Tom's Guide > Forum > Sécurité - Virus > Impossible de lancer un Antivirus

Impossible de lancer un Antivirus

Forum Sécurité - Virus : Impossible de lancer un Antivirus

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Eltik   06-12-2008 à 20:15:07

Bonjour,
Il y a un ou deux mois, j'ai choppé une belle panoplie de Spyware, Adware et Worm en tout genre dont je suis débarrassé aujourd'hui. Enfin c'est ce que je croyais. Récemment, je me suis aperçu qu'il m'étais impossible de lancer un antivirus. J'ai essayé Avast!, Spyware Doc., Kaspersky, rien n'y fait ! Avant "l'agression" j'ai pouvait lancer Avast! et Spyware Doc. (J'ai tenté Kaspersky durant la période d'attaque) mais dès que je les ai eu je ne pouvais plus rien faire j'ai donc détruit un à un les squatteurs. Cependant, depuis, j'ai des fenêtres pop-up qui s'ouvrent régulièrement, et je ne puis toujours pas lancer d'Antivirus ><.
Je me suis dis qu'il fallait donc faire appel a des gens qui s'y connaissent voici la raison de mon post.
Voilà
Cordialement, Eltik


Message édité par Eltik le 06-12-2008 à 21:52:25
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Sham_Rock   06-12-2008 à 22:07:51
- 0 +

bonsoir


Télécharge DDS et sauvegarde-le sur ton bureau.

  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
Eltik   06-12-2008 à 23:44:43
- 0 +

Bonsoir,

Voici le rapport comme demandé:


DDS (Version 1.0) - NTFSx86
Run by eltik at 23:43:05,83 on 06/12/2008
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2031.970 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
D:\Avast\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\file32\hotkey.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
D:\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Avast\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Valve\Steam\Steam.exe
D:\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ManyCam 2.2\ManyCam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\MultiRecover\multitray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\uTorrent\uTorrent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\eltik\Downloads\dds(3).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - d:\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A34FA88D-8437-4634-8A60-E913011EF2E5} - c:\users\eltik\appdata\roaming\sp2\qaccess.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] d:\valve\steam\Steam.exe -silent
uRun: [Nokia.PCSync] "d:\nokia\nokia pc suite 6\PCSync2.exe" /NoDialog
uRun: [PC Suite Tray] "d:\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" /WinStart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ManyCam] "c:\program files\manycam 2.2\ManyCam.exe"
uRun: [<NO NAME>] c:\users\eltik\appdata\roaming\adobe\Player.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [\YURAEB5.exe] c:\windows\system32\YURAEB5.exe
uRun: [\YURAEC5.exe] c:\windows\system32\YURAEC5.exe
uRun: [\YURB856.exe] c:\windows\system32\YURB856.exe
uRun: [\YURBAC6.exe] c:\windows\system32\YURBAC6.exe
uRun: [Smart Antivirus-2009.exe] c:\program files\smart antivirus 2009\Smart Antivirus-2009.exe
uRun: [\YUR9C7D.exe] c:\windows\system32\YUR9C7D.exe
uRun: [\YUR9C9C.exe] c:\windows\system32\YUR9C9C.exe
uRun: [\YUR9CBB.exe] c:\windows\system32\YUR9CBB.exe
uRun: [\YUR9F0C.exe] c:\windows\system32\YUR9F0C.exe
uRun: [\YUR816E.exe] c:\windows\system32\YUR816E.exe
uRun: [\YUR83FD.exe] c:\windows\system32\YUR83FD.exe
uRun: [\YUR8342.exe] c:\windows\system32\YUR8342.exe
uRun: [\YUR85F1.exe] c:\windows\system32\YUR85F1.exe
uRun: [\YUR8786.exe] c:\windows\system32\YUR8786.exe
uRun: [\YUR87B5.exe] c:\windows\system32\YUR87B5.exe
uRun: [\YUR87A5.exe] c:\windows\system32\YUR87A5.exe
uRun: [\YUR9471.exe] c:\windows\system32\YUR9471.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MSServer] rundll32.exe c:\users\eltik\appdata\local\temp\hggdAtUM.dll,#1
uRun: [MSSMSGS] rundll32.exe wincnw32.rom,LNsRun
uRun: [Proccamp] "c:\programdata\sixth ace ace.ap6cmx"
uRun: [vc log bows face] "c:\programdata\Program Else Help.cbca86x"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Unattend0000000001{81DFCC53-D582-412B-90C8-88DD893CA332}] c:\windows\test.bat
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Lenovokey] c:\program files\lenovo\file32\hotkey.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [IMSCMig] e:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [ISUSPM] "e:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [ModeSwitch] "c:\program files\lenovo\powerdial\LitModeSwitch.exe" /AutoRun
mRun: [WPCUMI] e:\windows\system32\WpcUmi.exe
mRun: [multitray] c:\program files\lenovo\multirecover\loadtray.exe
mRun: [NBKeyScan] "d:\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [PWRISOVM.EXE] d:\poweriso\PWRISOVM.EXE
mRun: [\YURE570.exe] c:\windows\system32\YURE570.exe
mRun: [\YURE61B.exe] c:\windows\system32\YURE61B.exe
mRun: [\YURE994.exe] c:\windows\system32\YURE994.exe
mRun: [\YUREB59.exe] c:\windows\system32\YUREB59.exe
mRun: [AVP] "d:\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [Adobe Reader Speed Launcher] "d:\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] d:\avast\ashDisp.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - d:\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: klogon - c:\windows\system32\klogon.dll
Notify: winoyb32 - winoyb32.dll
AppInit_DLLs: d:\kasper~1\kasper~1\mzvkbd.dll,d:\kasper~1\kasper~1\mzvkbd3.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R0 ntdisk;ntdisk;c:\windows\system32\drivers\ntdisk.sys [2007-9-17 24856]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-6 111184]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-6 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-6 51792]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe" [2008-1-16 30312]
R2 DQLWinService;DQLWinService;"c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe" [2007-2-12 208896]
R2 NMSCore;Intel(R) NMSCore;"c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe" [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 OKAV Agent Service;OKAV Agent Service;c:\program files\trend micro\okavagent\OKAVAgent.exe [2007-6-28 66824]
R2 QualityManager;Intel(R) Quality Manager;"c:\program files\intel\inteldh\intel media server\media server\bin\qualitymanager.exe" [2007-6-27 272600]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-2-12 347648]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-9-17 5632]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S0 safnt;safnt;c:\windows\system32\drivers\safnt.sys [2007-9-17 16912]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 LitModeCtrl;LitModeCtrl;"c:\program files\lenovo\powerdial\LitModeCtrl.exe" [2007-9-17 92048]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -sMSSMLBIZ [2008-2-26 29183504]

=============== Created Last 30 ================

2008-12-06 18:46 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2008-12-03 19:37 <DIR> --d----- c:\program files\directx
2008-12-03 13:12 7,165 a------- C:\wmcodec_update.exe
2008-12-03 13:11 7,142 a------- C:\update.exe
2008-11-26 12:53 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 12:53 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-11-26 12:53 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-11-26 12:53 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 12:53 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 12:53 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 12:53 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-13 18:18 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-11-13 18:18 83,456 a------- c:\windows\system32\wudriver.dll
2008-11-13 18:18 162,064 a------- c:\windows\system32\wuwebv.dll
2008-11-13 18:18 31,232 a------- c:\windows\system32\wuapp.exe
2008-11-12 16:12 1,341,440 a------- c:\windows\system32\msxml6.dll
2008-11-12 16:12 2,048 a------- c:\windows\system32\msxml6r.dll
2008-11-12 16:12 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-12 16:12 1,194,496 a------- c:\windows\system32\msxml3.dll
2008-11-12 16:12 2,048 a------- c:\windows\system32\msxml3r.dll
2008-11-09 23:28 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-08 17:09 <DIR> --d----- c:\programdata\Adobe

==================== Find3M ====================

2008-12-06 19:49 745,080 a------- c:\windows\system32\perfh00C.dat
2008-12-06 19:49 140,208 a------- c:\windows\system32\perfc00C.dat
2008-12-06 19:43 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-06 19:43 51,200 a------- c:\windows\inf\infpub.dat
2008-12-06 18:47 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2008-12-06 18:47 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2008-12-06 18:47 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-06 18:47 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-03 13:13 7,306 a------- C:\error_fix.exe
2008-12-03 13:12 15,618 a------- C:\directx.exe
2008-10-22 21:23 32,256 a------- c:\windows\system32\winoyb32.dll
2008-10-14 20:59 96,559 a------- c:\windows\system32\drivers\klin.dat
2008-10-14 20:59 87,855 a------- c:\windows\system32\drivers\klick.dat
2008-10-14 20:59 86,016 a------- c:\windows\inf\infstor.dat
2008-10-13 19:41 3,962 a------- c:\windows\system32\tmp.reg
2008-10-13 19:41 691 a------- c:\users\eltik\appdata\roaming\GetValue.vbs
2008-10-13 19:41 35 a------- c:\users\eltik\appdata\roaming\SetValue.bat
2008-10-08 11:08 94,208 a------- c:\windows\edgk.exe
2008-10-02 04:49 826,368 a------- c:\windows\system32\wininet.dll
2008-10-02 04:49 56,320 a------- c:\windows\system32\iesetup.dll
2008-10-02 04:49 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-02 04:48 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-10-01 14:51 87,552 a------- c:\windows\system32\VACFix.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-26 21:02 131 a------- C:\inactif.dat
2008-09-19 11:26 82,944 a------- c:\windows\system32\o4Patch.exe
2008-09-19 11:26 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-09-18 05:27 3,506,744 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 05:27 3,472,952 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 03:03 2,027,520 a------- c:\windows\system32\win32k.sys
2008-09-18 01:41 42,320 a------- c:\windows\system32\xfcodec.dll
2008-09-08 22:38 88,576 a------- c:\windows\system32\AntiXPVSTFix.exe
2008-07-10 12:28 174 a--sh--- c:\program files\desktop.ini
2008-06-20 21:40 56 a---h--- c:\programdata\ezsidmv.dat
2008-06-20 21:40 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-14 08:55 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll

============= FINISH: 23:43:31,61 ===============

Répondre à Eltik
Sham_Rock   07-12-2008 à 09:25:51
- 0 +

bonjour
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


+++++++++++

Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )


( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )


Message édité par Sham_Rock le 07-12-2008 à 09:26:40
Répondre à Sham_Rock
Eltik   07-12-2008 à 11:16:01
- 0 +

Bonjour,

Voici le rapport:

ComboFix 08-12-06.06 - eltik 2008-12-07 11:10:21.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1212 [GMT 1:00]
Lancé depuis: c:\users\eltik\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
C:\update.exe
c:\users\eltik\AppData\Roaming\Adobe\crc.dat
c:\users\eltik\AppData\Roaming\Microsoft\Windows\Start Menu\Cheap Pharmacy Online.url
c:\users\eltik\AppData\Roaming\Microsoft\Windows\Start Menu\Search Online.url
c:\users\eltik\AppData\Roaming\Microsoft\Windows\Start Menu\VIP Casino.url
c:\users\eltik\AppData\Roaming\sp2\qaccess.dll
c:\users\eltik\FAVORI~1\Cheap Pharmacy Online.url
c:\users\eltik\FAVORI~1\Search Online.url
c:\users\eltik\FAVORI~1\VIP Casino.url
c:\users\eltik\Favorites\Cheap Pharmacy Online.url
c:\users\eltik\Favorites\Search Online.url
c:\users\eltik\Favorites\VIP Casino.url
c:\windows\edgk.exe
c:\windows\system32\c.ico
c:\windows\system32\m.ico
c:\windows\system32\s.ico
C:\x

----- BITS: Il y a peut-être des sites infectés -----

hxxp://91.203.93.6
hxxp://78.157.143.163
hxxp://78.157.143.198
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
.

