[VISTA] Explorer plante à répétition [Résolu]

Hum... salut :)
Je te conseil d'utiliser Mozilla Firefox :P

Bonjour,

personne ne peut m'aider ?
J'aimerai éviter de formater pour ça...

merci !

Bonjour,

Rends toi sur ce site :

http://www.virustotal.com/

Clique sur parcourir et cherche ce fichier : C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant


_________________
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Fichier 14515.exe reçu le 2008.06.14 09:36:50 (CET)

Résultat: 22/32 (68.75%)


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.13.1 2008.06.13 -
AntiVir 7.8.0.55 2008.06.13 TR/Dldr.Agent.shg
Authentium 5.1.0.4 2008.06.14 W32/Downloader.F.gen!Eldorado
Avast 4.8.1195.0 2008.06.14 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.13 Downloader.Generic7.RVO
BitDefender 7.2 2008.06.14 BehavesLike:Trojan.Downloader
CAT-QuickHeal 9.50 2008.06.13 TrojanDownloader.Agent.shg
ClamAV 0.92.1 2008.06.14 -
DrWeb 4.44.0.09170 2008.06.13 -
eSafe 7.0.15.0 2008.06.12 suspicious Trojan/Worm
eTrust-Vet 31.6.5873 2008.06.14 -
Ewido 4.0 2008.06.13 -
F-Prot 4.4.4.56 2008.06.12 W32/Downloader.F.gen!Eldorado
F-Secure 6.70.13260.0 2008.06.13 Trojan-Downloader.Win32.Agent.shg
Fortinet 3.14.0.0 2008.06.14 W32/Agent.SHG!tr.dldr
GData 2.0.7306.1023 2008.06.14 Trojan-Downloader.Win32.Agent.shg
Ikarus T3.1.1.26.0 2008.06.14 Trojan-Downloader.Win32.Agent.shg
Kaspersky 7.0.0.125 2008.06.14 Trojan-Downloader.Win32.Agent.shg
McAfee 5317 2008.06.13 Generic Packed
Microsoft 1.3604 2008.06.14 TrojanDownloader:Win32/Cratorr.gen!A
NOD32v2 3186 2008.06.13 -
Norman 5.80.02 2008.06.13 W32/Downloader.NKM
Panda 9.0.0.4 2008.06.13 Trj/Downloader.MDW
Prevx1 V2 2008.06.14 Adware
Rising 20.48.50.00 2008.06.14 -
Sophos 4.30.0 2008.06.14 Mal/Generic-A
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.14 Downloader
TheHacker 6.2.92.349 2008.06.13 Trojan/Downloader.Agent.shg
VBA32 3.12.6.7 2008.06.14 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.13 Trojan.Dldr.Agent.shg
Information additionnelle
File size: 119296 bytes
MD5...: 39d637238556565cb906f57331b69cec
SHA1..: b3d0c9bd916cd8d46113060f616a96fa55247e8a
SHA256: 90b06c934700cc9b64c2c5ed535b473c88c1127a1bdf7f9bba195ae96a46104b
SHA512: 0a1e456c5e203745a376aac19f7fd22486ec33df06acb5460fdfb33aa6176eaf
d363587cb79eba8453c9abd36fa9c35d78b6eec4a919a2a6743fcd6268f8603e
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43d6a0
timedatestamp.....: 0x484af946 (Sat Jun 07 21:10:30 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x20000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x21000 0x1d000 0x1ca00 7.92 4f59a0cb2711fdff7e2a2b3d50c77e7a
.rsrc 0x3e000 0x1000 0x400 2.57 3e8c06c49d74eecb36ea95cfd3df49df

( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> gdiplus.dll: GdipFree
> ole32.dll: CreateStreamOnHGlobal
> RPCRT4.dll: UuidToStringA
> USER32.dll: EndPaint
> WININET.dll: InternetOpenA

( 0 exports )
Prevx info: http://info.prevx.com/...
packers (Kaspersky): PE_Patch.UPX, UPX
packers (Avast): UPX


Je passe à Combofix

A tout de suite.

Merci beaucoup !

Re,

fermer ton topic sur Zebulon, pas la peine que l'on travaille à 2 sur ton problème.

merci.

ComboFix 08-06-12.2 - Louis-Nicolas 2008-06-14 9:47:28.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1676 [GMT 2:00]
Endroit: C:\Users\Louis-Nicolas.HP\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\s
C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\aupmjaaf.dll
C:\Windows\system32\ddcDstSK.dll
C:\Windows\system32\ddcDuVnn.dll
C:\Windows\system32\faajmpua.ini
C:\Windows\system32\kyagpbnp.dll
C:\Windows\system32\lpbgvokp.dll
C:\Windows\system32\nxtpcqgr.ini
C:\Windows\system32\nxugskeg.dll
C:\Windows\system32\racfbvbs.dll
C:\Windows\system32\rnmjvalt.ini
C:\Windows\system32\tlavjmnr.dll
C:\Windows\system32\uenjgifv.ini
C:\Windows\System32\uFNUwyxx.ini
C:\WINDOWS\System32\uFNUwyxx.ini2
C:\Windows\system32\urqPfGWN.dll
C:\Windows\system32\vohfceua.dll
C:\Windows\system32\x64
D:\Autorun.inf

----- BITS: Possible sites infect‚s -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))
.

