[ Resolu ] Cheval de troie =)

aurerily

13 Juin 2008 11:52:41

Bonjour

Heu il y a un cheval de troie dans l'ordinateur de mon père qui est détecté par son antivirus AVG mais impossible de le supprimer. Je ne pense pas qu'il y ai que cela comme virus :sweat:

...
Quelqu'un pourrait-il m'aider?
Merci beaucoup d'avance

Autres pages sur : resolu cheval troie

| Etre averti des réponses
| Alerter

Répondre à aurerily

Angeldark

13 Juin 2008 13:38:19

Bonjour,

Tu as l'emplacement ?

| Alerter

Répondre à Angeldark

aurerily

13 Juin 2008 17:14:28

Oui C:\Windows\System32\rqRLdEut.dll

| Alerter

Répondre à aurerily

aurerily

13 Juin 2008 17:19:29

Mais quand je veux le supprimer bien entendu cela ne marche pas. Manuellement mais aussi avec l'antivirus actuel qui est AVG. J'aivais installé Antivir Avira mais il affichait des detections sans arrets et n'arrivait pas à le supprimer ou le mettre en quarantaine donc je l'ai desinstallé pour le moment.

| Alerter

Répondre à aurerily

Angeldark

14 Juin 2008 09:15:41

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

| Alerter

Répondre à Angeldark

aurerily

14 Juin 2008 11:31:07

J'ai bien téléchargé le logiciel et il est en train d'analyser l'ordinateur. Par contre il m'a tout de suite demandé d'analyser sans redemarer ... Donc je l'ai fait . J'espere que cela ne posera pas de problème.
Je posterais le rapport d'erreur dès que c'est terminé. Pour le moment il y a 32 éléments infectés et AVG en detecte toujours. Dois-je désactiver AVG antivirus ??

| Alerter

Répondre à aurerily

aurerily

14 Juin 2008 12:50:48

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 846

14:28:43 14/06/2008
mbam-log-6-14-2008 (14-28-43).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 156584
Temps écoulé: 27 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 57
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 75

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\rqRLdEut.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df72002c-25d4-430a-ae88-17b7100b2ecf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df72002c-25d4-430a-ae88-17b7100b2ecf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{069e8b19-0eac-45d6-a5b3-a10ff9b69f4c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3dce744-06c7-4c09-b99d-f54254c0954f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea8279e1-f6b8-495a-8c6a-cb47bd8356d1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7ccfdab-ccb0-46ad-8bf9-45aff6c7b742} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7bafe909-2f2d-4da0-a398-d22458caf3dc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c93db567-3f35-408f-8de6-2b570db6a5a0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.bvtp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qtvglped.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6699a9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6699a9e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\omlbpkaw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pmsoarbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrldeut -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrldeut -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Windows\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\rqRLdEut.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\tuEdLRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tuEdLRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Local\Temp\eydaapdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\alarm.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\click.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\dbinfo (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Program Files\SpywareIsolator\success.wav (Rogue.Spywareisolator) -> Quarantined and deleted successfully.
C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Users\Philippe\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

| Alerter

Répondre à aurerily

aurerily

14 Juin 2008 12:52:18

Je refais une analyse et il ne detecte plus rien mais AVG si et cette fois ce sont des dossier differents sur systeme32 comme sur common file ou MSAgent : jamais les meme donc je n'ai pas vraiment le temps de noter.

| Alerter

Répondre à aurerily

Angeldark

14 Juin 2008 13:19:57

Re,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

| Alerter

Répondre à Angeldark

aurerily

15 Juin 2008 10:30:05

Voila le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:17, on 15/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Philippe\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2ABD4117-8CF1-4A41-930B-9391E8C2DE6C} - C:\Windows\system32\rqRLdEut.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: qtvglped - {74E5E4E8-79DD-49AC-B64B-E74822D5F3CD} - C:\Windows\qtvglped.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [6699a9e1] rundll32.exe "C:\Users\Philippe\AppData\Local\Temp\vodcsmnu.dll",b
O4 - HKLM\..\Policies\Explorer\Run: [kyJE7WP9eX] C:\ProgramData\erulsvqh\wjatgxcp.exe
O4 - HKLM\..\Policies\Explorer\Run: [mQJOQ0190y] C:\ProgramData\erulsvqh\wjatgxcp.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O21 - SSODL: WinDrv - {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9293 bytes

| Alerter

Répondre à aurerily

Angeldark

15 Juin 2008 10:31:10

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

| Alerter

Répondre à Angeldark

aurerily

15 Juin 2008 10:46:46

ComboFix 08-06-12.2 - Philippe 2008-06-15 12:36:05.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1082 [GMT 2:00]
Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Philippe\AppData\Local\bwkiuidy.dat
C:\Users\Philippe\AppData\Local\bwkiuidy_nav.dat
C:\Users\Philippe\AppData\Local\bwkiuidy_navps.dat
C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\otftdipy.ini
C:\Windows\system32\qlhjkmrc.ini
C:\Windows\system32\xdaqjcik.ini
C:\Windows\Web\def.htm

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))))))))
.