2008-12-06 18:46 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-12-03 19:37 . 2008-12-03 19:37 <REP> d-------- c:\program files\directx
2008-12-03 13:12 . 2008-12-03 13:12 7,165 --a------ C:\wmcodec_update.exe
2008-11-26 12:53 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 12:53 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 12:53 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 12:53 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 12:53 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 12:53 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 12:53 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-20 21:49 . 2008-11-20 21:49 <REP> d-------- c:\users\eltik\AppData\Roaming\dvdcss
2008-11-18 17:45 . 2008-11-18 17:47 <REP> d-------- c:\users\eltik\AppData\Roaming\SecondLife
2008-11-13 18:18 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-13 18:18 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-13 18:18 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-13 18:18 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-13 18:18 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-13 18:18 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-13 18:18 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-13 18:18 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-13 18:18 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-12 16:12 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 16:12 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 16:12 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 16:12 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-12 16:12 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 11:36 . 2008-11-10 11:36 <REP> d-------- c:\users\Invité\AppData\Roaming\Google
2008-11-10 11:05 . 2008-11-10 11:05 <REP> d-------- c:\users\Invité\AppData\Roaming\Macromedia
2008-11-10 11:05 . 2008-11-10 11:05 <REP> d-------- c:\users\Invité\AppData\Roaming\Adobe
2008-11-10 11:03 . 2008-11-10 11:03 <REP> d-------- c:\users\Invité\AppData\Roaming\Mozilla
2008-11-10 10:32 . 2008-11-10 10:32 <REP> d-------- c:\users\Invité\AppData\Roaming\ATI
2008-11-10 10:31 . 2008-11-10 10:31 <REP> d-------- c:\users\Invité\AppData\Roaming\Nero
2008-11-10 10:31 . 2008-11-10 10:31 <REP> d-------- c:\users\Invité\AppData\Roaming\GTek
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Videos
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Videos
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Searches
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Searches
2008-11-10 10:30 . 2008-12-05 14:31 <REP> dr------- c:\users\Invité\Saved Games
2008-11-10 10:30 . 2008-12-05 14:31 <REP> dr------- c:\users\Invité\Saved Games
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Pictures
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Pictures
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Music
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Music
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Links
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Links
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Favorites
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Favorites
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Downloads
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Downloads
2008-11-10 10:30 . 2008-11-10 11:04 <REP> dr------- c:\users\Invité\Documents
2008-11-10 10:30 . 2008-11-10 11:04 <REP> dr------- c:\users\Invité\Documents
2008-11-10 10:30 . 2008-11-11 13:21 <REP> dr------- c:\users\Invité\Desktop
2008-11-10 10:30 . 2008-11-11 13:21 <REP> dr------- c:\users\Invité\Desktop
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Contacts
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Contacts
2008-11-10 10:30 . 2008-11-10 13:01 <REP> d---s---- c:\users\Invité\AppData\Roaming\Microsoft
2008-11-10 10:30 . 2006-11-02 13:37 <REP> d-------- c:\users\Invité\AppData\Roaming\Media Center Programs
2008-11-10 10:30 . 2008-11-10 10:30 <REP> d-------- c:\users\Invité\AppData\Roaming\Identities
2008-11-10 10:30 . 2008-11-10 10:30 <REP> d--h----- c:\users\Invité\AppData
2008-11-10 10:30 . 2008-11-10 10:30 <REP> d--h----- c:\users\Invité\AppData
2008-11-10 10:30 . 2008-11-10 10:30 <REP> d-------- c:\users\Invité
2008-11-10 10:30 . 2008-12-07 11:10 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
2008-11-10 10:30 . 2008-12-07 11:10 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
2008-11-09 23:28 . 2008-11-09 23:28 <REP> d-------- c:\program files\Java
2008-11-09 23:28 . 2008-11-09 23:28 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-08 17:09 . 2008-11-08 17:09 <REP> d-------- c:\users\All Users\Adobe
2008-11-08 17:09 . 2008-11-08 17:09 <REP> d-------- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 10:12 --------- d-----w c:\users\eltik\AppData\Roaming\sp2
2008-12-07 10:10 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2008-12-07 10:10 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2008-12-07 10:10 --------- d-----w c:\users\eltik\AppData\Roaming\uTorrent
2008-12-06 22:58 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-06 22:58 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-06 22:58 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-06 22:58 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-06 16:40 --------- d-----w c:\users\eltik\AppData\Roaming\LimeWire
2008-12-06 15:52 --------- d-----w c:\users\eltik\AppData\Roaming\Hamachi
2008-12-03 12:13 7,306 ----a-w C:\error_fix.exe
2008-12-03 12:12 15,618 ----a-w C:\directx.exe
2008-11-22 10:42 --------- d-----w c:\programdata\Microsoft Help
2008-11-20 17:06 --------- d-----w c:\programdata\Road axis poke
2008-11-20 17:06 --------- d-----w c:\programdata\Memo Drive Vc Log
2008-11-10 12:01 --------- d-s---w c:\users\Invité\AppData\Roaming\Microsoft
2008-11-10 10:36 --------- d-----w c:\users\Invité\AppData\Roaming\Google
2008-11-10 10:05 --------- d-----w c:\users\Invité\AppData\Roaming\Macromedia
2008-11-10 10:05 --------- d-----w c:\users\Invité\AppData\Roaming\Adobe
2008-11-10 10:03 --------- d-----w c:\users\Invité\AppData\Roaming\Mozilla
2008-11-10 09:32 --------- d-----w c:\users\Invité\AppData\Roaming\ATI
2008-11-10 09:31 --------- d-----w c:\users\Invité\AppData\Roaming\Nero
2008-11-10 09:31 --------- d-----w c:\users\Invité\AppData\Roaming\GTek
2008-11-10 09:30 --------- d-----w c:\users\Invité\AppData\Roaming\Identities
2008-11-03 19:56 --------- d-----w c:\program files\MSN Messenger
2008-10-31 21:11 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-25 20:37 --------- d-----w c:\users\eltik\AppData\Roaming\fltk.org
2008-10-22 20:23 32,256 ----a-w c:\windows\System32\winoyb32.dll
2008-10-22 15:48 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 16:21 --------- d-----w c:\program files\Windows Mail
2008-10-14 19:59 96,559 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-14 19:59 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-14 19:59 --------- d-----w c:\programdata\Kaspersky Lab
2008-10-13 19:31 --------- d---a-w c:\programdata\TEMP
2008-10-13 19:19 --------- d-----w c:\programdata\nqxwfqnu
2008-10-13 18:41 691 ----a-w c:\users\eltik\AppData\Roaming\GetValue.vbs
2008-10-13 18:41 35 ----a-w c:\users\eltik\AppData\Roaming\SetValue.bat
2008-10-13 18:41 3,962 ----a-w c:\windows\System32\tmp.reg
2008-10-11 10:29 --------- d-----w c:\programdata\fkbcjopo
2008-10-10 19:18 --------- d-----w c:\programdata\knqrmxux
2008-10-10 19:18 --------- d-----w c:\programdata\EnAplAdm
2008-10-08 13:34 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2008-10-08 12:50 --------- d-----w c:\program files\Trend Micro
2008-10-08 12:49 --------- d-----w c:\programdata\Trend Micro
2008-10-08 12:38 --------- d-----w c:\programdata\Skype
2008-10-08 10:53 --------- d-----w c:\users\eltik\AppData\Roaming\skypePM
2008-10-07 20:29 --------- d-----w c:\users\eltik\AppData\Roaming\Xfire
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-10-01 13:51 87,552 ----a-w c:\windows\System32\VACFix.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-26 20:02 131 ----a-w C:\inactif.dat
2008-09-19 10:26 82,944 ----a-w c:\windows\System32\o4Patch.exe
2008-09-19 10:26 82,944 ----a-w c:\windows\System32\IEDFix.C.exe
2008-09-18 04:27 3,506,744 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:27 3,472,952 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-18 00:41 42,320 ----a-w c:\windows\System32\xfcodec.dll
2008-09-08 21:38 88,576 ----a-w c:\windows\System32\AntiXPVSTFix.exe
2008-07-10 11:28 174 --sha-w c:\program files\desktop.ini
2008-06-20 20:40 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-06-20 20:40 56 ---ha-w c:\programdata\ezsidmv.dat
2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Proccamp"="c:\programdata\sixth ace ace.ap6cmx" [X]
"vc log bows face"="c:\programdata\Program Else Help.cbca86x" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-15 1232896]
"Steam"="d:\valve\Steam\Steam.exe" [2008-10-08 1410296]
"Nokia.PCSync"="d:\nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="d:\nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-07-16 190024]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-14 5724184]
"ManyCam"="c:\program files\ManyCam 2.2\ManyCam.exe" [2008-02-06 1676584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-14 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"MSSMSGS"="wincnw32.rom" [2008-10-22 c:\windows\System32\wincnw32.rom]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Lenovokey"="c:\program files\Lenovo\file32\hotkey.exe" [2006-09-01 74240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"ModeSwitch"="c:\program files\Lenovo\PowerDial\LitModeSwitch.exe" [2007-08-02 177448]
"multitray"="c:\program files\Lenovo\MultiRecover\loadtray.exe" [2007-06-29 31248]
"NBKeyScan"="d:\nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"PWRISOVM.EXE"="d:\poweriso\PWRISOVM.EXE" [2008-01-20 217088]
"AVP"="d:\kaspersky lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"Adobe Reader Speed Launcher"="d:\reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]
"avast!"="d:\avast\ashDisp.exe" [2008-11-26 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-14 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winoyb32]
2008-10-22 21:23 32256 c:\windows\System32\winoyb32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\kasper~1\KASPER~1\mzvkbd.dll,d:\kasper~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.clmp3enc"= c:\progra~1\Lenovo\Power2Go\CLMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{37457D7B-3350-448F-9020-348980987E97}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E573EE08-9503-4A61-AE5B-F3C89B676912}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{5575526A-269F-431D-85D6-E7856C6859B5}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{5E23C099-8421-4BFA-96A8-E33914F29D4F}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8FDC97F2-90AC-42F1-90B8-E39BEC92F7EF}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C1124595-7130-4B4A-AD57-13C288BBF871}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{1B3A029E-856C-4079-B255-85671FA87733}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{1EDC68F0-7594-4FC1-95B5-6D9EBCC3BC99}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{1D6B3DED-ED57-420F-B431-CA07894E189F}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{917B0640-4632-4D14-B9A1-6DDF763DA63B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{128083F9-8A38-4B3A-93D9-234A4A1A94D2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1FDB25BE-9F02-419E-BB62-44F257596BF7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{FC1CB830-BEA5-4979-8B13-AECBB63D9786}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{9814F4CA-F130-4122-B906-9B56AB97647E}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{891E7274-55EB-4224-BC7D-FC80A68B1DC9}d:\\valve\\steam\\steamapps\\eltik\\team fortress 2\\hl2.exe"= UDP:d:\valve\steam\steamapps\eltik\team fortress 2\hl2.exe:hl2
"UDP Query User{48C9F76D-69E2-4792-99C3-937BC9CB6E98}d:\\valve\\steam\\steamapps\\eltik\\team fortress 2\\hl2.exe"= TCP:d:\valve\steam\steamapps\eltik\team fortress 2\hl2.exe:hl2
"TCP Query User{82647698-7949-42CC-9181-8145AAB93B2E}c:\\users\\eltik\\appdata\\local\\temp\\rar$ex00.147\\volley.exe"= UDP:c:\users\eltik\appdata\local\temp\rar$ex00.147\volley.exe:volley.exe
"UDP Query User{5A1805DC-53AB-4D4D-8D3D-6147BB441683}c:\\users\\eltik\\appdata\\local\\temp\\rar$ex00.147\\volley.exe"= TCP:c:\users\eltik\appdata\local\temp\rar$ex00.147\volley.exe:volley.exe
"{DA88018F-971B-4AD0-A19E-FB8F10D35709}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{C69DF4DD-D37D-494C-A2C9-8F3391D7C4E7}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{24CF0A63-EBF8-4CFD-AEDE-13A022380B70}"= UDP:d:\autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{26D39BEB-DD6C-416F-A238-06A4751E4B2F}"= TCP:d:\autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{DC0FD998-7D5C-4ECE-B757-366CD9BB95FE}"= UDP:d:\autodesk\Backburner\manager.exe:backburner 2.3 manager
"{4E106723-5479-47DC-B671-3F8430C015DB}"= TCP:d:\autodesk\Backburner\manager.exe:backburner 2.3 manager
"{B142EDB3-4711-4B8F-82C8-2449CDEB4D7A}"= UDP:d:\autodesk\Backburner\server.exe:backburner 2.3 server
"{626CF41D-8BF1-4063-A790-FE0A95F2756D}"= TCP:d:\autodesk\Backburner\server.exe:backburner 2.3 server
"{F9BE9874-B4C3-46CB-B9B3-63557F1BD31E}"= UDP:d:\electronic arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{411188A5-19ED-4957-B0CB-B7AB66326E22}"= TCP:d:\electronic arts\Battlefield 2142\BF2142.exe:Battlefield 2
"TCP Query User{8C56AC05-7D3E-4AB6-826E-E274485375D8}d:\\limewire\\limewire.exe"= UDP:d:\limewire\limewire.exe:LimeWire
"UDP Query User{A8BD715C-8BA5-47F4-915A-FEABB8DDED16}d:\\limewire\\limewire.exe"= TCP:d:\limewire\limewire.exe:LimeWire
"TCP Query User{0066FB3C-97A7-4E61-9E7D-B3E5B8D8A388}d:\\wolfenstein - enemy territory\\et.exe"= UDP:d:\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{9CB6BFFA-0163-4131-A6C2-FF739167678A}d:\\wolfenstein - enemy territory\\et.exe"= TCP:d:\wolfenstein - enemy territory\et.exe:ET
"{31043263-0620-4106-8D3E-C6629B7C14ED}"= d:\electronic arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
"{8A56D107-86BE-433F-A3BF-26203F0973F9}"= d:\electronic arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
"TCP Query User{8DE1D62E-B1B4-4050-BB14-D1F3D59FF5F1}d:\\ut2004\\system\\ut2004.exe"= UDP:d:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{EC062E63-1AD7-4FA1-8C20-3086AFAF3BF4}d:\\ut2004\\system\\ut2004.exe"= TCP:d:\ut2004\system\ut2004.exe:UT2004
"{C6B240B6-B3D8-4398-A81D-F8B6FCE895F5}"= d:\electronic arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3 : La Fureur de Kane
"TCP Query User{C3A99262-A572-4EE8-8CAE-36213A7AB67C}d:\\program files\\xfire\\xfire.exe"= UDP:d:\program files\xfire\xfire.exe:Xfire
"UDP Query User{889F03ED-F5F6-4DAB-91E9-D619C39FFA32}d:\\program files\\xfire\\xfire.exe"= TCP:d:\program files\xfire\xfire.exe:Xfire
"TCP Query User{328F4174-07B3-47F4-81B5-62ECF31CAA87}d:\\valve\\steam\\steamapps\\eltik\\garrysmod\\hl2.exe"= UDP:d:\valve\steam\steamapps\eltik\garrysmod\hl2.exe:hl2
"UDP Query User{AD71AC15-52DD-443F-B889-2477ACDB19FB}d:\\valve\\steam\\steamapps\\eltik\\garrysmod\\hl2.exe"= TCP:d:\valve\steam\steamapps\eltik\garrysmod\hl2.exe:hl2
"TCP Query User{F424173F-6ABD-4E66-9740-74CC77B44F5F}c:\\users\\eltik\\program files\\dna\\btdna.exe"= UDP:c:\users\eltik\program files\dna\btdna.exe:btdna.exe
"UDP Query User{FA03ED9F-EAA8-41DD-853F-3A1C03EF7A4F}c:\\users\\eltik\\program files\\dna\\btdna.exe"= TCP:c:\users\eltik\program files\dna\btdna.exe:btdna.exe
"{054FA35B-D73F-41B4-A6D2-3000438E3B7E}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)
"{D4100674-B1CC-4946-BE48-FA9C98903A07}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{BAF73FB6-2BA2-4F15-9B53-3BCD8B71386B}d:\\nexuiz\\nexuiz.exe"= UDP:d:\nexuiz\nexuiz.exe:Nexuiz
"UDP Query User{7CAD80C2-C487-4E10-8F7B-35D37258DFEC}d:\\nexuiz\\nexuiz.exe"= TCP:d:\nexuiz\nexuiz.exe:Nexuiz
"{417B45F9-EB03-412A-8391-CE6D1BA770E9}"= UDP:d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:Kaspersky Anti-Virus 2009
"{54FF94EC-CF84-4C66-B5E9-93B24AACA7B9}"= TCP:d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:Kaspersky Anti-Virus 2009
"TCP Query User{E33E88C0-E010-402E-A8F0-441AB33F2B2D}d:\\unreal gold\\system\\unreal.exe"= UDP:d:\unreal gold\system\unreal.exe:Unreal
"UDP Query User{78F54BCE-0832-4457-ABEF-3598E72B15B4}d:\\unreal gold\\system\\unreal.exe"= TCP:d:\unreal gold\system\unreal.exe:Unreal
"{60D37DDB-670D-4967-ADF5-AAA554F46004}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{231750EB-4067-4D8B-9C53-332ADD1B676C}d:\\secondlife\\slvoice.exe"= UDP:d:\secondlife\slvoice.exe:SLVoice
"UDP Query User{3B1FBBC5-6FA6-4CDF-A2FE-109402C840FC}d:\\secondlife\\slvoice.exe"= TCP:d:\secondlife\slvoice.exe:SLVoice
"{C53E70DD-F6EA-4F36-AE0F-67211547A53F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 ntdisk;ntdisk;c:\windows\system32\drivers\ntdisk.sys [2007-09-17 24856]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-06 111184]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-06 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-06 51792]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R2 DQLWinService;DQLWinService;"c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 208896]
R2 NMSCore;Intel(R) NMSCore;"c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
R2 OKAV Agent Service;OKAV Agent Service;c:\program files\Trend Micro\OKAVAgent\OKAVAgent.exe [2007-06-28 66824]
R2 QualityManager;Intel(R) Quality Manager;"c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 272600]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2008-02-12 347648]
R3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-09-17 5632]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S0 safnt;safnt;c:\windows\system32\drivers\safnt.sys [2007-09-17 16912]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
S3 LitModeCtrl;LitModeCtrl;"c:\program files\Lenovo\PowerDial\LitModeCtrl.exe" [2007-09-17 92048]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e958ba4-8c76-11dd-a49b-001b111523ed}]
\shell\AutoRun\command - K:\start.exe
\shell\iledefrance\command - K:\start.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-10-31 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []

2008-12-06 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-\YURAEB5.exe - c:\windows\system32\YURAEB5.exe
HKCU-Run-\YURAEC5.exe - c:\windows\system32\YURAEC5.exe
HKCU-Run-\YURB856.exe - c:\windows\system32\YURB856.exe
HKCU-Run-\YURBAC6.exe - c:\windows\system32\YURBAC6.exe
HKCU-Run-\YUR9C7D.exe - c:\windows\system32\YUR9C7D.exe
HKCU-Run-\YUR9C9C.exe - c:\windows\system32\YUR9C9C.exe
HKCU-Run-\YUR9CBB.exe - c:\windows\system32\YUR9CBB.exe
HKCU-Run-\YUR9F0C.exe - c:\windows\system32\YUR9F0C.exe
HKCU-Run-\YUR816E.exe - c:\windows\system32\YUR816E.exe
HKCU-Run-\YUR83FD.exe - c:\windows\system32\YUR83FD.exe
HKCU-Run-\YUR8342.exe - c:\windows\system32\YUR8342.exe
HKCU-Run-\YUR85F1.exe - c:\windows\system32\YUR85F1.exe
HKCU-Run-\YUR8786.exe - c:\windows\system32\YUR8786.exe
HKCU-Run-\YUR87B5.exe - c:\windows\system32\YUR87B5.exe
HKCU-Run-\YUR87A5.exe - c:\windows\system32\YUR87A5.exe
HKCU-Run-\YUR9471.exe - c:\windows\system32\YUR9471.exe
HKLM-Run-Unattend0000000001{81DFCC53-D582-412B-90C8-88DD893CA332} - c:\windows\test.bat
HKLM-Run-IMSCMig - e:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE
HKLM-Run-ISUSPM - e:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-WPCUMI - e:\windows\system32\WpcUmi.exe
HKLM-Run-\YURE570.exe - c:\windows\system32\YURE570.exe
HKLM-Run-\YURE61B.exe - c:\windows\system32\YURE61B.exe
HKLM-Run-\YURE994.exe - c:\windows\system32\YURE994.exe
HKLM-Run-\YUREB59.exe - c:\windows\system32\YUREB59.exe


.
------- Examen supplémentaire -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FireFox -: Profile - c:\users\eltik\AppData\Roaming\Mozilla\Firefox\Profiles\me18f9eb.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\users\eltik\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - d:\reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 11:13:08
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-07 11:14:36
ComboFix-quarantined-files.txt 2008-12-07 10:14:33

Avant-CF: 1 468 731 392 octets libres
Après-CF: 4,334,981,120 octets libres

364 --- E O F --- 2008-12-04 19:15:43




+++++++++++++++++++++++++++++++++++++++

Rapport de LopSD


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Default System BIOS
USER : eltik ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:250 Go (Free:111 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 07/12/2008|11:17 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[08/11/2008|17:10] C:\Users\eltik\AppData\Local\Adobe
[12/07/2008|17:44] C:\Users\eltik\AppData\Local\Ahead
[12/02/2008|19:29] C:\Users\eltik\AppData\Local\Application Data
[12/02/2008|19:30] C:\Users\eltik\AppData\Local\ATI
[30/03/2008|18:06] C:\Users\eltik\AppData\Local\Autodesk
[09/11/2008|12:38] C:\Users\eltik\AppData\Local\d3d9caps.dat
[06/12/2008|23:54] C:\Users\eltik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[23/07/2008|15:15] C:\Users\eltik\AppData\Local\Disney
[01/09/2008|17:20] C:\Users\eltik\AppData\Local\DNA
[04/10/2008|15:36] C:\Users\eltik\AppData\Local\GDIPFONTCACHEV1.DAT
[08/05/2008|23:19] C:\Users\eltik\AppData\Local\Google
[12/02/2008|19:29] C:\Users\eltik\AppData\Local\Historique
[06/12/2008|23:57] C:\Users\eltik\AppData\Local\IconCache.db
[08/10/2008|13:56] C:\Users\eltik\AppData\Local\Microsoft
[06/06/2008|22:35] C:\Users\eltik\AppData\Local\Microsoft Games
[25/09/2008|21:14] C:\Users\eltik\AppData\Local\Microsoft Help
[27/09/2008|11:04] C:\Users\eltik\AppData\Local\Mostick
[15/02/2008|18:12] C:\Users\eltik\AppData\Local\Mozilla
[29/10/2008|16:51] C:\Users\eltik\AppData\Local\Oblivion
[15/02/2008|21:54] C:\Users\eltik\AppData\Local\Steam
[07/12/2008|11:16] C:\Users\eltik\AppData\Local\Temp
[12/02/2008|19:29] C:\Users\eltik\AppData\Local\Temporary Internet Files
[18/02/2008|00:38] C:\Users\eltik\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[31/10/2008 14:59][--a------] C:\Windows\tasks\Norton Security Scan.job
[06/12/2008 23:29][--a------] C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
[07/12/2008 10:39][--ah-----] C:\Windows\tasks\SA.DAT
[06/12/2008 23:58][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[17/09/2007|22:55] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[08/11/2008|17:09] C:\ProgramData\Adobe
[02/11/2006|14:02] C:\ProgramData\Application Data
[30/03/2008|18:15] C:\ProgramData\Autodesk
[27/06/2007|03:01] C:\ProgramData\Bureau
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[10/10/2008|20:18] C:\ProgramData\EnAplAdm
[20/06/2008|21:40] C:\ProgramData\ezsidmv.dat
[27/06/2007|03:01] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[11/10/2008|11:29] C:\ProgramData\fkbcjopo
[08/05/2008|14:46] C:\ProgramData\Google
[12/02/2008|19:31] C:\ProgramData\Gtek
[31/05/2008|21:42] C:\ProgramData\Installations
[17/09/2007|23:01] C:\ProgramData\Intel
[14/10/2008|20:59] C:\ProgramData\Kaspersky Lab
[08/10/2008|14:34] C:\ProgramData\Kaspersky Lab Setup Files
[10/10/2008|20:18] C:\ProgramData\knqrmxux
[21/03/2008|22:22] C:\ProgramData\Media Center Programs
[20/11/2008|18:06] C:\ProgramData\Memo Drive Vc Log
[27/06/2007|03:01] C:\ProgramData\Menu Démarrer
[21/07/2008|22:19] C:\ProgramData\Messenger Plus!
[25/09/2008|21:15] C:\ProgramData\Microsoft
[22/11/2008|11:42] C:\ProgramData\Microsoft Help
[27/06/2007|03:01] C:\ProgramData\Modèles
[12/07/2008|17:38] C:\ProgramData\Nero
[13/10/2008|20:19] C:\ProgramData\nqxwfqnu
[31/05/2008|21:49] C:\ProgramData\PC Suite
[20/11/2008|18:06] C:\ProgramData\Program Else Help.cbca86x
[20/11/2008|18:06] C:\ProgramData\Road axis poke
[20/11/2008|18:05] C:\ProgramData\sixth ace ace.0yoyc
[17/09/2008|11:54] C:\ProgramData\sixth ace ace.1k1ae
[01/11/2008|19:02] C:\ProgramData\sixth ace ace.2o397
[24/09/2008|21:08] C:\ProgramData\sixth ace ace.9h4hkey
[20/11/2008|18:05] C:\ProgramData\sixth ace ace.ap6cmx
[11/09/2008|17:19] C:\ProgramData\sixth ace ace.ap8ajuh
[15/11/2008|10:55] C:\ProgramData\sixth ace ace.etuzcv
[09/10/2008|21:04] C:\ProgramData\sixth ace ace.eyfszej
[24/09/2008|21:08] C:\ProgramData\sixth ace ace.gksbmyr
[09/10/2008|21:04] C:\ProgramData\sixth ace ace.honflc1
[09/10/2008|18:14] C:\ProgramData\sixth ace ace.wssrzt
[27/10/2008|10:27] C:\ProgramData\sixth ace ace.xwjt69
[08/10/2008|13:38] C:\ProgramData\Skype
[02/11/2006|14:02] C:\ProgramData\Start Menu
[13/10/2008|20:31] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[08/10/2008|13:49] C:\ProgramData\Trend Micro
[15/02/2008|18:09] C:\ProgramData\WLInstaller
[03/10/2008|17:52] C:\ProgramData\Xfire