2008-06-14 00:07 . 2008-06-14 00:07 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Infineon
2008-06-14 00:07 . 2008-06-14 00:07 <REP> d-------- C:\Users\All Users\Infineon
2008-06-14 00:07 . 2008-06-14 00:07 <REP> d-------- C:\ProgramData\Infineon
2008-06-14 00:00 . 2008-06-14 00:00 <REP> d-------- C:\Users\LOUIS-~1~HP\AppData
2008-06-14 00:00 . 2008-06-14 00:00 <REP> d-------- C:\Users\LOUIS-~1~HP
2008-06-13 23:59 . 2005-11-08 10:21 45,056 --a------ C:\WINDOWS\FPDRV_Ver.dll
2008-06-13 23:46 . 2008-06-13 23:46 <REP> d-------- C:\Program Files\OpenAL
2008-06-13 23:46 . 2008-06-13 23:46 413,696 --a------ C:\WINDOWS\System32\wrap_oal.dll
2008-06-13 23:46 . 2008-06-13 23:46 110,592 --a------ C:\WINDOWS\System32\OpenAL32.dll
2008-06-13 20:29 . 2008-06-13 20:29 95 --a------ C:\WINDOWS\wininit.ini
2008-06-13 20:09 . 2008-06-13 20:33 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-13 20:09 . 2008-06-13 20:33 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-13 20:09 . 2008-06-13 20:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 20:31 . 2008-06-14 08:48 <REP> d-------- C:\Program Files\uTorrent
2008-06-12 19:57 . 2008-06-12 19:57 <REP> d-------- C:\Program Files\CCleaner
2008-06-12 18:29 . 2008-06-13 23:00 <REP> d-------- C:\Users\Louis-Nicolas.HP\dwhelper
2008-06-12 07:34 . 2008-06-14 09:19 <REP> dr------- C:\Users\Louis-Nicolas.HP\T‚l‚chargements
2008-06-11 23:24 . 2008-06-11 23:24 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-11 21:55 . 2008-06-11 22:22 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\LimeWire
2008-06-09 19:01 . 2008-06-09 19:01 0 --a------ C:\WINDOWS\QuickInstall.INI
2008-06-09 18:58 . 2008-06-09 18:58 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Leadertech
2008-06-09 18:56 . 2008-06-09 18:56 <REP> d-------- C:\Users\All Users\HotSync
2008-06-09 18:56 . 2008-06-09 18:56 <REP> d-------- C:\ProgramData\HotSync
2008-06-09 18:56 . 2008-06-09 18:53 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2008-06-09 18:55 . 2008-06-12 10:25 <REP> d-------- C:\Program Files\palmOne
2008-06-09 18:54 . 2008-06-09 18:54 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\HotSync
2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Videos
2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Searches
2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Saved Games
2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Pictures
2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Links
2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Downloads
2008-06-09 18:53 . 2008-06-09 18:53 <REP> dr------- C:\WINDOWS\System32\config\systemprofile\Documents
2008-06-08 22:40 . 2008-06-14 09:18 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\uTorrent
2008-06-08 18:36 . 2008-06-08 18:36 <REP> d-------- C:\WINDOWS\System32\avsplugin
2008-06-08 18:36 . 2008-06-08 18:36 <REP> d-------- C:\Program Files\Smallvideosoft
2008-06-08 18:36 . 2007-03-12 17:49 7,277,568 --a------ C:\WINDOWS\System32\iPodmedia.dll
2008-06-08 18:36 . 2004-05-26 20:37 719,872 --a------ C:\WINDOWS\System32\devil.dll
2008-06-08 18:36 . 2006-10-17 22:29 487,479 --a------ C:\WINDOWS\System32\SkinMagic.dll
2008-06-08 18:36 . 2006-12-31 10:16 313,344 --a------ C:\WINDOWS\System32\avisynth.dll
2008-06-08 18:36 . 2007-02-16 07:10 60,273 --a------ C:\WINDOWS\System32\pthreadGC2.dll
2008-06-08 01:49 . 2008-06-08 01:34 29,480 --a------ C:\WINDOWS\System32\msxml3a.dll
2008-06-08 01:31 . 2008-06-08 01:31 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\InterVideo
2008-06-07 23:00 . 2008-06-08 01:52 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\CyberLink
2008-06-07 22:59 . 2008-06-08 01:53 <REP> d-------- C:\Users\All Users\CyberLink
2008-06-07 22:59 . 2008-06-08 01:53 <REP> d-------- C:\ProgramData\CyberLink
2008-06-07 22:59 . 2008-06-08 01:57 <REP> d-------- C:\Program Files\CyberLink
2008-06-06 19:18 . 2008-06-06 19:21 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Mobile Master
2008-06-04 18:36 . 2008-06-04 18:36 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Apple Computer
2008-06-04 18:36 . 2008-06-04 18:36 <REP> d-------- C:\Program Files\iTunes
2008-06-04 18:36 . 2008-06-12 19:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 18:36 . 2008-06-12 18:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 18:34 . 2008-06-04 18:36 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-04 18:34 . 2008-06-04 18:36 <REP> d-------- C:\ProgramData\Apple Computer
2008-06-04 18:34 . 2008-06-04 18:35 <REP> d-------- C:\Program Files\QuickTime
2008-06-04 18:32 . 2008-06-04 18:32 <REP> d-------- C:\Users\All Users\Apple
2008-06-04 18:32 . 2008-06-04 18:32 <REP> d-------- C:\ProgramData\Apple
2008-06-04 18:32 . 2008-06-04 18:32 <REP> d-------- C:\Program Files\Common Files\Apple
2008-05-30 17:54 . 2008-06-13 23:53 <REP> d-------- C:\Program Files\Warzone 2100
2008-05-28 22:20 . 2008-03-08 04:08 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-05-28 22:20 . 2008-03-08 06:21 1,695,744 --a------ C:\WINDOWS\System32\gameux.dll
2008-05-27 20:34 . 2008-05-27 20:34 <REP> d-------- C:\Users\Louis-Nicolas.HP\Bluetooth Software
2008-05-27 19:36 . 2008-05-27 19:36 <REP> d-------- C:\Users\All Users\ESET
2008-05-27 19:36 . 2008-05-27 19:36 <REP> d-------- C:\ProgramData\ESET
2008-05-27 19:36 . 2008-05-27 19:36 <REP> d-------- C:\Program Files\ESET
2008-05-27 19:33 . 2008-05-27 19:33 <REP> d-------- C:\WINDOWS\System32\es-MX
2008-05-27 19:33 . 2008-05-27 19:33 <REP> d-------- C:\WINDOWS\System32\es-AR
2008-05-27 19:33 . 2008-05-27 19:33 <REP> d-------- C:\Program Files\WIDCOMM
2008-05-27 19:33 . 2007-12-12 13:12 233,472 --a------ C:\WINDOWS\System32\BtwRSupport.dll
2008-05-27 19:33 . 2007-12-12 13:12 80,936 --a------ C:\WINDOWS\System32\drivers\btwavdt.sys
2008-05-27 19:33 . 2007-12-12 13:12 80,424 --a------ C:\WINDOWS\System32\drivers\btwaudio.sys
2008-05-27 19:33 . 2007-12-12 13:12 16,168 --a------ C:\WINDOWS\System32\drivers\btwrchid.sys
