Windows\System32\KemUtil.dll
2008-05-02 00:38 301,656 ----a-w C:\Windows\System32\BtCoreIf.dll
2008-05-01 12:40 356 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-04-30 04:59 --------- d-----w C:\Program Files\Spamihilator
2008-04-29 14:35 --------- d-----w C:\Program Files\Azureus
2008-04-21 17:57 665,088 ----a-w C:\Windows\System32\spsplib1.dll
2008-04-14 05:17 --------- d-----w C:\Program Files\Windows Mobile 6 SDK
2008-04-13 05:46 --------- d-----w C:\Program Files\MSDN
2008-04-13 05:31 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-04-13 05:31 --------- d-----w C:\Program Files\Business Objects
2008-04-13 05:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-13 05:28 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-13 05:26 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-04-13 05:24 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-04-13 05:20 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-04-13 05:20 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-13 05:07 --------- d-----w C:\ProgramData\PreEmptive Solutions
2008-04-13 05:07 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-04-13 05:04 --------- d-----w C:\Program Files\MSBuild
2008-04-13 05:04 --------- d-----w C:\Program Files\HTML Help Workshop
2008-04-13 05:02 --------- d-----w C:\Program Files\Microsoft SDKs
2008-04-13 05:02 --------- d-----w C:\Program Files\CE Remote Tools
2008-04-13 05:00 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-04-12 13:20 --------- d-----w C:\ProgramData\Uniblue
2008-04-12 13:17 --------- d-----w C:\Users\Claude\AppData\Roaming\Uniblue
2008-04-12 13:17 --------- d-----w C:\Program Files\Uniblue
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-11 04:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-05 12:36 --------- d-----w C:\ProgramData\Downloaded Installations
2008-04-05 12:35 --------- d-----w C:\Program Files\Spb Wallet
2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 01:12 76,304 ----a-w C:\Windows\KHALMNPR.Exe
2008-02-28 16:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= "C:\Program Files\Spb Wallet\SpbWalletToolbar.dll" [2008-02-28 18:15 89088]
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= C:\Program Files\Spb Wallet\SpbWalletToolbar.dll [2008-02-28 18:15 89088]
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-25 06:16 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 17:27 807440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2008-04-21 20:00 1081856]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\Windows\KHALMNPR.Exe]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-17 08:06:55 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\Windows\system32\DPWLEvHd.dll 2006-10-09 17:27 99856 C:\Windows\System32\DPWLEvHd.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{36B22FE0-AA20-4194-9CE7-07C2C83AB6F0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1CD6A8FF-5DBB-4849-9E4E-A891329A52B4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{AB14D5AD-42DA-45CF-B193-E38424476659}C:\\program files\\spamihilator\\dccproc.exe"= UDP:C:\program files\spamihilator\dccproc.exe![:D]( ":D")
ccproc
"UDP Query User{DEE58979-D857-4B63-B0B6-96AF66446631}C:\\program files\\spamihilator\\dccproc.exe"= TCP:C:\program files\spamihilator\dccproc.exe![:D]( ":D")
ccproc
"TCP Query User{4AD1A45E-E787-48E2-BEED-E56C4748A549}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{C8E96F0B-3FC9-48B9-ACE3-C700954E3816}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{AC8E494E-A68D-48E7-9FBE-23F254F0CCBC}E:\\setup.exe"= UDP:E:\setup.exe:Setup
"UDP Query User{A149F429-30E1-436E-A15D-117249A96AAB}E:\\setup.exe"= TCP:E:\setup.exe:Setup
"TCP Query User{FF2F6654-8E39-4860-92AA-E31EB82916E6}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{51098BFF-E436-4BE2-8FEC-4BC70F5E3C78}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{906AA6EB-6364-4C64-BECB-C9795F3C674B}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{2A4ADA7A-912E-4DF5-B81D-1857E17311FC}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{E065D156-C3D4-4AC3-903F-39E9571BE6A2}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{A7263539-7D86-451A-8F35-80404BC54805}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{3461DFEA-626E-4731-AD08-B355C05039B9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{93372B54-4028-4903-94EE-20645E03E360}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C13DAF29-6D16-471F-902C-55AD51DA0D16}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{7C918EF8-2AF4-4859-9BEA-6FA85348D41B