--------------------\\ Listing des dossiers dans C:\Program Files

[17/09/2007|22:55] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[15/02/2008|18:08] C:\Program Files\Alwil Software
[17/09/2007|22:44] C:\Program Files\Analog Devices
[17/09/2007|22:40] C:\Program Files\ATI
[17/09/2007|22:42] C:\Program Files\ATI Technologies
[13/07/2008|17:02] C:\Program Files\Autodesk
[08/03/2008|23:35] C:\Program Files\AviSynth 2.5
[11/09/2008|17:19] C:\Program Files\Circle Developement
[07/12/2008|11:12] C:\Program Files\Common Files
[17/09/2007|23:09] C:\Program Files\CyberLink
[31/05/2008|21:45] C:\Program Files\DIFX
[03/12/2008|19:37] C:\Program Files\directx
[23/07/2008|15:15] C:\Program Files\Disney
[08/03/2008|23:35] C:\Program Files\eRightSoft
[27/06/2007|03:01] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
[16/05/2008|18:11] C:\Program Files\Google
[12/05/2008|14:51] C:\Program Files\Hamachi
[30/03/2008|10:48] C:\Program Files\Infogrames
[17/09/2008|17:36] C:\Program Files\InstallShield Installation Information
[17/09/2007|23:01] C:\Program Files\Intel
[16/10/2008|17:21] C:\Program Files\Internet Explorer
[17/09/2007|23:07] C:\Program Files\InterVideo
[09/11/2008|23:28] C:\Program Files\Java
[17/09/2007|23:09] C:\Program Files\Lenovo
[02/09/2008|15:10] C:\Program Files\ManyCam 2.2
[11/09/2008|17:19] C:\Program Files\Messenger Plus! Live
[16/07/2008|22:48] C:\Program Files\MessengerPlus! 3
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[17/09/2007|22:58] C:\Program Files\Microsoft Office
[25/09/2008|21:12] C:\Program Files\Microsoft SDKs
[22/10/2008|16:48] C:\Program Files\Microsoft Silverlight
[17/09/2007|22:59] C:\Program Files\Microsoft Small Business
[10/07/2008|08:31] C:\Program Files\Microsoft SQL Server
[17/09/2007|22:54] C:\Program Files\Microsoft Visual Studio
[17/09/2007|22:54] C:\Program Files\Microsoft Works
[17/09/2007|22:57] C:\Program Files\Microsoft.NET
[22/03/2008|14:52] C:\Program Files\Movie Maker
[06/12/2008|21:02] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/11/2006|13:37] C:\Program Files\MSN
[03/11/2008|20:56] C:\Program Files\MSN Messenger
[15/02/2008|20:40] C:\Program Files\MSXML 4.0
[31/05/2008|21:45] C:\Program Files\PC Connectivity Solution
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[08/10/2008|13:50] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[15/02/2008|18:06] C:\Program Files\VideoLAN
[15/02/2008|22:36] C:\Program Files\Windows Calendar
[02/11/2006|13:42] C:\Program Files\Windows Collaboration
[27/06/2007|03:54] C:\Program Files\Windows Defender
[02/11/2006|13:42] C:\Program Files\Windows Journal
[15/02/2008|18:17] C:\Program Files\Windows Live
[31/10/2008|22:11] C:\Program Files\Windows Live Safety Center
[17/09/2007|23:09] C:\Program Files\Windows Live Toolbar
[16/10/2008|17:21] C:\Program Files\Windows Mail
[15/02/2008|22:36] C:\Program Files\Windows Media Player
[27/06/2007|03:01] C:\Program Files\Windows NT
[02/11/2006|13:42] C:\Program Files\Windows Photo Gallery
[15/02/2008|22:36] C:\Program Files\Windows Sidebar
[08/10/2008|13:30] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[08/11/2008|17:09] C:\Program Files\Common Files\Adobe
[30/03/2008|18:17] C:\Program Files\Common Files\Autodesk Shared
[17/09/2007|22:54] C:\Program Files\Common Files\DESIGNER
[14/03/2008|18:25] C:\Program Files\Common Files\INCA Shared
[07/06/2008|12:45] C:\Program Files\Common Files\InstallShield
[17/09/2007|23:01] C:\Program Files\Common Files\Intel
[17/09/2007|23:07] C:\Program Files\Common Files\InterVideo
[25/09/2008|21:13] C:\Program Files\Common Files\Merge Modules
[25/09/2008|21:14] C:\Program Files\Common Files\microsoft shared
[12/07/2008|17:40] C:\Program Files\Common Files\Nero
[31/05/2008|21:46] C:\Program Files\Common Files\Nokia
[31/05/2008|21:46] C:\Program Files\Common Files\PCSuite
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[15/02/2008|21:54] C:\Program Files\Common Files\Steam
[17/09/2007|22:52] C:\Program Files\Common Files\System
[15/02/2008|18:17] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 89 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Memo Drive Vc Log
C:\ProgramData\Memo Drive Vc Log\Tick Support.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@advertising[1].txt
C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 11:23:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1253

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Smart Antivirus 2009



[F:17][D:166]-> C:\Users\eltik\AppData\Local\Temp
[F:461][D:1]-> C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies
[F:62][D:8]-> C:\Users\eltik\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:31][D:7]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 07/12/2008|13:40 - Option : [1]

--------------------\\ Fin du rapport a 13:40:59
[ UAC => 1 ]


Message édité par Eltik le 07-12-2008 à 13:53:20
Répondre à Eltik
Sham_Rock   07-12-2008 à 22:14:58
- 0 +

re

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :

  • Fais redémarrer ton ordinateur en mode sans échec

- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :


~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

Aide :


++++++++++++++++

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
Eltik   08-12-2008 à 18:19:36
- 0 +

Voilà le rapport de Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 6.0.6000

08/12/2008 00:20:41
mbam-log-2008-12-08 (00-20-41).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 259142
Temps écoulé: 38 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\dicha (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\godzi1.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winoyb32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.bmqr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSSMSGS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\eltik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\ProgramData\nqxwfqnu\zuvinqfu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Road axis poke\rwdkvyfo.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\edgk.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\winoyb32.dll (Dialer) -> Quarantined and deleted successfully.


Message édité par Eltik le 08-12-2008 à 18:20:43
Répondre à Eltik
Sham_Rock   08-12-2008 à 22:55:09
- 0 +

bonsoir
reposte un log hijackthis stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
Eltik   09-12-2008 à 17:37:50
- 0 +

Logfile of HijackThis v1.99.1
Scan saved at 17:32:28, on 09/12/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\file32\hotkey.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Lenovo\MultiRecover\multitray.exe
D:\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Valve\Steam\Steam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
D:\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ManyCam 2.2\ManyCam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\eltik\AppData\Local\Temp\Rar$EX00.276\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\google\googletoolbar2user.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\PowerDial\LitModeSwitch.exe" /AutoRun
O4 - HKLM\..\Run: [multitray] C:\Program Files\Lenovo\MultiRecover\loadtray.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVP] "D:\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] D:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.2\ManyCam.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Proccamp] "C:\ProgramData\sixth ace ace.ap6cmx"
O4 - HKCU\..\Run: [vc log bows face] "C:\ProgramData\Program Else Help.cbca86x"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: D:\KASPER~1\KASPER~1\mzvkbd.dll,D:\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - D:\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LitModeCtrl - Lenovo Software (Beijing) Limited - C:\Program Files\Lenovo\PowerDial\LitModeCtrl.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: OKAV Agent Service - Trend Micro Inc. - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


http://www.hijackthis.de/fr#anl

Répondre à Eltik
Sham_Rock   09-12-2008 à 22:22:00
- 0 +

bonsoir
fais un choix dans tes antivirus, kaspersky ou avast, à toi de voir... si ta version de kaspersky est encore valide, pas d'hésitations...


Copie (Ctrl+C) le texte ci-dessous :

File::
c:\programdata\sixth ace ace.ap6cmx
c:\programdata\Program Else Help.cbca86x
c:\windows\System32\wincnw32.rom
C:\windows\System32\winoyb32.dll
c:\windows\Tasks\Norton Security Scan.job
C:\Program Files\Circle Developement\Uninstall.exe
C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@advertising[1].txt
C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@adopt.euroclick[2].txt
C:\ProgramData\Memo Drive Vc Log\Tick Support.exe

Folder::
c:\programdata\nqxwfqnu
c:\programdata\fkbcjopo
c:\programdata\knqrmxux
c:\programdata\EnAplAdm
c:\program files\Norton Security Scan
C:\ProgramData\Road axis poke
C:\ProgramData\sixth ace ace.0yoyc
C:\ProgramData\sixth ace ace.1k1ae
C:\ProgramData\sixth ace ace.2o397
C:\ProgramData\sixth ace ace.9h4hkey
C:\ProgramData\sixth ace ace.ap6cmx
C:\ProgramData\sixth ace ace.ap8ajuh
C:\ProgramData\sixth ace ace.etuzcv
C:\ProgramData\sixth ace ace.eyfszej
C:\ProgramData\sixth ace ace.gksbmyr
C:\ProgramData\sixth ace ace.honflc1
C:\ProgramData\sixth ace ace.wssrzt
C:\ProgramData\sixth ace ace.xwjt69
C:\ProgramData\Memo Drive Vc Log
C:\Program Files\Circle Developement


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Proccamp"=-
"vc log bows face"=-
"MSSMSGS"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winoyb32]




Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

http://i263.photobucket.com/albums/ii126/Sham_Rock1/CFScript-1.gif

  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
Eltik   09-12-2008 à 22:30:24
- 0 +

Bonsoir,

Voici le contenu du rapport de ComboFix:

ComboFix 08-12-06.06 - eltik 2008-12-09 22:25:21.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1410 [GMT 1:00]
Lancé depuis: c:\users\eltik\Desktop\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\eltik\Desktop\CFScript.txt

FILE ::
c:\program files\Circle Developement\Uninstall.exe
c:\programdata\Memo Drive Vc Log\Tick Support.exe
c:\programdata\Program Else Help.cbca86x
c:\programdata\sixth ace ace.ap6cmx
c:\users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@adopt.euroclick[2].txt
c:\users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@advertising[1].txt
c:\windows\System32\wincnw32.rom
c:\windows\System32\winoyb32.dll
c:\windows\Tasks\Norton Security Scan.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Circle Developement
c:\program files\Circle Developement\Uninstall.exe
c:\programdata\EnAplAdm
c:\programdata\EnAplAdm\vedghszi.exe
c:\programdata\fkbcjopo
c:\programdata\fkbcjopo\nafmpkpw.exe
c:\programdata\knqrmxux
c:\programdata\knqrmxux\yjmtanqt.exe
c:\programdata\Memo Drive Vc Log
c:\programdata\Memo Drive Vc Log\Tick Support.exe
c:\programdata\nqxwfqnu
c:\programdata\Program Else Help.cbca86x
c:\programdata\Road axis poke
c:\programdata\Road axis poke\ajzrrtlb.exe
c:\programdata\Road axis poke\boltgrid.exe
c:\programdata\Road axis poke\bskqsdbf.exe
c:\programdata\Road axis poke\jhkurbsc.exe
c:\programdata\Road axis poke\safe lite phone drive.exe
c:\programdata\Road axis poke\swwzifgg.exe
c:\programdata\Road axis poke\uhsncepu.exe
c:\programdata\Road axis poke\uolgryqx.exe
c:\programdata\Road axis poke\xjzstjrx.exe
c:\programdata\sixth ace ace.0yoyc\
c:\programdata\sixth ace ace.1k1ae\
c:\programdata\sixth ace ace.2o397\
c:\programdata\sixth ace ace.9h4hkey\
c:\programdata\sixth ace ace.ap6cmx
c:\programdata\sixth ace ace.ap8ajuh\
c:\programdata\sixth ace ace.etuzcv\
c:\programdata\sixth ace ace.eyfszej\
c:\programdata\sixth ace ace.gksbmyr\
c:\programdata\sixth ace ace.honflc1\
c:\programdata\sixth ace ace.wssrzt\
c:\programdata\sixth ace ace.xwjt69\
c:\users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@adopt.euroclick[2].txt
c:\users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@advertising[1].txt
c:\windows\System32\wincnw32.rom
c:\windows\Tasks\Norton Security Scan.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))
.