2008-05-27 15:06 . 2008-05-27 15:06 13,478 --a------ C:\photo.jpg
2008-05-27 15:03 . 2008-06-08 22:34 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\FileZilla
2008-05-27 15:03 . 2008-05-27 15:03 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-26 21:14 . 2008-03-31 11:59 2,529,280 --a------ C:\WINDOWS\System32\Mechanical Clock 3D Screensaver.exe
2008-05-26 21:14 . 2008-03-28 18:39 848,896 --a------ C:\WINDOWS\System32\Mechanical_Clock_3D_Screensaver.scr
2008-05-26 19:43 . 2008-05-26 20:08 <REP> d-------- C:\Program Files\Project64 1.6
2008-05-24 12:10 . 2008-05-24 12:10 <REP> d-------- C:\WINDOWS\System32\3Planesoft
2008-05-24 12:10 . 2008-05-24 12:10 <REP> d-------- C:\Program Files\The Lost Watch 3D Screensaver
2008-05-24 12:10 . 2008-05-26 21:14 <REP> d-------- C:\Program Files\3Planesoft Screensaver Manager
2008-05-24 12:08 . 2008-06-12 20:00 <REP> d-------- C:\Program Files\Snowball
2008-05-20 19:09 . 2008-05-20 19:09 56 --ah----- C:\WINDOWS\System32\ezsidmv.dat
2008-05-19 19:02 . 2008-05-19 19:02 <REP> d-------- C:\Users\All Users\BVRP Software
2008-05-19 19:02 . 2008-05-19 22:10 <REP> d-------- C:\Users\All Users\Avanquest Bluetooth SDK
2008-05-19 19:02 . 2008-05-19 19:02 <REP> d-------- C:\ProgramData\BVRP Software
2008-05-19 19:02 . 2008-05-19 22:10 <REP> d-------- C:\ProgramData\Avanquest Bluetooth SDK
2008-05-19 18:48 . 2008-05-19 18:48 <REP> d-------- C:\Users\All Users\Sony Ericsson
2008-05-19 18:48 . 2008-05-19 18:48 <REP> d-------- C:\ProgramData\Sony Ericsson
2008-05-19 18:48 . 2008-05-19 18:48 <REP> d-------- C:\Program Files\Sony Ericsson
2008-05-18 11:47 . 2004-10-20 17:23 21,344 --a------ C:\WINDOWS\System32\drivers\fbxusb32.sys
2008-05-17 10:42 . 2008-05-17 10:42 <REP> d-------- C:\WINDOWS\Sun
2008-05-15 22:52 . 2008-05-15 22:52 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Thunderbird
2008-05-15 22:52 . 2008-05-15 22:52 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Talkback
2008-05-15 22:52 . 2008-05-15 22:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-15 22:51 . 2008-05-15 22:51 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-05-15 18:34 . 2008-05-15 18:34 <REP> d-------- C:\Program Files\Media Player Classic
2008-05-15 18:32 . 2008-05-15 18:32 <REP> d-------- C:\Users\Louis-Nicolas.HP\AppData\Roaming\Media Player Classic
2008-05-14 20:33 . 2008-05-14 20:33 <REP> d-------- C:\Program Files\PDFCreator
2008-05-14 20:33 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\System32\pdfcmnnt.dll
2008-05-14 20:33 . 1998-07-13 01:08 141,312 --a------ C:\WINDOWS\System32\MSCMCFR.DLL
2008-05-14 20:33 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\System32\MSMAPI32.OCX
2008-05-14 20:33 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\System32\MSMPIDE.DLL
2008-05-14 18:46 . 2008-05-14 18:46 <REP> d-------- C:\WINDOWS\System32\Adobe
2008-05-14 18:30 . 2008-05-14 18:30 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2008-05-14 18:30 . 2008-05-14 18:30 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2008-05-14 09:43 . 2008-05-14 09:43 <REP> d-------- C:\Users\Louis-Nicolas.HP\All Users
2008-05-14 09:40 . 2008-05-14 09:40 <REP> d-------- C:\Users\All Users\Adobe Systems
2008-05-14 09:40 . 2008-05-14 09:40 <REP> d-------- C:\ProgramData\Adobe Systems
2008-05-14 09:33 . 2008-05-14 09:33 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 22:06 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-13 12:42 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\TeraCopy
2008-06-12 17:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 07:01 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 19:49 --------- d-----w C:\Program Files\adslTV
2008-06-09 16:54 16,694 ----a-w C:\Windows\system32\drivers\PalmUSBD.sys
2008-06-07 20:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-07 19:16 --------- d-----w C:\ProgramData\Roxio
2008-06-05 19:21 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Skype
2008-06-05 19:09 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\skypePM
2008-06-04 11:26 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-20 16:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 20:08 --------- d-----w C:\Program Files\Analog Devices
2008-05-18 14:32 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Roxio
2008-05-17 19:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-14 07:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 20:25 --------- d-----w C:\ProgramData\Sonic
2008-05-13 17:59 --------- d-----w C:\ProgramData\Skype
2008-05-13 17:59 --------- d-----w C:\Program Files\Skype
2008-05-13 17:59 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-09 17:21 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Winamp
2008-05-09 17:02 --------- d-----w C:\Program Files\Winamp
2008-05-09 16:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-08 18:08 --------- d-----w C:\ProgramData\Messenger Plus!
2008-05-08 15:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-08 12:39 --------- d-----w C:\Program Files\MSBuild
2008-05-08 12:39 --------- d-----w C:\Program Files\Microsoft Works
2008-05-08 12:33 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-08 12:08 174 --sha-w C:\Program Files\desktop.ini
2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Journal
2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Defender
2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-08 11:53 --------- d-----w C:\Program Files\Windows Calendar
2008-05-08 11:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-08 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-08 10:28 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-08 10:28 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-05-08 09:06 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Todae
2008-05-08 07:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-07 22:20 --------- d-----w C:\Program Files\TeraCopy
2008-05-07 22:07 201,728 ----a-w C:\Windows\System32\PolarClock3.scr
2008-05-07 19:45 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-07 18:28 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\SampleView
2008-05-06 19:44 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-06 17:23 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-05-06 17:19 --------- d-----w C:\Program Files\Microsoft Small Business
2008-05-06 16:58 --------- d-----w C:\Program Files\Windows Live
2008-05-06 16:57 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-06 16:46 --------- d-----w C:\ProgramData\WLInstaller
2008-05-06 16:43 --------- d-----w C:\ProgramData\eMule
2008-05-06 16:41 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\eMule
2008-05-06 16:41 --------- d-----w C:\Program Files\eMule
2008-05-05 19:53 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\vlc
2008-05-05 19:07 --------- d-----w C:\ProgramData\Symantec
2008-05-05 19:06 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-05 19:06 8,014 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-05 19:06 109,744 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-05 19:06 --------- d-----w C:\Program Files\Symantec
2008-05-05 19:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 19:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-05 18:31 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-05 18:31 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-05 18:31 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-05 18:31 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-05 18:31 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-05 18:31 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-05 18:31 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-05 18:31 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-05 18:31 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-05 18:31 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-05 18:30 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-05-05 18:30 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-05 18:27 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-05-05 18:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-05 17:53 --------- d-----w C:\Program Files\Google
2008-05-05 17:41 --------- d-----w C:\Program Files\Java
2008-05-05 17:35 --------- d-----w C:\ProgramData\LightScribe
2008-05-05 17:29 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\Hewlett-Packard
2008-05-05 17:25 --------- d-----w C:\ProgramData\InstallShield
2008-05-05 17:21 0 --sha-r C:\Windows\system32\drivers\103C_HP_bNB_6710b (GR679ET#ABF)_Y5336AN_0U_QCNU8061925_E434581-053_4A_I30C0_SHP_V71.2E_68DDU F.10_T080111_WV6-0_L40C_M3063_J120_7Intel_86FD_92.00_#070705_N14E41693;80864222_(GR679ET#ABF)_XMOBILE_CN10_Z_2F.10.MRK
2008-05-05 17:21 --------- d-----w C:\Users\Louis-Nicolas.HP\AppData\Roaming\InstallShield
2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-28 15:08 458,752 ----a-w C:\Windows\System32\3Planesoft_Screensaver_Manager.scr
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D39F49BB-7816-4024-BD6D-C4D37A49165B}]
C:\Windows\system32\xxywUNFu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 13:21 472632]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 16:17 163840]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 17:12 107112]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 06:34 134808]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 17:14 1183744]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2008-01-25 17:38 677144]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-04 14:13:34 727592]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-05-14 20:33:26 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1368809013-4150264858-3263198695-1006]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{CFD8B6E7-4F26-42F6-85FB-6F2BFC54609A}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F38ACC61-2BC0-4D13-A0B8-D93534C2051C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{9CBEF395-65E4-464D-933A-128846126CEF}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{2764153E-F0CC-46F4-B533-BD1CBC6318B4}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{4155C64B-910D-4D35-906C-04A1F9CF1672}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{6D24CD59-36D8-45FE-8999-9243EA233BC8}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{BACF10E0-2D07-4AB6-927A-178E6587482E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A92F063B-6B63-4EA8-B8CE-C851CD60A948}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{75C29964-E191-4D34-9F15-8CD6A8C5CC44}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{B88610D9-B671-41BA-8831-0CAF2ED4B7BF}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9B588E09-2376-4A93-9789-C51B060A0168}"= UDP:C:\Program Files\Mozilla Thunderbird\thunderbird.exe:Mozilla Thunderbird
"{F4D1C0D7-6D62-439A-B086-10994C7A39C3}"= TCP:C:\Program Files\Mozilla Thunderbird\thunderbird.exe:Mozilla Thunderbird
"TCP Query User{6F4917C3-54F3-4042-B314-5CAEC28EDC3B}C:\\windows\\sminst\\scheduler.exe"= UDP:C:\windows\sminst\scheduler.exe:Scheduler
"UDP Query User{39987474-50E1-4D76-83D8-70CABC34EB21}C:\\windows\\sminst\\scheduler.exe"= TCP:C:\windows\sminst\scheduler.exe:Scheduler
"{12684A7E-5429-48A9-9C48-30AEA3C2AECA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4327E10A-8F4E-47CA-877D-FD1C0C32ADC6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{467A74AD-8C77-429C-AF17-706958B97D3E}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5C7FF9C6-B89C-4241-AFCB-5B8E2A87A885}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2F6B0119-37C3-4216-ADD6-A5F51939ED9F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{16AF401B-2CBA-44B2-8897-E4E7D40D1FF9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6876BBDA-9A9A-433C-8363-BC0313646D5E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{08524DBD-C4B2-47BB-9343-6E7C81648473}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisabledInterfaces"= {CE6C2780-2E77-4C87-AEF1-BDC78D03CCCF}

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-07-24 08:21]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 10:44]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 03:00]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 16:52]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 13:12]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 13:12]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 13:12]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
S3 ovt530;Hercules Webcam Deluxe;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 09:54:25
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\IfxPsdSv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-14 10:01:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 08:00:51

Pre-Run: 24,498,106,368 octets libres
Post-Run: 24,081,633,280 octets libres

396 --- E O F --- 2008-06-11 16:07:00

Déolé pour l'autre poste sur Zebulon.

Ca m'a l'air tout bon cette fois.

Explorer ne plante plus. Je n'ai plus 150 processus en rab.
Très bon le ComboFix. Je garde, même si j'espère ne pas avoir à m'en reservir.

Un très grand merci. Je peux enfin taper mon rapport.

Cordialement.

Re,

je voudrais vérifier un fichier :

Rends toi sur ce site :

http://www.virustotal.com/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\System32\SkinMagic.dll

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant


Remets aussi un rapport Hijackthis.

Re,

on se croise.

Il ne faut pas garder Combofix.

C'est un outil en perpétuelle évolution.

Il faut toujours utiliser la dernière version (et je te déconseille de l'utiliser sans qu'il te soit demandé).

Tu as noté aussi que Combofix décèle un site comme à risques.

Ok pour Combofix
je l'ai supprimé.

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.13.1 2008.06.13 -
AntiVir 7.8.0.55 2008.06.13 -
Authentium 5.1.0.4 2008.06.14 -
Avast 4.8.1195.0 2008.06.14 -
AVG 7.5.0.516 2008.06.13 -
BitDefender 7.2 2008.06.14 -
CAT-QuickHeal 9.50 2008.06.13 -
ClamAV 0.92.1 2008.06.14 -
DrWeb 4.44.0.09170 2008.06.14 -
eSafe 7.0.15.0 2008.06.12 -
eTrust-Vet 31.6.5873 2008.06.14 -
Ewido 4.0 2008.06.13 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.13 -
Fortinet 3.14.0.0 2008.06.14 -
GData 2.0.7306.1023 2008.06.14 -
Ikarus T3.1.1.26.0 2008.06.14 -
Kaspersky 7.0.0.125 2008.06.14 -
McAfee 5317 2008.06.13 -
Microsoft 1.3604 2008.06.14 -
NOD32v2 3186 2008.06.13 -
Norman 5.80.02 2008.06.13 -
Panda 9.0.0.4 2008.06.13 -
Prevx1 V2 2008.06.14 -
Rising 20.48.50.00 2008.06.14 -
Sophos 4.30.0 2008.06.14 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.14 -
TheHacker 6.2.92.349 2008.06.13 -
VBA32 3.12.6.7 2008.06.14 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.14 -
Information additionnelle
File size: 487479 bytes
MD5...: 44deb2bc321316308333665f893216e9
SHA1..: db4b94e851b7c8df5b2ad19e5ed5c2dca475548b
SHA256: 972fe0dea67fd9f2557372d702cd42b1c0d67af14b9c894a5dcad90b9da5a729
SHA512: 3c8ffeb7b50b5e5176bf355f78b20671ce4f95d7b30e2c9244be432f25243a8d
72258ddf7a52c019ad0e822780c7edf6d17b9a617046439f9fecd826667c6230
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000174d
timedatestamp.....: 0x4534e8b1 (Tue Oct 17 14:29:05 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5eb1a 0x5f000 6.54 b25bdf6cf299ef32329c9a1a7b224a2e
.rdata 0x60000 0x9948 0xa000 5.22 ff4cec2377c1481caaa9255ff104fdf6
.data 0x6a000 0x183bd 0x6000 3.62 2a2d39cad14f400c9fd27b8a786128b2
.rsrc 0x83000 0x3e8 0x1000 1.05 3578603ca0f1ad4834d7cde59ebfa051
.reloc 0x84000 0x5d6c 0x6000 6.53 c3164851e9f539a9c76a16f7164b4598

( 7 imports )
> KERNEL32.dll: SetEnvironmentVariableA, CompareStringW, lstrcpynA, GetLocaleInfoW, lstrcmpiA, CompareStringA, lstrcmpA, GetTimeZoneInformation, LockResource, LoadResource, FindResourceA, SizeofResource, lstrcatA, GetTempFileNameA, GetTempPathA, FreeLibrary, GetProcessHeap, GlobalUnlock, lstrlenA, GlobalAlloc, GetTickCount, CreateEventA, TerminateThread, WaitForSingleObject, CloseHandle, SetEvent, EnumSystemLocalesA, GetUserDefaultLCID, MulDiv, GetSystemTime, GetSystemInfo, GetCurrentProcessId, VirtualQuery, WriteProcessMemory, VirtualProtect, FlushInstructionCache, GetWindowsDirectoryA, RaiseException, HeapSize, ReadFile, SetFilePointer, SetUnhandledExceptionFilter, FlushFileBuffers, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CreateFileA, CreateFileW, SetConsoleCtrlHandler, SetEndOfFile, InterlockedExchange, ExitProcess, GetVersion, GetCommandLineA, lstrcpyA, GetModuleHandleA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, Sleep, InterlockedIncrement, InterlockedDecrement, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, RtlUnwind, LoadLibraryA, IsBadWritePtr, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, GetCPInfo, UnhandledExceptionFilter, HeapAlloc, FatalAppExitA, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, HeapFree, WriteFile, GetProcAddress, HeapDestroy, VirtualFree, HeapCreate, GetEnvironmentStrings, GetEnvironmentVariableA, GetEnvironmentStringsW, FreeEnvironmentStringsA, WideCharToMultiByte, FreeEnvironmentStringsW, GetStartupInfoA, GetModuleFileNameA, DeleteCriticalSection, SetHandleCount, GetFileType, GetStdHandle, TlsGetValue, GetCurrentThread, GetLastError, TlsAlloc, SetLastError, TlsFree, GetCurrentProcess, TlsSetValue, GetCurrentThreadId, DeleteFileA, TerminateProcess, CreateThread, GlobalLock, GetVersionExA
> USER32.dll: LockWindowUpdate, DestroyMenu, EnableMenuItem, GetSystemMenu, DrawIconEx, GetClassLongA, wsprintfA, InflateRect, EnableScrollBar, GetScrollInfo, GetScrollPos, GetScrollRange, SetScrollInfo, SetScrollPos, SetScrollRange, ShowScrollBar, GetDC, GetIconInfo, GetCursor, SetWindowLongA, CharUpperBuffA, IsWindowEnabled, LoadStringA, CallWindowProcA, CallWindowProcW, IsWindowUnicode, SetWindowLongW, GetWindowLongW, DrawFrameControl, DestroyIcon, DrawStateA, EnumChildWindows, SetFocus, EnableWindow, SetRect, GetWindowWord, DrawIcon, ValidateRect, GetSubMenu, GetMenuItemID, EqualRect, IsMenu, DrawMenuBar, CharLowerA, CharUpperA, DestroyCursor, LoadImageA, SetCursor, CopyIcon, CopyRect, MapWindowPoints, GetMessagePos, GetWindowRgn, GetCapture, DrawTextExA, CreateIconIndirect, GetMenuItemInfoA, CreatePopupMenu, GetMenuItemCount, SetCapture, ScreenToClient, IsWindowVisible, GetCursorPos, InsertMenuItemA, DestroyWindow, DrawEdge, FillRect, BeginPaint, EndPaint, ClientToScreen, PtInRect, KillTimer, InvalidateRect, SetTimer, UpdateWindow, UnregisterClassA, LoadCursorA, RegisterClassExA, CreateWindowExA, ShowCaret, GetFocus, HideCaret, GetKeyState, CopyAcceleratorTableA, GetMenu, IsRectEmpty, GetWindowInfo, GetWindow, IsZoomed, MoveWindow, ShowWindow, PostMessageA, ReleaseDC, GetWindowDC, GetClientRect, GetWindowTextA, DrawTextA, SetWindowRgn, SetWindowPos, RemovePropA, SetPropA, RedrawWindow, DefWindowProcA, GetSysColorBrush, GetSysColor, DispatchMessageA, GetMessageA, IsWindow, UnhookWindowsHookEx, SetWindowsHookExA, GetParent, GetWindowLongA, GetActiveWindow, GetClassNameA, GetPropA, GetMenuState, GetDesktopWindow, ReleaseCapture, SendMessageA, CallNextHookEx, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics, SetMenu
> GDI32.dll: GetDCOrgEx, GetClipBox, DeleteObject, CreateFontIndirectA, SetBkMode, SelectObject, CreateRectRgn, OffsetRgn, CombineRgn, BitBlt, GetStockObject, CreateRectRgnIndirect, GetTextExtentPointA, ExtCreateRegion, CreateSolidBrush, DeleteDC, GetDIBits, GetRegionData, GetObjectA, SetBkColor, CreateICA, RealizePalette, SelectPalette, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, GetDeviceCaps, Polygon, RestoreDC, StretchBlt, SaveDC, CreateDIBitmap, CreateDIBSection, SetDIBitsToDevice, SetStretchBltMode, ExtSelectClipRgn, RectVisible, StretchDIBits, PtInRegion, GetTextExtentPoint32A, ExcludeClipRect, GetPixel, SetPixel, LineTo, MoveToEx, Rectangle, CreatePen, TextOutA, SelectClipRgn, IntersectClipRect, GetRgnBox, GetTextMetricsA, ExtTextOutA, UnrealizeObject, PatBlt, SetBrushOrgEx, SetTextColor, CreatePatternBrush
> IMAGEHLP.dll: ImageDirectoryEntryToData
> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegQueryValueA
> SHELL32.dll: ExtractIconExA
> COMCTL32.dll: ImageList_Remove, ImageList_GetImageCount, ImageList_Destroy, ImageList_GetIcon, ImageList_Create, _TrackMouseEvent, ImageList_GetIconSize, ImageList_DrawEx, ImageList_Draw, ImageList_AddMasked

( 59 exports )
CloseSkinData, CreateBitmapFromSkinImage, CreateImageList, CreateSkinImageRectRegion, CreateSkinImageSectionRegion, DisableWindowScrollbarSkin, DrawSkinImageRect, DrawSkinImageSection, DrawSkinTextEffect, EnableCaptionButtons, EnableWindowScrollbarSkin, ExitSkinMagicLib, GetCaptionButtonState, GetLibVersion, GetSkinBool, GetSkinClientRect, GetSkinColor, GetSkinControlBkColor, GetSkinControlColor, GetSkinControlFont, GetSkinControlID, GetSkinControlRect, GetSkinDWORD, GetSkinFont, GetSkinImageSectionMargins, GetSkinInt, GetSkinMagicErrorCode, GetSkinMenu, GetSkinObjectText, GetSkinString, GetSkinSysColor, GetSkinSysColorBrush, GetSkinTransparentColor, HideTooltip, InitSkinMagicLib, LoadSkinFile, LoadSkinFromResource, OpenSkinData, RedrawCaptionStatic, RegisterSkinWindow, RemoveDialogSkin, RemoveWindowSkin, SetCaptionButtonState, SetCaptionButtonTooltip, SetControlSkin, SetControlTooltip, SetDialogSkin, SetShapeWindowSkin, SetSingleDialogSkin, SetSkinMenu, SetSkinObjectText, SetSkinWindowAccelerator, SetWindowMainMenuImage, SetWindowSkin, ShowSkinObject, ShowTooltipPoint, TrackSkinPopupMenu, TrackSkinPopupMenuEx, UnregisterSkinWindow


________________________________________________
________________________________________________
________________________________________________
Hijack rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:21, on 14/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Louis-Nicolas.HP\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D39F49BB-7816-4024-BD6D-C4D37A49165B} - C:\Windows\system32\xxywUNFu.dll (file missing)
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\System32\IFXTCS.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Re,

autre vérification :

Rends toi sur ce site :

http://www.virustotal.com/

Clique sur parcourir et cherche ce fichier : C:\Windows\system32\Hpservice.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.13.1 2008.06.13 -
AntiVir 7.8.0.55 2008.06.14 -
Authentium 5.1.0.4 2008.06.14 -
Avast 4.8.1195.0 2008.06.14 -
AVG 7.5.0.516 2008.06.13 -
BitDefender 7.2 2008.06.14 -
CAT-QuickHeal 9.50 2008.06.13 -
ClamAV 0.92.1 2008.06.14 -
DrWeb 4.44.0.09170 2008.06.14 -
eSafe 7.0.15.0 2008.06.12 -
eTrust-Vet 31.6.5873 2008.06.14 -
Ewido 4.0 2008.06.14 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.13 -
Fortinet 3.14.0.0 2008.06.14 -
GData 2.0.7306.1023 2008.06.14 -
Ikarus T3.1.1.26.0 2008.06.14 -
Kaspersky 7.0.0.125 2008.06.14 -
McAfee 5317 2008.06.13 -
Microsoft 1.3604 2008.06.14 -
NOD32v2 3186 2008.06.13 -
Norman 5.80.02 2008.06.13 -
Panda 9.0.0.4 2008.06.13 -
Prevx1 V2 2008.06.14 -
Rising 20.48.50.00 2008.06.14 -
Sophos 4.30.0 2008.06.14 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.14 -
TheHacker 6.2.92.349 2008.06.13 -
VBA32 3.12.6.7 2008.06.14 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.14 -
Information additionnelle
File size: 18944 bytes
MD5...: a3a9c44e2a75984e80ebe4181e9d1cf9
SHA1..: 1edc52f0cf2fb9087ea16174b8070fd7546e9e22
SHA256: f019fdbba372603db49ac84c634b22460d8bd2a68d61db30601f0c9636716895
SHA512: 244b58b3dd48cd1177396286853b56fc2f85d0b6e0943134b40220b89abfcec9
be33cb51fdaa317168c8feacc24feefbf08eec2dbf92711341b150ae5cf7872d
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1003c98
timedatestamp.....: 0x459ea8ee (Fri Jan 05 19:37:18 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3bbc 0x3c00 5.56 299b803eefcd9933e73bc6f6e32fd558
.data 0x5000 0x4a4 0x200 1.23 eeddbec4fa68ebc67999cbf2ddd7faf9
.rsrc 0x6000 0x258 0x400 3.16 7fa9ec498d255c53fc486b39c4716564
.reloc 0x7000 0x3de 0x400 5.76 ccbee4392a7d293bb52b925698ba61d6

( 7 imports )
> ADVAPI32.dll: CloseServiceHandle, OpenServiceW, OpenSCManagerW, ReportEventW, RegisterEventSourceW, DeregisterEventSource, RegOpenKeyW, RegCloseKey, RegSetValueExW, RegCreateKeyW, CreateServiceW, DeleteService, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, ConvertSidToStringSidW, GetTokenInformation
> KERNEL32.dll: SetEvent, OutputDebugStringW, GetCurrentThreadId, GetModuleFileNameW, GetLastError, Sleep, CloseHandle, CreateEventW, SetConsoleCtrlHandler, GetModuleHandleW, GetCommandLineW, SetProcessShutdownParameters, GetProcessShutdownParameters, DebugBreak, LocalFree, LocalAlloc, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedCompareExchange, UnhandledExceptionFilter, InterlockedExchange
> MFC42u.dll: -, -, -, -
> msvcrt.dll: _unlock, __dllonexit, _lock, _onexit, __1type_info@@UAE@XZ, _except_handler4_common, _XcptFilter, exit, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _terminate@@YAXXZ, _wcsicmp, vswprintf, wprintf, memset, wcsncpy, _exit, _cexit, __wgetmainargs, _controlfp, __CxxFrameHandler3, swprintf
> accelerometerDLL.dll: _SessionChange@@YGKPAXPBGE@Z, _NotifyAccelerometerAboutPower@@YGKPAXK@Z, _FindAccelerometerDevice@@YGEPAPAX@Z
> USER32.dll: RegisterDeviceNotificationW, UnregisterDeviceNotification
> WTSAPI32.dll: WTSQueryUserToken

( 0 exports )

Re,

merci, car ce fichier n'est pas bien connu. On va le référencer comme légitime.

On nettoie :

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

O2 - BHO: (no name) - {D39F49BB-7816-4024-BD6D-C4D37A49165B} - C:\Windows\system32\xxywUNFu.dll (file missing)

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

* Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

Fais un clic droit et exécuter en tant qu'administrateur.

* Clique sur Recherche et laisse le scan se terminer.

* Clique, sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

-->- Recherche:

C:\Qoobox: trouvé !
C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe: trouvé !
C:\Users\Louis-Nicolas.HP\Téléchargements\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe: supprimé !
C:\Users\Louis-Nicolas.HP\Téléchargements\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Qoobox: supprimé !


voilou :)

Bonsoir,

supprime Toolscleaner sur ton Bureau et C:\Tcleaner.txt.

Je mets le topic en résolu.

Bon surf.

C'est très sympa pour ton aide !

Je t'en remercie !

Bonne navigation à toi ^^

Bonjour,

de rien pour l'aide.

On n'a pas eu l'occasion d'en discuter, mais une menace nouvelle vient d'apparaître sur les routeurs (et box). Si tu es concerné, lis ceci :

Si tu as un routeur (ou une box), as-tu changé le mot de passe par défaut ? Sinon, fais le rapidement : un trojan s'attaque au mot de passe des routeurs en cherchant si le mot de passe ne figure pas dans une liste prétablie. Si oui, il prend le contrôle de l'ordi (et de la totalité du réseau). Un bon mot de passe doit avoir au moins 8 caractères et comprendre des lettres (en majuscule et en minuscule), des chiffres et des caractères spéciaux (é, #, ...). Il doit être conservé soigneusement (pour être retrouvé en cas d'oubli) ailleurs que sur un support informatique.

Euh moi j'ai ma box numéricable.. et j'ai la conexion par wifi, et je n'ai pas mis de mot de passe :S
C'est à dire quand je veux me connecter, y'a écrit MAISON et je me connecte direct^^
Faut que je change le mot de passe??