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{7EB01AF9-23E2-42C3-A498-1286665DF2FC}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{CD6DE409-1A70-45DE-8035-9C5A9A46D6F5}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{8DFA1368-C99C-42D6-8543-76698AEB2941}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{47B34D3C-9273-4CEC-9518-C63681C7C223}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{44750A97-0204-4B1C-ACA7-6E6683DAE361}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{28D6E366-DA73-4D77-BEA1-5F0A75C9450C}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{C97557F3-E5AC-40CF-BCA5-5F3249A21F23}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3BDFEBF7-2DD0-412C-B793-D18FB6967FAF}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-21 04:21]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-21 04:21]
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;C:\Windows\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 18:25]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
R3 usbdpfp;Pilote de classe Lecteur d'empreintes digitales;C:\Windows\system32\DRIVERS\usbdpfp.sys [2006-09-16 18:23]
R3 xpvcom;XPVCOM Port;C:\Windows\system32\Drivers\xpvcom.sys [2007-03-23 02:00]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-23 18:37]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-12 13:21:59 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 19:47:47
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 19:51:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 17:51:38
Pre-Run: 114,944,016,384 octets libres
Post-Run: 114,687,832,064 octets libres
269 --- E O F --- 2008-05-28 13:47:25
Rapport ComboFix
ComboFix 08-05-27.4 - Claude 2008-05-28 19:43:15.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2051 [GMT 2:00]
Endroit: C:\Users\Claude\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
K:\copy.exe
K:\Knight.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 19:41 . 2008-05-28 19:42 <REP> d-------- C:\327882R2FWJFW
2008-05-28 19:25 . 2008-05-28 19:25 <REP> d-------- C:\Program Files\Trend Micro
2008-05-28 13:31 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 13:31 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-28 07:25 . 2008-05-28 07:25 <REP> d-------- C:\Users\Claude\AppData\Roaming\Apple Computer
2008-05-28 07:24 . 2008-05-28 07:24 <REP> d-------- C:\Program Files\Bonjour
2008-05-28 07:23 . 2008-05-28 12:16 <REP> d-------- C:\Users\All Users\Apple Computer
2008-05-28 07:23 . 2008-05-28 12:16 <REP> d-------- C:\ProgramData\Apple Computer
2008-05-28 07:22 . 2008-05-28 07:22 <REP> d-------- C:\Users\All Users\Apple
2008-05-28 07:22 . 2008-05-28 07:22 <REP> d-------- C:\ProgramData\Apple
2008-05-27 19:59 . 2008-05-27 20:03 <REP> d-------- C:\Users\All Users\ma-config.com
2008-05-27 19:59 . 2008-05-27 20:03 <REP> d-------- C:\ProgramData\ma-config.com
2008-05-27 19:59 . 2008-05-27 20:00 <REP> d-------- C:\Program Files\ma-config.com
2008-05-27 06:10 . 2008-05-28 19:21 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-27 06:10 . 2008-05-28 19:21 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-27 06:10 . 2008-05-28 19:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-24 18:43 . 2008-05-24 18:43 42 --a------ C:\Windows\System32\RegistryEasy.lie
2008-05-24 18:35 . 2008-05-24 20:06 <REP> d-------- C:\Program Files\Registry Easy
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\Windows\System32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\Windows\System32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\Windows\System32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\Windows\System32\dpufr.qm
2008-05-08 09:49 . 2008-05-08 09:49 0 --a------ C:\Parrot_vcf.vcf
2008-05-08 09:48 . 2007-01-09 11:19 311,296 --a------ C:\Windows\System32\Parrot_VCF Creator2.exe
2008-05-07 14:25 . 2008-05-07 14:25 <REP> d-------- C:\Users\All Users\eMule
2008-05-07 14:25 . 2008-05-07 14:25 <REP> d-------- C:\ProgramData\eMule
2008-05-07 14:24 . 2008-05-07 14:24 <REP> d-------- C:\Users\Claude\AppData\Roaming\eMule
2008-05-07 14:24 . 2008-05-07 14:24 <REP> d-------- C:\Program Files\eMule
2008-05-07 07:43 . 2008-05-07 07:43 <REP> d-------- C:\Users\Claude\AppData\Roaming\DivX
2008-05-05 23:23 . 2008-05-25 08:53 <REP> d-------- C:\Program Files\DivX
2008-05-05 23:23 . 2008-05-05 23:23 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-01 14:35 . 2008-05-01 14:35 <REP> d-------- C:\Program Files\IDT
2008-05-01 11:54 . 2008-05-01 11:54 <REP> d-------- C:\Program Files\Google