2008-12-07 23:41 . 2008-12-07 23:41 <REP> d-------- c:\users\eltik\AppData\Roaming\Malwarebytes
2008-12-07 23:41 . 2008-12-07 23:41 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-07 23:41 . 2008-12-07 23:41 <REP> d-------- c:\programdata\Malwarebytes
2008-12-07 23:41 . 2008-12-03 19:54 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 23:41 . 2008-12-03 19:54 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-07 11:16 . 2008-12-07 13:40 <REP> d-------- C:\Lop SD
2008-12-03 19:37 . 2008-12-03 19:37 <REP> d-------- c:\program files\directx
2008-12-03 13:12 . 2008-12-03 13:12 7,165 --a------ C:\wmcodec_update.exe
2008-11-26 12:53 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 12:53 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 12:53 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 12:53 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 12:53 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 12:53 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 12:53 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-20 21:49 . 2008-11-20 21:49 <REP> d-------- c:\users\eltik\AppData\Roaming\dvdcss
2008-11-18 17:45 . 2008-11-18 17:47 <REP> d-------- c:\users\eltik\AppData\Roaming\SecondLife
2008-11-13 18:18 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-13 18:18 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-13 18:18 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-13 18:18 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-13 18:18 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-13 18:18 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-13 18:18 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-13 18:18 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-13 18:18 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-12 16:12 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 16:12 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 16:12 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 16:12 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-12 16:12 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 11:36 . 2008-11-10 11:36 <REP> d-------- c:\users\Invité\AppData\Roaming\Google
2008-11-10 11:05 . 2008-11-10 11:05 <REP> d-------- c:\users\Invité\AppData\Roaming\Macromedia
2008-11-10 11:05 . 2008-11-10 11:05 <REP> d-------- c:\users\Invité\AppData\Roaming\Adobe
2008-11-10 11:03 . 2008-11-10 11:03 <REP> d-------- c:\users\Invité\AppData\Roaming\Mozilla
2008-11-10 10:32 . 2008-11-10 10:32 <REP> d-------- c:\users\Invité\AppData\Roaming\ATI
2008-11-10 10:31 . 2008-11-10 10:31 <REP> d-------- c:\users\Invité\AppData\Roaming\Nero
2008-11-10 10:31 . 2008-11-10 10:31 <REP> d-------- c:\users\Invité\AppData\Roaming\GTek
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Videos
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Videos
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Searches
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Searches
2008-11-10 10:30 . 2008-12-05 14:31 <REP> dr------- c:\users\Invité\Saved Games
2008-11-10 10:30 . 2008-12-05 14:31 <REP> dr------- c:\users\Invité\Saved Games
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Pictures
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Pictures
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Music
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Music
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Links
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Links
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Favorites
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Favorites
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Downloads
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Downloads
2008-11-10 10:30 . 2008-11-10 11:04 <REP> dr------- c:\users\Invité\Documents
2008-11-10 10:30 . 2008-11-10 11:04 <REP> dr------- c:\users\Invité\Documents
2008-11-10 10:30 . 2008-12-07 15:09 <REP> dr------- c:\users\Invité\Desktop
2008-11-10 10:30 . 2008-12-07 15:09 <REP> dr------- c:\users\Invité\Desktop
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Contacts
2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Contacts
2008-11-10 10:30 . 2008-11-10 13:01 <REP> d---s---- c:\users\Invité\AppData\Roaming\Microsoft
2008-11-10 10:30 . 2006-11-02 13:37 <REP> d-------- c:\users\Invité\AppData\Roaming\Media Center Programs
2008-11-10 10:30 . 2008-11-10 10:30 <REP> d-------- c:\users\Invité\AppData\Roaming\Identities
2008-11-10 10:30 . 2008-11-10 10:30 <REP> d--h----- c:\users\Invité\AppData
2008-11-10 10:30 . 2008-11-10 10:30 <REP> d--h----- c:\users\Invité\AppData
2008-11-10 10:30 . 2008-11-10 10:30 <REP> d-------- c:\users\Invité
2008-11-10 10:30 . 2008-12-09 17:52 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
2008-11-10 10:30 . 2008-12-09 17:52 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
2008-11-09 23:28 . 2008-11-09 23:28 <REP> d-------- c:\program files\Java
2008-11-09 23:28 . 2008-11-09 23:28 410,976 --a------ c:\windows\System32\deploytk.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 19:28 --------- d-----w c:\users\eltik\AppData\Roaming\uTorrent
2008-12-09 19:01 --------- d-----w c:\users\eltik\AppData\Roaming\Hamachi
2008-12-09 16:52 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2008-12-09 16:52 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2008-12-08 22:19 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-08 22:19 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-08 22:19 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-08 22:19 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-07 10:12 --------- d-----w c:\users\eltik\AppData\Roaming\sp2
2008-12-06 16:40 --------- d-----w c:\users\eltik\AppData\Roaming\LimeWire
2008-12-03 12:13 7,306 ----a-w C:\error_fix.exe
2008-12-03 12:12 15,618 ----a-w C:\directx.exe
2008-11-22 10:42 --------- d-----w c:\programdata\Microsoft Help
2008-11-10 12:01 --------- d-s---w c:\users\Invité\AppData\Roaming\Microsoft
2008-11-10 10:36 --------- d-----w c:\users\Invité\AppData\Roaming\Google
2008-11-10 10:05 --------- d-----w c:\users\Invité\AppData\Roaming\Macromedia
2008-11-10 10:05 --------- d-----w c:\users\Invité\AppData\Roaming\Adobe
2008-11-10 10:03 --------- d-----w c:\users\Invité\AppData\Roaming\Mozilla
2008-11-10 09:32 --------- d-----w c:\users\Invité\AppData\Roaming\ATI
2008-11-10 09:31 --------- d-----w c:\users\Invité\AppData\Roaming\Nero
2008-11-10 09:31 --------- d-----w c:\users\Invité\AppData\Roaming\GTek
2008-11-10 09:30 --------- d-----w c:\users\Invité\AppData\Roaming\Identities
2008-11-08 16:09 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 19:56 --------- d-----w c:\program files\MSN Messenger
2008-10-31 21:11 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-25 20:37 --------- d-----w c:\users\eltik\AppData\Roaming\fltk.org
2008-10-22 15:48 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 16:21 --------- d-----w c:\program files\Windows Mail
2008-10-14 19:59 96,559 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-14 19:59 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-14 19:59 --------- d-----w c:\programdata\Kaspersky Lab
2008-10-13 19:31 --------- d---a-w c:\programdata\TEMP
2008-10-13 18:41 691 ----a-w c:\users\eltik\AppData\Roaming\GetValue.vbs
2008-10-13 18:41 35 ----a-w c:\users\eltik\AppData\Roaming\SetValue.bat
2008-10-13 18:41 3,962 ----a-w c:\windows\System32\tmp.reg
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-10-01 13:51 87,552 ----a-w c:\windows\System32\VACFix.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-26 20:02 131 ----a-w C:\inactif.dat
2008-09-19 10:26 82,944 ----a-w c:\windows\System32\o4Patch.exe
2008-09-19 10:26 82,944 ----a-w c:\windows\System32\IEDFix.C.exe
2008-09-18 04:27 3,506,744 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:27 3,472,952 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-09-18 00:41 42,320 ----a-w c:\windows\System32\xfcodec.dll
2008-07-10 11:28 174 --sha-w c:\program files\desktop.ini
2008-06-20 20:40 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-06-20 20:40 56 ---ha-w c:\programdata\ezsidmv.dat
2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-07_11.13.30,46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 09:39:35 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-12-09 19:31:25 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-12-07 09:39:34 86,016 ----a-w c:\windows\inf\infstrng.dat
+ 2008-12-09 19:31:24 86,016 ----a-w c:\windows\inf\infstrng.dat
- 2008-12-07 09:39:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-09 19:30:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-07 09:39:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-09 19:30:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 10:13:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-09 19:32:39 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-09 19:32:39 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-07 09:40:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-09 19:31:54 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-12-07 10:10:11 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-08 22:19:28 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-08 22:19:28 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-12-07 09:46:26 121,248 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-09 19:37:12 121,248 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-07 09:46:26 140,208 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-12-09 19:37:12 140,208 ----a-w c:\windows\System32\perfc00C.dat
- 2008-12-07 09:46:26 656,652 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-09 19:37:12 656,652 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-07 09:46:26 745,080 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-12-09 19:37:12 745,080 ----a-w c:\windows\System32\perfh00C.dat