2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\Users\All Users\fssg
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\ProgramData\fssg
2008-06-14 13:49 . 2008-06-14 15:01 293,896,106 --a------ C:\Windows\MEMORY.DMP
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\Philippe\AppData\Roaming\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 13:25 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 13:25 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-13 13:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-13 13:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-13 13:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-13 13:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-05-29 21:34 . 2008-05-29 21:34 244 --ah----- C:\sqmnoopt06.sqm
2008-05-29 21:34 . 2008-05-29 21:34 232 --ah----- C:\sqmdata06.sqm
2008-05-28 16:25 . 2008-05-28 16:25 0 --a------ C:\DFRD94F.tmp
2008-05-28 15:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 15:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-17 17:02 . 2008-05-17 17:02 129 --a------ C:\Windows\System32\MRT.INI
2008-05-16 21:02 . 2008-05-16 21:02 182 --a------ C:\Windows\wininit.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 17:02 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-14 16:53 --------- d-----w C:\Program Files\Symantec
2008-06-14 16:40 --------- d-----w C:\ProgramData\avg7
2008-06-13 15:07 --------- d-----w C:\Program Files\Windows Mail
2008-06-13 11:35 --------- d-----w C:\Users\Philippe\AppData\Roaming\AVG7
2008-06-10 15:13 260 ----a-w C:\Users\Philippe\AppData\Roaming\wklnhst.dat
2008-05-15 14:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-01 19:31 --------- d-----w C:\ProgramData\GamesBar
2008-05-01 12:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-01 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-19 11:02 --------- d-----w C:\ProgramData\erulsvqh
2008-04-18 17:40 --------- d-----w C:\Users\Philippe\AppData\Roaming\Talkback
2008-04-18 17:38 --------- d-----w C:\Program Files\Google
2008-04-18 17:06 --------- d-----w C:\Program Files\a-squared Free
2008-04-18 11:02 --------- d-----w C:\ProgramData\Avira
2008-04-18 09:49 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-18 09:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-18 08:55 --------- d-----w C:\Program Files\Trend Micro
2008-04-17 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 16:11 --------- d-----w C:\Program Files\Real
2008-04-16 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-14 11:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABD4117-8CF1-4A41-930B-9391E8C2DE6C}]
2008-04-16 15:19 271424 --a------ C:\Windows\system32\rqRLdEut.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{74E5E4E8-79DD-49AC-B64B-E74822D5F3CD}"= "C:\Windows\qtvglped.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{74e5e4e8-79dd-49ac-b64b-e74822d5f3cd}]
[HKEY_CLASSES_ROOT\qtvglped.1]
[HKEY_CLASSES_ROOT\TypeLib\{C93DB567-3F35-408F-8DE6-2B570DB6A5A0}]
[HKEY_CLASSES_ROOT\qtvglped]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 15:59 115816]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 12:28 431752]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 23:00 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02 1183352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"kyJE7WP9eX"= C:\ProgramData\erulsvqh\wjatgxcp.exe
"mQJOQ0190y"= C:\ProgramData\erulsvqh\wjatgxcp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2007-11-25 00:24 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinDrv"= {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E1F52F3-7E63-4029-864E-35E45AABDAC1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBDFFB1E-F0A3-4CD8-89EC-9809F10CBE9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E7C7659-4DA2-4634-8D70-B8670A52E7F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{66156195-DF5A-42E6-B5B9-7B9D5A48ADF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7998B391-C311-4044-B1EB-A64794BA865D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A856FF4A-8EBF-4FD0-8496-834B9361AA9B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BA8EAC8C-0D53-4193-9AAB-81FC369DB6BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{49AEF01B-4F01-4418-AC9A-4AF915AA8951}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{17CA7F53-EF77-489E-89F3-191C479B2AFB}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9FFE08E0-F888-4994-8A7D-CB0E8D89F546}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1F5F9FE6-7EDA-4B6A-BED3-73F2A933AFC6}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{EA4BA2E3-286E-447B-A195-0928FBD2E495}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2007-11-25 00:24]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 16:48]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 12:40:26
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-15 12:44:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 10:44:52

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 207,921,545,216 octets libres

185 --- E O F --- 2008-06-14 17:06:36

| Alerter

Répondre à aurerily

aurerily

15 Juin 2008 10:51:11

AVG est desinstallé. Pourrais tu me conseiller un bon antivirus ( gratuit si possible ) pour proteger correctement l'ordinateur ?
Est-il endommagé ?? :s Ou est ce que l'on peut se debarrasser de tous ces virus ? Merci beaucoup de ton aide =)

| Alerter

Répondre à aurerily

Angeldark

15 Juin 2008 18:28:01

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\Windows\system32\rqRLdEut.dll
C:\Windows\qtvglped.dll

Folder::
C:\ProgramData\erulsvqh

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABD4117-8CF1-4A41-930B-9391E8C2DE6C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{74E5E4E8-79DD-49AC-B64B-E74822D5F3CD}"=-
[-HKEY_CLASSES_ROOT\clsid\{74e5e4e8-79dd-49ac-b64b-e74822d5f3cd}]
[-HKEY_CLASSES_ROOT\qtvglped.1]
[-HKEY_CLASSES_ROOT\TypeLib\{C93DB567-3F35-408F-8DE6-2B570DB6A5A0}]
[-HKEY_CLASSES_ROOT\qtvglped]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"kyJE7WP9eX"=-
"mQJOQ0190y"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

| Alerter

Répondre à Angeldark

aurerily

16 Juin 2008 08:29:14

Rapport ComboFix :
ComboFix 08-06-12.2 - Philippe 2008-06-16 10:18:20.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1245 [GMT 2:00]
Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
Command switches used :: C:\Users\Philippe\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\qtvglped.dll
C:\Windows\system32\rqRLdEut.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\erulsvqh
C:\Windows\system32\rqRLdEut.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.

2008-06-15 12:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 12:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 12:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 12:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\Users\All Users\fssg
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\ProgramData\fssg
2008-06-14 13:49 . 2008-06-14 15:01 293,896,106 --a------ C:\Windows\MEMORY.DMP
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\Philippe\AppData\Roaming\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 13:25 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 13:25 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-13 13:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-13 13:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-13 13:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-13 13:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-05-29 21:34 . 2008-05-29 21:34 244 --ah----- C:\sqmnoopt06.sqm
2008-05-29 21:34 . 2008-05-29 21:34 232 --ah----- C:\sqmdata06.sqm
2008-05-28 16:25 . 2008-05-28 16:25 0 --a------ C:\DFRD94F.tmp
2008-05-28 15:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 15:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-17 17:02 . 2008-05-17 17:02 129 --a------ C:\Windows\System32\MRT.INI
2008-05-16 21:02 . 2008-05-16 21:02 182 --a------ C:\Windows\wininit.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 17:02 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-14 16:53 --------- d-----w C:\Program Files\Symantec
2008-06-14 16:40 --------- d-----w C:\ProgramData\avg7
2008-06-13 15:07 --------- d-----w C:\Program Files\Windows Mail
2008-06-13 11:35 --------- d-----w C:\Users\Philippe\AppData\Roaming\AVG7
2008-06-10 15:13 260 ----a-w C:\Users\Philippe\AppData\Roaming\wklnhst.dat
2008-05-15 14:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-01 19:31 --------- d-----w C:\ProgramData\GamesBar
2008-05-01 12:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-01 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-18 17:40 --------- d-----w C:\Users\Philippe\AppData\Roaming\Talkback
2008-04-18 17:38 --------- d-----w C:\Program Files\Google
2008-04-18 17:06 --------- d-----w C:\Program Files\a-squared Free
2008-04-18 11:02 --------- d-----w C:\ProgramData\Avira
2008-04-18 09:49 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-18 09:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-18 08:55 --------- d-----w C:\Program Files\Trend Micro
2008-04-17 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 16:11 --------- d-----w C:\Program Files\Real
2008-04-16 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-14 11:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-15_12.44.41.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-19 07:38:31 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
- 2008-01-19 07:38:21 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
- 2008-01-19 07:38:36 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-06-15 16:56:21 884,736 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b3a5c81e91bf9b1e63697e53a41ac0ed\AspNetMMCExt.ni.dll
+ 2008-06-15 15:03:34 425,984 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\7b38b32ba60b3eb9195c4e1fcc2c3b9d\BDATunePIA.ni.dll
+ 2008-06-15 15:03:37 503,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a29c71731e54f91d32ccc55d5493126d\ComSvcConfig.ni.exe
+ 2008-06-15 16:56:21 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8b7076d09705567c6431176b693597ab\CustomMarshalers.ni.dll
+ 2008-06-15 16:56:22 15,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\314a2a2c7ac434889e2478150e910adf\dfsvc.ni.exe
+ 2008-06-15 16:56:22 249,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehCIR\56309ef1e57faa5e1c01a04a7e3aefc2\ehCIR.ni.dll
+ 2008-06-15 16:55:30 2,428,928 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepg\71e74bb49db5f69f8ed020dd1cb0b6b6\ehepg.ni.dll
+ 2008-06-15 16:55:37 360,448 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\507f31ea7666854edb2752be04453c54\ehepgdat.ni.dll
+ 2008-06-15 16:56:23 44,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\12b1c96d740bd58807beab61bb7a83e6\ehExtCOM.ni.dll
+ 2008-06-15 16:55:37 270,336 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\877e9f90267ecd61069716bd5c5c62b5\ehExtHost.ni.exe
+ 2008-06-15 16:55:57 24,576 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\9690acf6b16810061de6ed44368980a9\ehiExtCOM.ni.dll
+ 2008-06-15 16:55:38 188,416 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\52610279dc1c7658eafbf00b8d197bf9\ehiExtens.ni.dll
+ 2008-06-15 16:55:39 610,304 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\6c123aa14560b7dff4968bcfbcc48ba6\ehiPlay.ni.dll
+ 2008-06-15 16:55:31 983,040 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\5f8aee18344b9910bbec6af974c074d5\ehiProxy.ni.dll
+ 2008-06-15 16:55:38 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\0b31398ed7a071f087b271393a522038\ehiReplay.ni.dll
+ 2008-06-15 16:55:36 58,368 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ca15bb63e13565d7b8b168403a0dbf37\ehiUserXp.ni.dll
+ 2008-06-15 16:55:39 839,680 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\f14b581820693d30efb00f6c2753ff1a\ehiVidCtl.ni.dll
+ 2008-06-15 16:55:40 376,832 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\54da10294f5f71396a622da622c8c820\ehiwmp.ni.dll
+ 2008-06-15 16:55:42 122,880 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\9a8dbbf00820151502bf5886759bd9ff\ehiWUapi.ni.dll
+ 2008-06-15 16:55:42 1,949,696 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\7b990bb48f1fb6b6c8a1008922579cbd\ehRecObj.ni.dll
+ 2008-06-15 16:55:57 12,742,656 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\41dde58a0d3b2a978513f2a530590aae\ehshell.ni.dll
+ 2008-06-15 16:55:58 577,536 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\368debb045e28955b65910779050eccc\EventViewer.ni.dll
+ 2008-06-15 16:55:57 86,016 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\loadmxf\91672362ea8e76d7800c6d3176364d0b\loadmxf.ni.exe
+ 2008-06-15 16:55:43 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\ce94320ce05675ecc24593041cd9ca15\mcstore.ni.dll
+ 2008-06-15 16:55:44 315,392 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\6aa5747fb711f9d478b1b943fddf2b61\mcstoredb.ni.dll
+ 2008-06-15 16:56:05 274,432 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcupdate\98e5b56f1514e49a2dce1134beed3eda\mcupdate.ni.exe
+ 2008-06-15 16:55:57 258,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\81d064c3c21181a4a5ec456becbbef4c\Mcx2Dvcs.ni.dll
+ 2008-06-15 16:56:24 876,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e24c7a7e58f9b3432df623710b9c5e01\Microsoft.Build.Engine.ni.dll
+ 2008-06-15 16:56:24 81,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6dc26698fcb3f0f93759f3c38a6207d5\Microsoft.Build.Framework.ni.dll
+ 2008-06-15 16:56:26 1,695,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\87407c2d9c2530f716841b6d6ebdf563\Microsoft.Build.Tasks.ni.dll
+ 2008-06-15 16:56:26 167,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bdd6a68dce3ff4146b24afdf9759402b\Microsoft.Build.Utilities.ni.dll
+ 2008-06-15 16:56:06 1,441,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\d521fc6793855857df18b7cb9ab0acaa\Microsoft.Ink.ni.dll
+ 2008-06-15 16:56:18 2,441,216 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\2f558d3a6d024dfcdd1d62233a067b40\Microsoft.JScript.ni.dll
+ 2008-06-15 16:55:59 614,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\b059345a9c2a126e320e17c2090dd354\Microsoft.ManagementConsole.ni.dll
+ 2008-06-15 16:55:38 618,496 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\14343af24080e0f0b2acd869f6d1211d\Microsoft.MediaCenter.ni.dll
+ 2008-06-15 16:55:43 253,952 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\288266751f2bcc9d673520ed1d1ac7a2\Microsoft.MediaCenter.Shell.ni.dll
+ 2008-06-15 16:55:36 5,861,376 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7ffb1a8f14e79ec2ea006e54a4162c18\Microsoft.MediaCenter.UI.ni.dll
+ 2008-06-15 16:55:45 704,512 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\88cdfe079a647ffba0850e19ec3d2711\Microsoft.MediaCenter.Sports.ni.dll
+ 2008-06-15 16:55:28 1,232,896 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\198b25c569e8a6fbb78092fe9c697600\Microsoft.Transactions.Bridge.ni.dll
+ 2008-06-15 16:56:08 401,408 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b0da39820e35eb3821e69ac8ace491a1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-06-15 16:56:28 1,740,800 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a96c6b0c75f8ea3eb133018ba3b49f3f\Microsoft.VisualBasic.ni.dll
+ 2008-06-15 16:56:18 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\81c771cf263c377d46aaf249c7ab903a\Microsoft.Vsa.ni.dll
+ 2008-06-15 16:56:04 6,443,008 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\66ad568e1ea098a2099364bf66bdaed8\MIGUIControls.ni.dll
+ 2008-06-15 16:56:10 1,691,648 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\f5934f1b89f7c8fb3f0bab1c21045f1c\MMCEx.ni.dll
+ 2008-06-15 16:56:00 319,488 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\a3d6cbb5a1efbd314e7080bbbd78d1cd\MMCFxCommon.ni.dll
+ 2008-06-15 16:56:10 102,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napcrypt\29d0ab81098806db3b769de45054ea13\napcrypt.ni.dll
+ 2008-06-15 16:56:10 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\65fba2f3c000945397537d9646148f6c\naphlpr.ni.dll
+ 2008-06-15 16:56:11 126,976 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napinit\ad70802a13332254382fd4bddbfbc8b3\napinit.ni.dll
+ 2008-06-15 16:56:11 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\ae9a564a6dd8814ba0ec381fd07be4bb\napsnap.ni.dll
+ 2008-06-15 16:56:31 2,641,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\1b896bbb7ed678902995f5a2479962e8\Narrator.ni.exe
+ 2008-06-15 16:56:32 1,581,056 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7c78c24952fad7252c7ff7f739fd6198\PresentationBuildTasks.ni.dll
+ 2008-06-15 16:56:36 2,035,712 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fa8522105eb716eed71e99bb9bfe06ee\PresentationUI.ni.dll
+ 2008-06-15 16:56:41 2,416,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\99836ab309902e40176dc5ca0854f7b2\ReachFramework.ni.dll
+ 2008-06-15 16:56:12 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\b682f5929b1f3f2a0b585cbc999df489\ServiceModelReg.ni.exe
+ 2008-06-15 16:55:21 303,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ee487a5b3e62f510183f68538f583135\SMDiagnostics.ni.dll
+ 2008-06-15 16:56:13 323,584 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\470e3064a09dc8107667143d09811786\SMSvcHost.ni.exe
+ 2008-06-15 16:55:31 44,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\07c3757edda55c714c4e69a94be4e35e\stdole.ni.dll
+ 2008-06-15 16:56:45 262,144 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\sysglobl\811305f0e9b3729e5a6a991b6645de92\sysglobl.ni.dll
+ 2008-06-15 15:04:00 1,183,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f293fee60fc17173a220dec17a8f2a4a\System.Data.OracleClient.ni.dll
+ 2008-06-15 15:04:01 512,000 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4c99dec707cab9de8b03b8821a0716ac\System.DirectoryServices.Protocols.ni.dll
+ 2008-06-15 15:03:41 1,224,704 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b6dfa3ee72dae0f0aa3d072d3b5af2a6\System.DirectoryServices.ni.dll
+ 2008-06-15 15:03:39 659,456 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.ni.dll
+ 2008-06-15 15:03:39 294,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.Wrapper.dll
+ 2008-06-15 16:55:26 241,664 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5ff73b37102042c3e28f22106dde8ad4\System.IdentityModel.Selectors.ni.dll
+ 2008-06-15 16:55:25 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44573dbcf8c8046c8d4b9ba8109d90e7\System.IdentityModel.ni.dll
+ 2008-06-15 16:56:13 417,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\28b40aac039323938aa010da90240207\System.IO.Log.ni.dll
+ 2008-06-15 16:56:16 1,064,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3faf6c0dd4b29ada10b11269abb62653\System.Management.ni.dll
+ 2008-06-15 16:55:26 655,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\1bb37d7286f4cd22de1b1e7f6d2950b2\System.Messaging.ni.dll
+ 2008-06-15 16:56:37 1,134,592 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d82ee3d7910c5dab8c97c4e7973d7bbc\System.Printing.ni.dll
+ 2008-06-15 15:03:43 815,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
+ 2008-06-15 16:55:24 2,445,312 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\529360b58964fe947006d8669aea62f3\System.Runtime.Serialization.ni.dll
+ 2008-06-15 16:55:20 18,071,552 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cfcba8cb539cb3dc5e92c544bd6d9dc5\System.ServiceModel.ni.dll
+ 2008-06-15 16:56:44 2,039,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b75eb02af4a4a29474726c41641ac18e\System.Speech.ni.dll
+ 2008-06-15 15:03:40 679,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\62dc499efc246da6806ba0b74ac447f1\System.Transactions.ni.dll
+ 2008-06-15 16:56:47 2,342,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7185958cf25ae6673e828dd1e7ac65ed\System.Web.Mobile.ni.dll
+ 2008-06-15 15:04:00 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\320ae07cc8c7b946d2944c63a72871fc\System.Web.RegularExpressions.ni.dll
+ 2008-06-15 15:03:58 1,986,560 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\af61137b092f7167a1bb6d5f8ee294d8\System.Web.Services.ni.dll
+ 2008-06-15 15:03:55 12,513,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\369cdfcbaefd8f28200e295c26c2141f\System.Web.ni.dll
+ 2008-06-15 16:56:14 258,048 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\0a7389d61536c156ce0485a0a14d1c3f\TaskScheduler.ni.dll
+ 2008-06-15 16:56:48 483,328 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\247502ab3842b4a61f36dc4e0279f354\UIAutomationClient.ni.dll
+ 2008-06-15 16:56:49 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94bf31eac9cf2d253b451e225669e91c\UIAutomationClientsideProviders.ni.dll
+ 2008-06-15 16:56:50 270,336 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\32372878e4291ce171ce9eb482d9188a\WindowsFormsIntegration.ni.dll
+ 2008-06-15 16:56:15 380,928 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\0ecb8c2a9fa7b6c5e7c9d77b44ff6eb1\WsatConfig.ni.exe
- 2008-06-15 10:40:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-16 08:22:14 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-19 07:34:08 373,248 ----a-w C:\Windows\ehome\ehglid.dll
+ 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\ehome\ehglid.dll
- 2008-01-19 07:34:08 103,936 ----a-w C:\Windows\ehome\ehPresenter.dll
+ 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll
- 2008-01-19 07:34:08 254,464 ----a-w C:\Windows\ehome\ehReplay.dll
+ 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\ehome\ehReplay.dll
- 2008-01-19 07:38:21 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll
+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll
- 2008-01-10 05:50:47 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
- 2008-01-19 07:34:09 522,240 ----a-w C:\Windows\ehome\ehui.dll
+ 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\ehome\ehui.dll
- 2008-01-19 07:38:31 140,288 ----a-w C:\Windows\ehome\mcupdate.exe
+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\ehome\mcupdate.exe
- 2008-01-19 07:38:36 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
- 2008-06-15 10:40:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-16 08:22:35 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-15 10:40:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-16 08:22:35 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-15 10:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-15 10:38:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-15 10:55:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-15 10:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-07 18:24:48 101,896 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-16 08:16:00 101,896 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-07 18:24:48 124,228 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-16 08:16:00 124,228 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-07 18:24:48 589,884 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-16 08:16:00 589,884 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-07 18:24:48 672,096 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-16 08:16:00 672,096 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-15 10:38:28 6,299,648 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-06-15 21:32:15 6,299,648 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-06-15 10:24:48 12,382 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
+ 2008-06-16 08:13:05 12,778 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
- 2008-06-15 10:24:48 62,372 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 08:13:05 62,528 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-04 19:36:31 4,316 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-06-15 21:31:55 4,316 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-06-15 10:24:47 58,120 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 08:13:04 58,254 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-06-14 19:20:09 198,752 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-06-15 20:48:22 201,278 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2\ehepg.dll
+ 2008-04-23 14:12:49 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56\ehepg.dll
+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\ehexthost.exe
+ 2008-04-23 14:12:50 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\ehexthost.exe
+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612\ehiExtens.dll
+ 2008-04-23 14:12:51 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96\ehiExtens.dll
+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324\ehshell.dll
+ 2008-04-23 14:12:55 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8\ehshell.dll
+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c\ehshell.dll
+ 2008-04-23 04:36:58 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292\ehshell.dll
+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 14:13:09 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 14:13:09 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:37:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea\Microsoft.MediaCenter.dll
+ 2008-04-23 14:13:08 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e\Microsoft.MediaCenter.dll
+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d\mcupdate.exe
+ 2008-04-23 14:13:03 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1\mcupdate.exe
+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95\mcupdate.exe
+ 2008-04-23 04:37:28 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb\mcupdate.exe
+ 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\ehReplay.dll
+ 2008-04-23 05:11:36 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\ehReplay.dll
+ 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\ehReplay.dll
+ 2008-04-23 04:30:25 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\ehReplay.dll
+ 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.dll
+ 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.exe
+ 2008-04-23 05:11:51 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.dll
+ 2008-04-23 03:56:48 172,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.exe
+ 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050\ehdebug.dll
+ 2008-04-23 05:11:35 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4\ehdebug.dll
+ 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b\ehglid.dll
+ 2008-04-23 05:11:35 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf\ehglid.dll
+ 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73\ehglid.dll
+ 2008-04-23 04:30:24 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499\ehglid.dll
+ 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\ehPresenter.dll
+ 2008-04-23 05:11:36 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\ehPresenter.dll
+ 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\ehPresenter.dll
+ 2008-04-23 04:30:25 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\ehPresenter.dll
+ 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1\ehres.dll
+ 2008-04-23 05:11:36 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955\ehres.dll
+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6\ehtrace.dll
+ 2008-04-23 05:11:36 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a\ehtrace.dll
+ 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb\ehui.dll
+ 2008-04-23 05:11:36 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f\ehui.dll
+ 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333\ehui.dll
+ 2008-04-23 04:30:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859\ehui.dll
+ 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d\ehuihlp.dll
+ 2008-04-23 05:11:36 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411\ehuihlp.dll
+ 2008-04-23 04:27:01 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\mcmde.dll
+ 2008-04-23 05:11:51 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\mcmde.dll
+ 2008-04-23 04:27:00 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787\EncDec.dll
+ 2008-04-23 05:11:36 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b\EncDec.dll
+ 2008-04-23 04:42:37 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf\EncDec.dll
+ 2008-04-23 04:34:41 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5\EncDec.dll
+ 2008-04-23 04:27:04 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\psisdecd.dll
+ 2008-04-23 05:12:30 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\psisdecd.dll
+ 2008-04-23 04:42:37 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\psisdecd.dll
+ 2008-04-23 04:34:47 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\psisdecd.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 15:59 115816]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 12:28 431752]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 23:00 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02 1183352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2007-11-25 00:24 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinDrv"= {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E1F52F3-7E63-4029-864E-35E45AABDAC1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBDFFB1E-F0A3-4CD8-89EC-9809F10CBE9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E7C7659-4DA2-4634-8D70-B8670A52E7F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{66156195-DF5A-42E6-B5B9-7B9D5A48ADF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7998B391-C311-4044-B1EB-A64794BA865D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A856FF4A-8EBF-4FD0-8496-834B9361AA9B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BA8EAC8C-0D53-4193-9AAB-81FC369DB6BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{49AEF01B-4F01-4418-AC9A-4AF915AA8951}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{17CA7F53-EF77-489E-89F3-191C479B2AFB}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9FFE08E0-F888-4994-8A7D-CB0E8D89F546}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1F5F9FE6-7EDA-4B6A-BED3-73F2A933AFC6}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{EA4BA2E3-286E-447B-A195-0928FBD2E495}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2007-11-25 00:24]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 16:48]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 10:22:39
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-16 10:27:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 08:27:09
ComboFix2.txt 2008-06-15 10:44:57

Pre-Run: 206,790,066,176 octets libres
Post-Run: 206,875,549,696 octets libres

380 --- E O F --- 2008-06-15 15:02:02

| Alerter

Répondre à aurerily

aurerily

16 Juin 2008 08:30:28

Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:48, on 16/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Users\Philippe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O21 - SSODL: WinDrv - {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7971 bytes

| Alerter

Répondre à aurerily

Angeldark

16 Juin 2008 09:02:39

Encore des soucis ?

| Alerter

Répondre à Angeldark

aurerily

16 Juin 2008 10:06:25

Heu est ce que d'après mes rapports que j'ai envoyé il en reste encore ?

| Alerter

Répondre à aurerily

Angeldark

16 Juin 2008 10:09:03

Normalement nan.

| Alerter

Répondre à Angeldark

aurerily

16 Juin 2008 10:09:42

Ha et qu'est ce que je pourrais installer comme antivirus sur cet ordinateur (étant donné qu'il n'y en a plus ) ? Pour éviter d'autres soucis ? Sur mon PC à moi j'ai Antivir Avira est-il bon ? Et puis une derniere question : Dois je desinstaller Hijackthis et Combofix ?
Merci encore pour ton aide =)

| Alerter

Répondre à aurerily

Angeldark

16 Juin 2008 10:16:41

AntiVir est bon. Pour Hijackthis et Combofix, tu peux supprimer.

| Alerter

Répondre à Angeldark

aurerily

16 Juin 2008 10:25:56

Bon tout est fait je fais un scan avec Antivir mais il n'a rien détecté alors qu'il le fesait dès son ouverture il y a quelques jours donc je pense que tout est ok !!
=)=)
Merci beaucoup. Comment mettre [resolu] sur le sujet ?

| Alerter

Répondre à aurerily

aurerily

16 Juin 2008 10:38:09

Je n'arrive pas à supprimer les dossier norton internet security qui ne sert plus à rien ... c'est important ?

| Alerter

Répondre à aurerily

Angeldark

16 Juin 2008 11:22:04

Norton Removal Tool pour la suppression de Norton.

| Alerter

Répondre à Angeldark

aurerily

16 Juin 2008 11:38:21

D'accord merci. Comment faire pour que Internet Explorer s'ouvre sans devoir à chaque fois cliquer sur autoriser l'ouverture de ce programme ? Sinon après tout est nickel ^^
Merci

| Alerter

Répondre à aurerily

Angeldark

16 Juin 2008 12:57:51

Qui te demande une autorisation ?

| Alerter

Répondre à Angeldark

RedSux

16 Juin 2008 13:18:37

Il se lance en mode admin ! Clic droit, et vérifie que t'as pas activer l'option "éxécuter en tant qu'administrateur"

C'est Vista Angel !

| Alerter

Répondre à RedSux

Angeldark

16 Juin 2008 13:31:11

Pour IE ? J'ai jamais eu ce problème Red.

| Alerter

Répondre à Angeldark

aurerily

16 Juin 2008 14:20:13

Quand je clique sur l'icone internet explorer il y a mon ecran qui s'assombris et une petite fenetre en bas à gauche qui dit : un programme non identifié veut acceder à votre ordinateur. puis annuler ou autoriser. Et oui c'est sur Vista

| Alerter

Répondre à aurerily

aurerily

16 Juin 2008 14:26:14

Où se situe l'option " executer en tant qu'administrateur " ?

| Alerter

Répondre à aurerily

RedSux

16 Juin 2008 14:29:11

Clic droit, propriété... Sur l'application iexplorer.exe !

À mon avis, t'as encore des trucs sur ton PC ... Relance la panoplie Antivir, Adaware et cie !

| Alerter

Répondre à RedSux

aurerily

16 Juin 2008 14:33:45

heu ... quand on est sur propriété c'est quel onglet. Je refais les analyses mais Antivir que j'ai refait il y a une heure n'a rien détécté.

| Alerter

Répondre à aurerily

aurerily

16 Juin 2008 15:14:29

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 846

17:14:00 16/06/2008
mbam-log-6-16-2008 (17-14-00).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 158303
Temps écoulé: 39 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

| Alerter

Répondre à aurerily

aurerily

16 Juin 2008 15:24:22

ComboFix 08-06-15.4 - Philippe 2008-06-16 17:16:49.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1032 [GMT 2:00]
Endroit: C:\Users\Philippe\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.

2008-06-16 12:22 . 2008-06-16 12:22 <REP> d-------- C:\Program Files\Avira
2008-06-15 12:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 12:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 12:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 12:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\Users\All Users\fssg
2008-06-14 18:39 . 2008-06-14 18:43 <REP> d-------- C:\ProgramData\fssg
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\Philippe\AppData\Roaming\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:25 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-14 13:25 . 2008-06-14 13:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 13:25 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 13:25 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-13 13:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-13 13:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-13 13:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-13 13:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-05-29 21:34 . 2008-05-29 21:34 244 --ah----- C:\sqmnoopt06.sqm
2008-05-29 21:34 . 2008-05-29 21:34 232 --ah----- C:\sqmdata06.sqm
2008-05-28 16:25 . 2008-05-28 16:25 0 --a------ C:\DFRD94F.tmp
2008-05-28 15:19 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 15:19 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-17 17:02 . 2008-05-17 17:02 129 --a------ C:\Windows\System32\MRT.INI
2008-05-16 21:02 . 2008-05-16 21:02 182 --a------ C:\Windows\wininit.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 11:24 260 ----a-w C:\Users\Philippe\AppData\Roaming\wklnhst.dat
2008-06-14 17:02 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-14 16:53 --------- d-----w C:\Program Files\Symantec
2008-06-14 16:40 --------- d-----w C:\ProgramData\avg7
2008-06-13 15:07 --------- d-----w C:\Program Files\Windows Mail
2008-06-13 11:35 --------- d-----w C:\Users\Philippe\AppData\Roaming\AVG7
2008-05-15 14:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-01 19:31 --------- d-----w C:\ProgramData\GamesBar
2008-05-01 12:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-01 12:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-23 21:01 --------- d-----w C:\Program Files\Common Files\Real
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 14:33 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-18 17:40 --------- d-----w C:\Users\Philippe\AppData\Roaming\Talkback
2008-04-18 17:38 --------- d-----w C:\Program Files\Google
2008-04-18 17:06 --------- d-----w C:\Program Files\a-squared Free
2008-04-18 11:02 --------- d-----w C:\ProgramData\Avira
2008-04-18 09:49 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-18 09:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-18 08:55 --------- d-----w C:\Program Files\Trend Micro
2008-04-17 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Journal
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Defender
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-17 19:56 --------- d-----w C:\Program Files\Windows Calendar
2008-04-17 18:43 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-17 18:43 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-17 16:11 --------- d-----w C:\Program Files\Real
2008-04-16 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-14 11:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-14 11:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-06-16_10.26.56.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 08:22:14 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-16 12:11:08 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-16 12:11:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-16 12:11:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-16 12:12:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-16 12:12:46 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-16 08:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-16 12:12:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-16 12:12:41 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-16 12:11:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-15 10:55:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-16 12:11:09 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-15 10:55:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-16 12:11:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-15 10:36:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-06-16 15:16:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-06-16 15:16:45 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2008-03-04 11:28:53 79,424 ----a-w C:\Windows\System32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\Windows\System32\drivers\ssmdrv.sys
- 2008-06-16 08:16:00 101,896 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-16 12:16:48 101,896 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-16 08:16:00 124,228 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-16 12:16:48 124,228 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-16 08:16:00 589,884 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-16 12:16:48 589,884 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-16 08:16:00 672,096 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-16 12:16:48 672,096 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-16 08:13:05 12,778 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
+ 2008-06-16 12:12:59 12,882 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4049039252-367552735-4115417666-1000_UserData.bin
- 2008-06-16 08:13:05 62,528 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 12:12:59 62,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-16 08:13:04 58,254 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 12:12:58 58,734 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-06-15 20:48:22 201,278 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-06-16 09:40:01 201,502 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 15:59 115816]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 12:28 431752]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 23:00 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02 1183352]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2007-11-25 00:24 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinDrv"= {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E1F52F3-7E63-4029-864E-35E45AABDAC1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBDFFB1E-F0A3-4CD8-89EC-9809F10CBE9A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E7C7659-4DA2-4634-8D70-B8670A52E7F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{66156195-DF5A-42E6-B5B9-7B9D5A48ADF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7998B391-C311-4044-B1EB-A64794BA865D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A856FF4A-8EBF-4FD0-8496-834B9361AA9B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BA8EAC8C-0D53-4193-9AAB-81FC369DB6BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{49AEF01B-4F01-4418-AC9A-4AF915AA8951}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{17CA7F53-EF77-489E-89F3-191C479B2AFB}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9FFE08E0-F888-4994-8A7D-CB0E8D89F546}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1F5F9FE6-7EDA-4B6A-BED3-73F2A933AFC6}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{EA4BA2E3-286E-447B-A195-0928FBD2E495}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2007-11-25 00:24]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 16:48]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - MBAMCATCHME
*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 17:21:26
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

[0] 0x08133F12

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-16 17:23:21
ComboFix-quarantined-files.txt 2008-06-16 15:22:52
ComboFix2.txt 2008-06-16 08:27:14
ComboFix3.txt 2008-06-15 10:44:57

Pre-Run: 208,422,899,712 octets libres
Post-Run: 208,391,086,080 octets libres

197 --- E O F --- 2008-06-15 15:02:02

| Alerter

Répondre à aurerily

aurerily

16 Juin 2008 15:35:54

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:48, on 16/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Users\Philippe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O21 - SSODL: WinDrv - {64aa26b6-5a6c-438b-bd93-23061cf38bd8} - C:\Windows\Resources\WinDrv.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8369 bytes

| Alerter

Répondre à aurerily

RedSux

16 Juin 2008 16:38:55

Connait pas ça :
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

Fix le !

Pour l'onglet, c'est au niveau des paramètres de compatibilité !

| Alerter

Répondre à RedSux

aurerily

16 Juin 2008 16:44:01

comment on fix ?
Alors à cet onglet rien n'est cochable il est écirt : les modes de compatibilités ne peuvent être appliqués à ce programme car il fait parti de cette version de Windows.
Mais la case executer ce programme en tant qu'administrateur n'est pas cochée

| Alerter

Répondre à aurerily

Angeldark

16 Juin 2008 17:02:10

Pourquoi reposter ces rapports ?

Red, quand on ne connait pas une ligne, on ne l'a fait pas fixer pour autant !
Ce n'est pas une infection, pas besoin de toucher à la ligne.