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 17:29 --------- d-----w C:\Users\Claude\AppData\Roaming\Spamihilator
2008-05-28 08:49 --------- d-----w C:\Users\Claude\AppData\Roaming\Azureus
2008-05-27 18:08 --------- d-----w C:\Program Files\Windows Live
2008-05-24 16:54 --------- d-----w C:\ProgramData\WLInstaller
2008-05-24 06:13 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-23 04:47 --------- d-----w C:\Program Files\IncrediMail
2008-05-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 01:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-07 04:58 --------- d-----w C:\Program Files\SKTools
2008-05-02 00:40 84,496 ----a-w C:\Windows\System32\KemXML.dll
2008-05-02 00:40 117,264 ----a-w C:\Windows\System32\KemWnd.dll
2008-05-02 00:39 170,512 ----a-w C:\Windows\System32\kemutb.dll
2008-05-02 00:39 145,936 ----a-w C:\Windows\System32\KemUtil.dll
2008-05-02 00:38 301,656 ----a-w C:\Windows\System32\BtCoreIf.dll
2008-05-01 12:40 356 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-04-30 04:59 --------- d-----w C:\Program Files\Spamihilator
2008-04-29 14:35 --------- d-----w C:\Program Files\Azureus
2008-04-21 17:57 665,088 ----a-w C:\Windows\System32\spsplib1.dll
2008-04-14 05:17 --------- d-----w C:\Program Files\Windows Mobile 6 SDK
2008-04-13 05:46 --------- d-----w C:\Program Files\MSDN
2008-04-13 05:31 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-04-13 05:31 --------- d-----w C:\Program Files\Business Objects
2008-04-13 05:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-13 05:28 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-13 05:26 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-04-13 05:24 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-04-13 05:20 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-04-13 05:20 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-13 05:07 --------- d-----w C:\ProgramData\PreEmptive Solutions
2008-04-13 05:07 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-04-13 05:04 --------- d-----w C:\Program Files\MSBuild
2008-04-13 05:04 --------- d-----w C:\Program Files\HTML Help Workshop
2008-04-13 05:02 --------- d-----w C:\Program Files\Microsoft SDKs
2008-04-13 05:02 --------- d-----w C:\Program Files\CE Remote Tools
2008-04-13 05:00 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-04-12 13:20 --------- d-----w C:\ProgramData\Uniblue
2008-04-12 13:17 --------- d-----w C:\Users\Claude\AppData\Roaming\Uniblue
2008-04-12 13:17 --------- d-----w C:\Program Files\Uniblue
2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-11 04:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-05 12:36 --------- d-----w C:\ProgramData\Downloaded Installations
2008-04-05 12:35 --------- d-----w C:\Program Files\Spb Wallet
2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 01:12 76,304 ----a-w C:\Windows\KHALMNPR.Exe
2008-02-28 16:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= "C:\Program Files\Spb Wallet\SpbWalletToolbar.dll" [2008-02-28 18:15 89088]
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= C:\Program Files\Spb Wallet\SpbWalletToolbar.dll [2008-02-28 18:15 89088]
[HKEY_CLASSES_ROOT\clsid\{2913d3dd-9363-4c21-b205-c19a584a0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-25 06:16 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 17:27 807440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2008-04-21 20:00 1081856]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\Windows\KHALMNPR.Exe]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-17 08:06:55 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\Windows\system32\DPWLEvHd.dll 2006-10-09 17:27 99856 C:\Windows\System32\DPWLEvHd.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{36B22FE0-AA20-4194-9CE7-07C2C83AB6F0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1CD6A8FF-5DBB-4849-9E4E-A891329A52B4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{AB14D5AD-42DA-45CF-B193-E38424476659}C:\\program files\\spamihilator\\dccproc.exe"= UDP:C:\program files\spamihilator\dccproc.exe
ccproc"UDP Query User{DEE58979-D857-4B63-B0B6-96AF66446631}C:\\program files\\spamihilator\\dccproc.exe"= TCP:C:\program files\spamihilator\dccproc.exe
ccproc"TCP Query User{4AD1A45E-E787-48E2-BEED-E56C4748A549}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{C8E96F0B-3FC9-48B9-ACE3-C700954E3816}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{AC8E494E-A68D-48E7-9FBE-23F254F0CCBC}E:\\setup.exe"= UDP:E:\setup.exe:Setup
"UDP Query User{A149F429-30E1-436E-A15D-117249A96AAB}E:\\setup.exe"= TCP:E:\setup.exe:Setup
"TCP Query User{FF2F6654-8E39-4860-92AA-E31EB82916E6}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{51098BFF-E436-4BE2-8FEC-4BC70F5E3C78}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{906AA6EB-6364-4C64-BECB-C9795F3C674B}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{2A4ADA7A-912E-4DF5-B81D-1857E17311FC}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{E065D156-C3D4-4AC3-903F-39E9571BE6A2}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{A7263539-7D86-451A-8F35-80404BC54805}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{3461DFEA-626E-4731-AD08-B355C05039B9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{93372B54-4028-4903-94EE-20645E03E360}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C13DAF29-6D16-471F-902C-55AD51DA0D16}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{7C918EF8-2AF4-4859-9BEA-6FA85348D41B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{7EB01AF9-23E2-42C3-A498-1286665DF2FC}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{CD6DE409-1A70-45DE-8035-9C5A9A46D6F5}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{8DFA1368-C99C-42D6-8543-76698AEB2941}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{47B34D3C-9273-4CEC-9518-C63681C7C223}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{44750A97-0204-4B1C-ACA7-6E6683DAE361}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{28D6E366-DA73-4D77-BEA1-5F0A75C9450C}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{C97557F3-E5AC-40CF-BCA5-5F3249A21F23}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3BDFEBF7-2DD0-412C-B793-D18FB6967FAF}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-21 04:21]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-21 04:21]
R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;C:\Windows\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 18:25]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
R3 usbdpfp;Pilote de classe Lecteur d'empreintes digitales;C:\Windows\system32\DRIVERS\usbdpfp.sys [2006-09-16 18:23]
R3 xpvcom;XPVCOM Port;C:\Windows\system32\Drivers\xpvcom.sys [2007-03-23 02:00]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-23 18:37]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-12 13:21:59 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 19:47:47
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 19:51:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 17:51:38
Pre-Run: 114,944,016,384 octets libres
Post-Run: 114,687,832,064 octets libres
269 --- E O F --- 2008-05-28 13:47:25
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Bonjour
Rapport MalwareByte's
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 796
Type de recherche: Examen complet (C:\|D:\|J:\|)
Eléments examinés: 174510
Temps écoulé: 28 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuAdminTools (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuFavorites (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyPics (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyMusic (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Rapport MalwareByte's
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 796
Type de recherche: Examen complet (C:\|D:\|J:\|)
Eléments examinés: 174510
Temps écoulé: 28 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuAdminTools (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuFavorites (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyPics (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyMusic (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Bonsoir
Comme demandé, rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:58, on 29/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/g...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: DPWLN - C:\Windows\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8652 bytes
Comme demandé, rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:58, on 29/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/g...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: DPWLN - C:\Windows\system32\DPWLEvHd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8652 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumAlerte de sécurité windows virus
- ForumFenetre intempestive internet explorer résolu
- ForumAlerte de securité windows
- ForumWindows root system32 hal.dll
- ForumMicrosoft visual c runtime library
- ForumAdobe flash player 10 activex windows 7
- ForumEcran bleu apres quelques minutes window 7
- ForumOuverture intempestive internet explorer windows
- ForumVirus , fenetre intempestive sur windows
- ForumFenetres publicitaires intempestives windows 7
- Voir plus