- 2008-12-07 09:41:05 10,264 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3997995386-3143303825-376587101-1005_UserData.bin
+ 2008-12-09 19:32:53 10,280 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3997995386-3143303825-376587101-1005_UserData.bin
- 2008-12-07 09:41:05 73,142 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-09 19:32:52 73,268 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-07 09:41:00 59,206 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-09 16:26:51 59,214 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-15 1232896]
"Steam"="d:\valve\Steam\Steam.exe" [2008-10-08 1410296]
"Nokia.PCSync"="d:\nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="d:\nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-07-16 190024]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-14 5724184]
"ManyCam"="c:\program files\ManyCam 2.2\ManyCam.exe" [2008-02-06 1676584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-14 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Lenovokey"="c:\program files\Lenovo\file32\hotkey.exe" [2006-09-01 74240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"ModeSwitch"="c:\program files\Lenovo\PowerDial\LitModeSwitch.exe" [2007-08-02 177448]
"multitray"="c:\program files\Lenovo\MultiRecover\loadtray.exe" [2007-06-29 31248]
"NBKeyScan"="d:\nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"PWRISOVM.EXE"="d:\poweriso\PWRISOVM.EXE" [2008-01-20 217088]
"AVP"="d:\kaspersky lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"Adobe Reader Speed Launcher"="d:\reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-14 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\kasper~1\KASPER~1\mzvkbd.dll,d:\kasper~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.clmp3enc"= c:\progra~1\Lenovo\Power2Go\CLMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{37457D7B-3350-448F-9020-348980987E97}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E573EE08-9503-4A61-AE5B-F3C89B676912}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{5575526A-269F-431D-85D6-E7856C6859B5}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{5E23C099-8421-4BFA-96A8-E33914F29D4F}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8FDC97F2-90AC-42F1-90B8-E39BEC92F7EF}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C1124595-7130-4B4A-AD57-13C288BBF871}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{1B3A029E-856C-4079-B255-85671FA87733}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{1EDC68F0-7594-4FC1-95B5-6D9EBCC3BC99}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{1D6B3DED-ED57-420F-B431-CA07894E189F}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{917B0640-4632-4D14-B9A1-6DDF763DA63B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{128083F9-8A38-4B3A-93D9-234A4A1A94D2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1FDB25BE-9F02-419E-BB62-44F257596BF7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{FC1CB830-BEA5-4979-8B13-AECBB63D9786}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{9814F4CA-F130-4122-B906-9B56AB97647E}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{891E7274-55EB-4224-BC7D-FC80A68B1DC9}d:\\valve\\steam\\steamapps\\eltik\\team fortress 2\\hl2.exe"= UDP:d:\valve\steam\steamapps\eltik\team fortress 2\hl2.exe:hl2
"UDP Query User{48C9F76D-69E2-4792-99C3-937BC9CB6E98}d:\\valve\\steam\\steamapps\\eltik\\team fortress 2\\hl2.exe"= TCP:d:\valve\steam\steamapps\eltik\team fortress 2\hl2.exe:hl2
"TCP Query User{82647698-7949-42CC-9181-8145AAB93B2E}c:\\users\\eltik\\appdata\\local\\temp\\rar$ex00.147\\volley.exe"= UDP:c:\users\eltik\appdata\local\temp\rar$ex00.147\volley.exe:volley.exe
"UDP Query User{5A1805DC-53AB-4D4D-8D3D-6147BB441683}c:\\users\\eltik\\appdata\\local\\temp\\rar$ex00.147\\volley.exe"= TCP:c:\users\eltik\appdata\local\temp\rar$ex00.147\volley.exe:volley.exe
"{DA88018F-971B-4AD0-A19E-FB8F10D35709}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{C69DF4DD-D37D-494C-A2C9-8F3391D7C4E7}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{24CF0A63-EBF8-4CFD-AEDE-13A022380B70}"= UDP:d:\autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{26D39BEB-DD6C-416F-A238-06A4751E4B2F}"= TCP:d:\autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{DC0FD998-7D5C-4ECE-B757-366CD9BB95FE}"= UDP:d:\autodesk\Backburner\manager.exe:backburner 2.3 manager
"{4E106723-5479-47DC-B671-3F8430C015DB}"= TCP:d:\autodesk\Backburner\manager.exe:backburner 2.3 manager
"{B142EDB3-4711-4B8F-82C8-2449CDEB4D7A}"= UDP:d:\autodesk\Backburner\server.exe:backburner 2.3 server
"{626CF41D-8BF1-4063-A790-FE0A95F2756D}"= TCP:d:\autodesk\Backburner\server.exe:backburner 2.3 server
"{F9BE9874-B4C3-46CB-B9B3-63557F1BD31E}"= UDP:d:\electronic arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{411188A5-19ED-4957-B0CB-B7AB66326E22}"= TCP:d:\electronic arts\Battlefield 2142\BF2142.exe:Battlefield 2
"TCP Query User{8C56AC05-7D3E-4AB6-826E-E274485375D8}d:\\limewire\\limewire.exe"= UDP:d:\limewire\limewire.exe:LimeWire
"UDP Query User{A8BD715C-8BA5-47F4-915A-FEABB8DDED16}d:\\limewire\\limewire.exe"= TCP:d:\limewire\limewire.exe:LimeWire
"TCP Query User{0066FB3C-97A7-4E61-9E7D-B3E5B8D8A388}d:\\wolfenstein - enemy territory\\et.exe"= UDP:d:\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{9CB6BFFA-0163-4131-A6C2-FF739167678A}d:\\wolfenstein - enemy territory\\et.exe"= TCP:d:\wolfenstein - enemy territory\et.exe:ET
"{31043263-0620-4106-8D3E-C6629B7C14ED}"= d:\electronic arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
"{8A56D107-86BE-433F-A3BF-26203F0973F9}"= d:\electronic arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
"TCP Query User{8DE1D62E-B1B4-4050-BB14-D1F3D59FF5F1}d:\\ut2004\\system\\ut2004.exe"= UDP:d:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{EC062E63-1AD7-4FA1-8C20-3086AFAF3BF4}d:\\ut2004\\system\\ut2004.exe"= TCP:d:\ut2004\system\ut2004.exe:UT2004
"{C6B240B6-B3D8-4398-A81D-F8B6FCE895F5}"= d:\electronic arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3 : La Fureur de Kane
"TCP Query User{C3A99262-A572-4EE8-8CAE-36213A7AB67C}d:\\program files\\xfire\\xfire.exe"= UDP:d:\program files\xfire\xfire.exe:Xfire
"UDP Query User{889F03ED-F5F6-4DAB-91E9-D619C39FFA32}d:\\program files\\xfire\\xfire.exe"= TCP:d:\program files\xfire\xfire.exe:Xfire
"TCP Query User{328F4174-07B3-47F4-81B5-62ECF31CAA87}d:\\valve\\steam\\steamapps\\eltik\\garrysmod\\hl2.exe"= UDP:d:\valve\steam\steamapps\eltik\garrysmod\hl2.exe:hl2
"UDP Query User{AD71AC15-52DD-443F-B889-2477ACDB19FB}d:\\valve\\steam\\steamapps\\eltik\\garrysmod\\hl2.exe"= TCP:d:\valve\steam\steamapps\eltik\garrysmod\hl2.exe:hl2
"TCP Query User{F424173F-6ABD-4E66-9740-74CC77B44F5F}c:\\users\\eltik\\program files\\dna\\btdna.exe"= UDP:c:\users\eltik\program files\dna\btdna.exe:btdna.exe
"UDP Query User{FA03ED9F-EAA8-41DD-853F-3A1C03EF7A4F}c:\\users\\eltik\\program files\\dna\\btdna.exe"= TCP:c:\users\eltik\program files\dna\btdna.exe:btdna.exe
"{054FA35B-D73F-41B4-A6D2-3000438E3B7E}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)
"{D4100674-B1CC-4946-BE48-FA9C98903A07}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{BAF73FB6-2BA2-4F15-9B53-3BCD8B71386B}d:\\nexuiz\\nexuiz.exe"= UDP:d:\nexuiz\nexuiz.exe:Nexuiz
"UDP Query User{7CAD80C2-C487-4E10-8F7B-35D37258DFEC}d:\\nexuiz\\nexuiz.exe"= TCP:d:\nexuiz\nexuiz.exe:Nexuiz
"{417B45F9-EB03-412A-8391-CE6D1BA770E9}"= UDP:d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:Kaspersky Anti-Virus 2009
"{54FF94EC-CF84-4C66-B5E9-93B24AACA7B9}"= TCP:d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:Kaspersky Anti-Virus 2009
"TCP Query User{E33E88C0-E010-402E-A8F0-441AB33F2B2D}d:\\unreal gold\\system\\unreal.exe"= UDP:d:\unreal gold\system\unreal.exe:Unreal
"UDP Query User{78F54BCE-0832-4457-ABEF-3598E72B15B4}d:\\unreal gold\\system\\unreal.exe"= TCP:d:\unreal gold\system\unreal.exe:Unreal
"{60D37DDB-670D-4967-ADF5-AAA554F46004}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{231750EB-4067-4D8B-9C53-332ADD1B676C}d:\\secondlife\\slvoice.exe"= UDP:d:\secondlife\slvoice.exe:SLVoice
"UDP Query User{3B1FBBC5-6FA6-4CDF-A2FE-109402C840FC}d:\\secondlife\\slvoice.exe"= TCP:d:\secondlife\slvoice.exe:SLVoice
"{C53E70DD-F6EA-4F36-AE0F-67211547A53F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 ntdisk;ntdisk;c:\windows\system32\drivers\ntdisk.sys [2007-09-17 24856]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R2 DQLWinService;DQLWinService;"c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 208896]
R2 NMSCore;Intel(R) NMSCore;"c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
R2 OKAV Agent Service;OKAV Agent Service;c:\program files\Trend Micro\OKAVAgent\OKAVAgent.exe [2007-06-28 66824]
R2 QualityManager;Intel(R) Quality Manager;"c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 272600]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2008-02-12 347648]
R3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-09-17 5632]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S0 safnt;safnt;c:\windows\system32\drivers\safnt.sys [2007-09-17 16912]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
S3 LitModeCtrl;LitModeCtrl;"c:\program files\Lenovo\PowerDial\LitModeCtrl.exe" [2007-09-17 92048]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e958ba4-8c76-11dd-a49b-001b111523ed}]
\shell\AutoRun\command - K:\start.exe
\shell\iledefrance\command - K:\start.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-09 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
.
------- Examen supplémentaire -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FireFox -: Profile - c:\users\eltik\AppData\Roaming\Mozilla\Firefox\Profiles\me18f9eb.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\users\eltik\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - d:\reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 22:27:19
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-09 22:28:42
ComboFix-quarantined-files.txt 2008-12-09 21:28:40
ComboFix2.txt 2008-12-07 10:14:36

Avant-CF: 2 327 400 448 octets libres
Après-CF: 2,316,193,792 octets libres

378 --- E O F --- 2008-12-08 17:20:13

Répondre à Eltik
Sham_Rock   09-12-2008 à 22:35:31
- 0 +

re



Rends toi sur ce lien : Virus Total

  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :


C:\error_fix.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : http://perso.orange.fr/-Gof/screen/txtvt.jpg
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.

Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


même chose avec C:\directx.exe


Message édité par Sham_Rock le 09-12-2008 à 22:38:26
Répondre à Sham_Rock
Eltik   09-12-2008 à 22:46:52
- 0 +

Pour le premier fichier:


Fichier error_fix.exe reçu le 2008.12.09 22:39:03 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.10.0 2008.12.09 -
AntiVir 7.9.0.43 2008.12.09 -
Authentium 5.1.0.4 2008.12.09 -
Avast 4.8.1281.0 2008.12.09 -
AVG 8.0.0.199 2008.12.09 -
BitDefender 7.2 2008.12.09 -
CAT-QuickHeal 10.00 2008.12.09 -
ClamAV 0.94.1 2008.12.09 -
Comodo 713 2008.12.09 -
DrWeb 4.44.0.09170 2008.12.09 -
eSafe 7.0.17.0 2008.12.09 -
eTrust-Vet 31.6.6252 2008.12.09 -
Ewido 4.0 2008.12.09 -
F-Prot 4.4.4.56 2008.12.09 -
F-Secure 8.0.14332.0 2008.12.09 -
Fortinet 3.117.0.0 2008.12.09 -
GData 19 2008.12.09 -
Ikarus T3.1.1.45.0 2008.12.08 -
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.09 -
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 -
Microsoft 1.4205 2008.12.09 -
NOD32 3679 2008.12.09 -
Norman 5.80.02 2008.12.09 -
Panda 9.0.0.4 2008.12.09 -
PCTools 4.4.2.0 2008.12.09 -
Prevx1 V2 2008.12.09 -
Rising 21.07.12.00 2008.12.09 -
SecureWeb-Gateway 6.7.6 2008.12.09 -
Sophos 4.36.0 2008.12.09 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.09 -
TheHacker 6.3.1.2.180 2008.12.09 -
TrendMicro 8.700.0.1004 2008.12.09 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.9.1509 2008.12.09 -
VirusBuster 4.5.11.0 2008.12.09 -
Information additionnelle
File size: 7306 bytes
MD5...: 0f3bfbdff0f6e40af499daf4e82b5bcd
SHA1..: 98255d0975df9fb4b6c4fb5d9b3e32f20cdd4178
SHA256: 60492460c49bbff362956d56856473ca5da65a76ba6093904019b31de4dc8469
SHA512: 68867cfbac2e95b4a70cbcfca108dc170d8e0015a00a47b31d7c82085499342b<br>b9d6bfebce7684b505e660e567100fe1f2f70bd9047420fca6216b5f8e22dcfc<br>
ssdeep: 96:ysZIYx7izDfVhVKFghXNbCtmgo+AJL1KKALrLclYWtIdg:hZIO7WVWghjJxAc<br>YWIdg<br>
PEiD..: -
TrID..: File type identification<br>HyperText Markup Language (100.0%)
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.10.0 2008.12.09 -
AntiVir 7.9.0.43 2008.12.09 -
Authentium 5.1.0.4 2008.12.09 -
Avast 4.8.1281.0 2008.12.09 -
AVG 8.0.0.199 2008.12.09 -
BitDefender 7.2 2008.12.09 -
CAT-QuickHeal 10.00 2008.12.09 -
ClamAV 0.94.1 2008.12.09 -
Comodo 713 2008.12.09 -
DrWeb 4.44.0.09170 2008.12.09 -
eSafe 7.0.17.0 2008.12.09 -
eTrust-Vet 31.6.6252 2008.12.09 -
Ewido 4.0 2008.12.09 -
F-Prot 4.4.4.56 2008.12.09 -
F-Secure 8.0.14332.0 2008.12.09 -
Fortinet 3.117.0.0 2008.12.09 -
GData 19 2008.12.09 -
Ikarus T3.1.1.45.0 2008.12.08 -
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.09 -
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 -
Microsoft 1.4205 2008.12.09 -
NOD32 3679 2008.12.09 -
Norman 5.80.02 2008.12.09 -
Panda 9.0.0.4 2008.12.09 -
PCTools 4.4.2.0 2008.12.09 -
Prevx1 V2 2008.12.09 -
Rising 21.07.12.00 2008.12.09 -
SecureWeb-Gateway 6.7.6 2008.12.09 -
Sophos 4.36.0 2008.12.09 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.09 -
TheHacker 6.3.1.2.180 2008.12.09 -
TrendMicro 8.700.0.1004 2008.12.09 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.9.1509 2008.12.09 -
VirusBuster 4.5.11.0 2008.12.09 -

Information additionnelle
File size: 7306 bytes
MD5...: 0f3bfbdff0f6e40af499daf4e82b5bcd
SHA1..: 98255d0975df9fb4b6c4fb5d9b3e32f20cdd4178
SHA256: 60492460c49bbff362956d56856473ca5da65a76ba6093904019b31de4dc8469
SHA512: 68867cfbac2e95b4a70cbcfca108dc170d8e0015a00a47b31d7c82085499342b<br>b9d6bfebce7684b505e660e567100fe1f2f70bd9047420fca6216b5f8e22dcfc<br>
ssdeep: 96:ysZIYx7izDfVhVKFghXNbCtmgo+AJL1KKALrLclYWtIdg:hZIO7WVWghjJxAc<br>YWIdg<br>
PEiD..: -
TrID..: File type identification<br>HyperText Markup Language (100.0%)
PEInfo: -

------------------------------------------------------------------------------------------------


Pour le second:


Fichier directx.exe reçu le 2008.12.09 22:41:59 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.10.0 2008.12.09 -
AntiVir 7.9.0.43 2008.12.09 -
Authentium 5.1.0.4 2008.12.09 -
Avast 4.8.1281.0 2008.12.09 -
AVG 8.0.0.199 2008.12.09 -
BitDefender 7.2 2008.12.09 -
CAT-QuickHeal 10.00 2008.12.09 -
ClamAV 0.94.1 2008.12.09 -
Comodo 713 2008.12.09 -
DrWeb 4.44.0.09170 2008.12.09 -
eSafe 7.0.17.0 2008.12.09 -
eTrust-Vet 31.6.6252 2008.12.09 -
Ewido 4.0 2008.12.09 -
F-Prot 4.4.4.56 2008.12.09 -
Fortinet 3.117.0.0 2008.12.09 -
GData 19 2008.12.09 -
Ikarus T3.1.1.45.0 2008.12.08 -
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.09 -
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 -
Microsoft 1.4205 2008.12.09 -
NOD32 3679 2008.12.09 -
Norman 5.80.02 2008.12.09 -
Panda 9.0.0.4 2008.12.09 -
Rising 21.07.12.00 2008.12.09 -
SecureWeb-Gateway 6.7.6 2008.12.09 -
Sophos 4.36.0 2008.12.09 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.09 -
TheHacker 6.3.1.2.180 2008.12.09 -
TrendMicro 8.700.0.1004 2008.12.09 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.9.1509 2008.12.09 -
VirusBuster 4.5.11.0 2008.12.09 -
Information additionnelle
File size: 15618 bytes
MD5...: c76157e34a890929a8b28d0a1507df85
SHA1..: e03c6a90a2b5d30bbd3d5d499a3cd8dd9d4bfaaf
SHA256: 222c0cc8c328bf8019c09c9edca4642448ef7b6a0c87e3cec54955a8149d57d0
SHA512: ee01f6dae8d6682a09cb615731dbfcb1fbf2edb47cbc2b5a128a6ef64ea8af70<br>91337e42ba398da3bd1a3a787d42631e10016b4de9ebf7c32749a770fd2864f5<br>
ssdeep: 384:87NFNmf1JxCpDewOmllOI5W88yrgfHiexiBxfw8DcjKP:Yn0rCpetml38BPN<br>x+fw8Yc<br>
PEiD..: -
TrID..: File type identification<br>JFIF JPEG Bitmap (50.0%)<br>JPEG Bitmap (37.4%)<br>MP3 audio (12.4%)
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.10.0 2008.12.09 -
AntiVir 7.9.0.43 2008.12.09 -
Authentium 5.1.0.4 2008.12.09 -
Avast 4.8.1281.0 2008.12.09 -
AVG 8.0.0.199 2008.12.09 -
BitDefender 7.2 2008.12.09 -
CAT-QuickHeal 10.00 2008.12.09 -
ClamAV 0.94.1 2008.12.09 -
Comodo 713 2008.12.09 -
DrWeb 4.44.0.09170 2008.12.09 -
eSafe 7.0.17.0 2008.12.09 -
eTrust-Vet 31.6.6252 2008.12.09 -
Ewido 4.0 2008.12.09 -
F-Prot 4.4.4.56 2008.12.09 -
Fortinet 3.117.0.0 2008.12.09 -
GData 19 2008.12.09 -
Ikarus T3.1.1.45.0 2008.12.08 -
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.09 -
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 -
Microsoft 1.4205 2008.12.09 -
NOD32 3679 2008.12.09 -
Norman 5.80.02 2008.12.09 -
Panda 9.0.0.4 2008.12.09 -
Rising 21.07.12.00 2008.12.09 -
SecureWeb-Gateway 6.7.6 2008.12.09 -
Sophos 4.36.0 2008.12.09 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.09 -
TheHacker 6.3.1.2.180 2008.12.09 -
TrendMicro 8.700.0.1004 2008.12.09 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.9.1509 2008.12.09 -
VirusBuster 4.5.11.0 2008.12.09 -

Information additionnelle
File size: 15618 bytes
MD5...: c76157e34a890929a8b28d0a1507df85
SHA1..: e03c6a90a2b5d30bbd3d5d499a3cd8dd9d4bfaaf
SHA256: 222c0cc8c328bf8019c09c9edca4642448ef7b6a0c87e3cec54955a8149d57d0
SHA512: ee01f6dae8d6682a09cb615731dbfcb1fbf2edb47cbc2b5a128a6ef64ea8af70<br>91337e42ba398da3bd1a3a787d42631e10016b4de9ebf7c32749a770fd2864f5<br>
ssdeep: 384:87NFNmf1JxCpDewOmllOI5W88yrgfHiexiBxfw8DcjKP:Yn0rCpetml38BPN<br>x+fw8Yc<br>
PEiD..: -
TrID..: File type identification<br>JFIF JPEG Bitmap (50.0%)<br>JPEG Bitmap (37.4%)<br>MP3 audio (12.4%)
PEInfo: -

Répondre à Eltik
Sham_Rock   09-12-2008 à 22:52:14
- 0 +

ok
fais un scan avec ton antivirus (kaspersky) que tu auras mis à jour avant
poste le rapport stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
Eltik   11-12-2008 à 21:49:57
- 0 +

Bonsoir

Je te ferai ça bientôt, en ce moment je n'en ai pas trop le temps voilà juste pour te prévenir ^^
A plus !

Répondre à Eltik
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Impossible de lancer un Antivirus
Aller à :

Il y a 1659 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,759 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens