Sujet Précédent Sujet Suivant

J'envoi du spam involontairement...

Fermé
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 - 17 sept. 2008 à 23:20
 Utilisateur anonyme - 19 sept. 2008 à 21:30
Salut à tous,
j'ai un probleme depuis un moment, ça commence quand Free m'envoi un mail et me dit que du spam est envoyé depuis mon Ip, en scrutant mon ordi, je vois qu'avast analyse en effet enormement de mails sortants à partir de 10min aprés le démarrage du PC.

J'ai donc avast, spybot, j'ai hitman pro, cclenear, j'ai cherché pendant un bon moment sur le net, et rien, aucun log ne trouve quoi que ce soit.

mon CPU prend de bonne charge quand le truc fonctionne, et jusqu'a peu, thunderbird ne pouvait sortir des mails via le SMTP. Je suis donc chez Free, j'ai annulé le blocage smtp sortant.

Voila le Hijackthis pendant que le truc fonctionnait:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:47, on 17/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\WTClient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Kiao\Desktop\Tcpview.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kiao\Downloads\HiJackThis.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ole2nls32] rundll32.exe ole2nls32.dll,uguj
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HXON - Unknown owner - C:\Users\Kiao\AppData\Local\Temp\HXON.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OLE 2.1 16/32 Interoperability Library (ole2nls32) - Unknown owner - rundll32.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE

32 réponses

  • 1
  • 2
Réponse 1 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
17 sept. 2008 à 23:23
Les mails que j'envoi s'apellent: Where dreeamms come true" ou "where dreams ccome true"

Deuxieme Hijackthis plus tard si ça peut aider:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:39, on 17/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\WTClient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Kiao\AppData\Local\Temp\jkos-Kiao\binaries\ScanningProcess.exe
C:\Users\Kiao\AppData\Local\Temp\jkos-Kiao\binaries\ScanningProcess.exe
C:\Users\Kiao\Downloads\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ole2nls32] rundll32.exe ole2nls32.dll,uguj
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HXON - Unknown owner - C:\Users\Kiao\AppData\Local\Temp\HXON.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OLE 2.1 16/32 Interoperability Library (ole2nls32) - Unknown owner - rundll32.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
1
Réponse 2 / 32
Utilisateur anonyme
17 sept. 2008 à 23:25
oui tu as un soucis la
1
Réponse 3 / 32
Utilisateur anonyme
17 sept. 2008 à 23:36
telecharge malwarbytes
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware


tuto
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
1
Réponse 4 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
18 sept. 2008 à 19:05
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1168
Windows 6.0.6001 Service Pack 1

18/09/2008 19:05:17
mbam-log-2008-09-18 (19-05-17).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 169001
Temps écoulé: 1 hour(s), 1 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
Utilisateur anonyme
18 sept. 2008 à 19:08
je vais transferer ta demande a "chiquitine"
un pro en la matiere
1
Réponse 6 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
18 sept. 2008 à 19:11
Merci, j'avou que je seche, pourtant je pense comprendre comment marche un ordi, mais là je ne vois pas, ceci dit, ce soir ça à l'air de se calmer, je vais voir.
1
Réponse 7 / 32
Utilisateur anonyme
18 sept. 2008 à 19:15
Salut,


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
1
Réponse 8 / 32
Utilisateur anonyme
18 sept. 2008 à 19:16
merci a toi chiquitine
1
Réponse 9 / 32
Utilisateur anonyme
18 sept. 2008 à 19:18
de riien content que tu soit de retour
1
Réponse 10 / 32
Utilisateur anonyme
18 sept. 2008 à 19:20
merci.......content de retrouver tes conseil aussi !!
1
Réponse 11 / 32
Utilisateur anonyme
18 sept. 2008 à 19:21
-;)
1
Réponse 12 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
18 sept. 2008 à 19:31
Merci à vous deux pour ma part, voici donc le log demandé:

ComboFix 08-09-16.05 - Kiao 2008-09-18 19:24:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1825 [GMT 2:00]
Lancé depuis: C:\Users\Kiao\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-18 au 2008-09-18 ))))))))))))))))))))))))))))))))))))
.

2014-08-01 02:17 . 2014-08-01 02:17 <REP> d-------- C:\Program Files\Native Instruments
2008-09-18 06:53 . 2008-09-18 06:53 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-18 06:53 . 2008-09-18 17:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 06:53 . 2008-09-18 06:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 06:53 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-18 06:53 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-17 23:09 . 2008-09-17 23:09 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-09-17 23:09 . 2008-09-17 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-17 22:31 . 2008-09-17 22:31 <REP> d-------- C:\Program Files\Yahoo!
2008-09-17 22:30 . 2008-09-17 22:31 <REP> d-------- C:\Program Files\CCleaner
2008-09-17 21:43 . 2008-09-17 23:02 250 --a------ C:\Windows\gmer.ini
2008-09-17 21:15 . 2008-09-17 23:02 <REP> d-------- C:\Rustbfix
2008-09-16 20:39 . 2008-09-16 20:53 <REP> d-------- C:\Users\All Users\Hitman Pro
2008-09-16 20:39 . 2008-09-16 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2008-09-16 20:32 . 2008-09-16 20:32 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-09-16 20:31 . 2008-09-18 06:55 <REP> d-------- C:\Users\Kiao\.housecall6.6
2008-09-14 02:19 . 2008-09-14 02:19 <REP> d-------- C:\Users\All Users\Apple Computer
2008-09-14 02:19 . 2008-09-14 02:21 <REP> d-------- C:\Program Files\QuickTime
2008-09-14 02:19 . 2008-09-14 02:19 <REP> d-------- C:\Program Files\Common Files\Apple
2008-09-14 02:19 . 2008-09-14 02:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-10 18:31 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 18:31 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 18:31 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 18:31 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 18:31 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 18:31 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 18:31 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 18:31 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 18:31 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-07 22:18 . 2008-09-09 01:14 <REP> d-------- C:\Program Files\Buyertools Reminder
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-02 19:40 . 2008-09-02 19:40 <REP> d-------- C:\Users\ReleaseEngineer.MACROVISION
2008-09-02 19:40 . 2008-09-15 19:36 <REP> d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2008-09-02 19:40 . 2008-09-02 19:40 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-09-02 19:35 . 2008-09-02 19:35 <REP> d-------- C:\Program Files\Common Files\Skype
2008-09-02 19:25 . 2008-09-02 19:25 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-02 19:19 . 2008-09-02 19:19 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-02 19:16 . 2008-09-02 19:16 <REP> dr-h----- C:\MSOCache
2008-08-26 23:16 . 2008-08-26 23:16 <REP> d-------- C:\Users\All Users\FLEXnet
2008-08-26 23:16 . 2008-08-26 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-26 21:38 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 21:38 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 21:38 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 21:38 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 21:38 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 21:38 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 21:38 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 21:38 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 21:38 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Videos
2008-08-25 19:55 . 2006-11-02 12:23 <REP> d-------- C:\Users\LogMeInRemoteUser\Saved Games
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Pictures
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Music
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Links
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Downloads
2008-08-25 19:55 . 2008-08-25 19:55 <REP> dr------- C:\Users\LogMeInRemoteUser\Documents
2008-08-25 19:55 . 2006-11-02 13:18 <REP> d--h----- C:\Users\LogMeInRemoteUser\AppData
2008-08-25 19:55 . 2008-08-25 19:55 <REP> d-------- C:\Users\LogMeInRemoteUser
2008-08-24 13:59 . 2008-08-24 13:59 <REP> d-------- C:\NVIDIA
2008-08-24 13:59 . 2008-06-11 14:48 188,960 --a------ C:\Windows\System32\nvapps.xml
2008-08-24 13:38 . 2008-08-24 13:45 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-08-24 13:37 . 2008-08-24 13:37 <REP> d-------- C:\Windows\Sun
2008-08-24 13:37 . 2008-08-24 13:37 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-08-24 02:06 . 2008-08-24 02:06 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-08-24 01:36 . 2008-08-24 01:36 0 --a------ C:\Windows\sam7_E.INI
2008-08-24 01:23 . 2008-08-24 01:23 <REP> d-------- C:\Program Files\Magix
2008-08-24 01:23 . 2001-03-02 18:46 290,816 --a------ C:\Windows\System32\temp.000
2008-08-24 01:23 . 2000-02-08 02:53 120,832 --a------ C:\Windows\System32\WkWin32.dll
2008-08-24 01:23 . 1999-03-23 10:42 39,136 --a------ C:\Windows\System32\cdrom.sys
2008-08-24 01:23 . 2008-08-24 01:23 91 --a------ C:\Windows\magix.ini
2008-08-20 23:25 . 2008-08-20 23:25 <REP> d-------- C:\Program Files\GrabIt
2008-08-19 23:06 . 2008-09-18 18:09 69 --a------ C:\Windows\NeroDigital.ini
2008-08-19 21:54 . 2008-09-04 20:58 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-08-19 21:47 . 2008-08-19 21:47 <REP> d-------- C:\Users\All Users\AppData
2008-08-19 21:47 . 2008-08-19 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AppData
2008-08-19 21:40 . 2008-08-28 18:51 <REP> d-------- C:\Program Files\GENIUS TABLET
2008-08-18 17:43 . 2008-08-18 17:43 <REP> d-------- C:\Program Files\SuperCopier2
2008-08-18 17:39 . 2008-08-18 17:39 <REP> d-------- C:\Program Files\WIBU-SYSTEMS
2008-08-18 17:39 . 2008-08-18 17:39 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 17:39 . 2008-08-18 17:39 <REP> d-------- C:\Program Files\CodeMeter
2008-08-18 17:38 . 2007-04-27 10:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll
2008-08-18 17:37 . 2008-08-24 01:13 <REP> d-------- C:\Windows\System32\MAGIX
2008-08-18 17:37 . 2008-04-15 16:14 700,416 --------- C:\Windows\System32\mgxoschk.dll
2008-08-18 17:37 . 2002-11-12 17:29 730 --a------ C:\Windows\mgxoschk.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 22:04 --------- d-----w C:\Program Files\LogMeIn
2008-09-17 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 20:50 --------- d-----w C:\Program Files\Avast4
2008-09-16 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 21:26 358,464 ----a-w C:\Windows\system32\drivers\ar5513.sys
2008-09-16 20:04 --------- d-----w C:\Program Files\BSplayer
2008-09-11 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-04 19:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-02 17:29 --------- d-----w C:\Program Files\Microsoft Works
2008-09-02 17:28 --------- d-----w C:\Program Files\MSBuild
2008-08-24 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-08-20 23:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-17 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-08-16 20:45 --------- d-----w C:\Program Files\SiS VGA Utilities
2008-08-16 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-08-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-16 20:15 --------- d-----w C:\Program Files\TomTom HOME 2
2008-08-16 20:04 --------- d-----w C:\Program Files\BOSS
2008-08-16 19:50 --------- d-----w C:\Program Files\Guitar Pro 5
2008-08-16 18:42 --------- d-----w C:\Program Files\Bonjour
2008-08-16 18:32 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-16 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-16 18:00 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-16 17:43 --------- d-----w C:\Program Files\Guitar Rig Native Instruments
2008-08-16 17:42 --------- d-----w C:\Program Files\Common Files\Native Instruments
2008-08-16 17:42 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-08-16 16:02 --------- d-----w C:\Program Files\Apple Software Update
2008-08-16 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-16 13:14 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-16 12:47 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-08-16 12:25 --------- d-----w C:\Program Files\DivX
2008-08-16 12:24 --------- d-----w C:\Program Files\Foxit Software
2008-08-15 21:34 --------- d-----w C:\Program Files\VLC
2008-08-15 12:22 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 12:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-13 12:29 --------- d-----w C:\Program Files\Java
2008-08-13 12:25 --------- d-----w C:\Program Files\Common Files\Java
2008-08-12 15:04 --------- d-----w C:\Program Files\Windows Live
2008-08-12 15:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-12 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-12 13:23 --------- d-----w C:\Program Files\Vimicro
2008-08-12 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\eMule
2008-08-12 11:42 --------- d-----w C:\Program Files\Google
2008-08-12 11:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-12 11:35 --------- d-----w C:\Program Files\Roxio
2008-08-12 11:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-08-12 11:35 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-08-12 11:35 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-12 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-08-12 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-12 11:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-12 11:30 --------- d-----w C:\Program Files\Seagate
2008-08-12 11:28 --------- d-----w C:\Program Files\Packard Bell ImageWriter
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Templates
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Start Menu
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Favorites
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Documents
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Desktop
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Application Data
2008-08-12 11:16 --------- d-----w C:\Program Files\eMule
2008-08-12 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-12 10:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-12 10:42 --------- d-sh--w C:\Program Files\Fichiers communs
2008-08-12 10:42 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\Modèles
2008-08-12 10:42 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\Menu Démarrer
2008-08-12 10:42 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\Favoris
2008-08-12 10:42 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\Bureau
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 20:07 210,976 ----a-w C:\Windows\System32\muweb.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-17 29744]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [2007-12-07 552960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 C:\Windows\SkyTel.exe]
"ole2nls32"="ole2nls32.dll" [2004-08-16 C:\Windows\System32\ole2nls32.dll]
"WTClient"="WTClient.exe" [2007-04-11 C:\Windows\System32\WTClient.exe]

C:\Users\Kiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2007-03-23 4984832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= rddv1052.dll
"midi1"= rddv1052.dll

[HKLM\~\startupfolder\C:^Users^Kiao^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Kiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
--a------ 2008-02-22 11:31 262080 C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-01-11 11:40 232184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 18:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"= C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AF84C3E7-4A60-4355-BB5F-E2818409FC55}C:\\program files\\packard bell\\updator\\pbupdator.exe"= UDP:C:\program files\packard bell\updator\pbupdator.exe:Packard Bell Updator
"UDP Query User{C1085A72-AFC8-4E40-9DC0-208DDF511056}C:\\program files\\packard bell\\updator\\pbupdator.exe"= TCP:C:\program files\packard bell\updator\pbupdator.exe:Packard Bell Updator
"TCP Query User{DB7A8AB8-9CAA-472F-A7CC-39B877DF0D99}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{97C7670E-45D0-4D51-A55F-93FBF5374C51}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{5E56B07E-9766-4CC9-8122-9BC54D87876E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A693AD04-3F13-4BA5-BC4D-13E0B18A2C23}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1A5C66B1-B8AC-4560-94EB-DA2B545EFA81}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A3ECB454-C895-4957-BF7C-1BE37250092C}C:\\users\\public\\downloads\\emule\\incoming\\foxit.pdf.editor.v1.4.1531.cracked-apo\\crack\\pdfedit.exe"= UDP:C:\users\public\downloads\emule\incoming\foxit.pdf.editor.v1.4.1531.cracked-apo\crack\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{F4459315-91C7-4A42-8A5F-AC697C7B56B6}C:\\users\\public\\downloads\\emule\\incoming\\foxit.pdf.editor.v1.4.1531.cracked-apo\\crack\\pdfedit.exe"= TCP:C:\users\public\downloads\emule\incoming\foxit.pdf.editor.v1.4.1531.cracked-apo\crack\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{84583D22-DDFC-4326-AA09-B8C7AA904AB5}C:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:C:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{05A5AFE2-C35E-4D9A-BDC7-FC928B2A978D}C:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:C:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{7472966A-E087-4925-91BE-D1431BF1E48C}C:\\program files\\vlc\\vlc.exe"= UDP:C:\program files\vlc\vlc.exe:VLC media player
"UDP Query User{22068BE2-A927-4AD8-B1AC-CA15A037172A}C:\\program files\\vlc\\vlc.exe"= TCP:C:\program files\vlc\vlc.exe:VLC media player
"{8FEE72EC-D364-4ACE-AB32-E3D1B97CD602}"= UDP:C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:CodeMeter Runtime Server
"{258E40D6-2D41-4B9B-B981-2997AE242417}"= TCP:C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:CodeMeter Runtime Server
"{A7977830-69FE-4562-A5CC-ADDC47D54DDF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{91A49E1D-ECA7-44B1-9561-9421E1E98DEA}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2733908A-6D5E-4896-B341-D69FDC7D1BE0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{22FF60EA-B1DD-457C-8939-DDF6A3CD76CF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"= C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2007-08-23 2007040]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 AR5513;%ATHER.Service.DispName%;C:\Windows\system32\DRIVERS\ar5513.sys [2008-09-16 358464]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\system32\DRIVERS\PTSimBus.sys [2008-08-28 18944]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 ole2nls32;OLE 2.1 16/32 Interoperability Library;rundll32.exe C:\Windows\system32\ole2nls32.dll,uguj [ ]
S3 HXON;HXON;C:\Users\Kiao\AppData\Local\Temp\HXON.exe [ ]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\system32\DRIVERS\PTSimHid.sys [2008-08-28 10752]
S3 RDID1052;BOSS GT-PRO;C:\Windows\system32\Drivers\rdwm1052.sys [2005-01-11 161749]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);C:\Windows\system32\Drivers\vmcam323av.sys [2007-04-09 232960]
S3 vvftav323;vvftav323;C:\Windows\system32\drivers\vvftav323.sys [2007-03-19 475136]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4cd9257-6b94-11dd-90b8-00179a4106aa}]
\shell\AutoRun\command - J:\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 -: {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 19:26:10
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-18 19:27:25
ComboFix-quarantined-files.txt 2008-09-18 17:27:01

Avant-CF: 136,060,420,096 octets libres
AprŠs-CF: 136,025,120,768 octets libres

304 --- E O F --- 2008-09-18 15:56:31
1
Réponse 13 / 32
Utilisateur anonyme
18 sept. 2008 à 19:38
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Windows\System32\ole2nls32.dll

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse. --
A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + T' Chiki.
1
Réponse 14 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
18 sept. 2008 à 20:02
En plus court

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.19.0 2008.09.18 -
AntiVir 7.8.1.34 2008.09.18 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.09.18 -
Avast 4.8.1195.0 2008.09.18 -
AVG 8.0.0.161 2008.09.18 -
BitDefender 7.2 2008.09.18 -
CAT-QuickHeal 9.50 2008.09.17 -
ClamAV 0.93.1 2008.09.18 -
DrWeb 4.44.0.09170 2008.09.18 -
eSafe 7.0.17.0 2008.09.18 Suspicious File
eTrust-Vet 31.6.6091 2008.09.16 -
Ewido 4.0 2008.09.18 -
F-Prot 4.4.4.56 2008.09.18 -
F-Secure 8.0.14332.0 2008.09.18 -
Fortinet 3.113.0.0 2008.09.18 -
GData 19 2008.09.18 -
Ikarus T3.1.1.34.0 2008.09.18 -
K7AntiVirus 7.10.461 2008.09.18 -
Kaspersky 7.0.0.125 2008.09.18 -
McAfee 5386 2008.09.17 -
Microsoft 1.3903 2008.09.18 -
NOD32v2 3452 2008.09.18 -
Norman 5.80.02 2008.09.18 -
Panda 9.0.0.4 2008.09.18 -
PCTools 4.4.2.0 2008.09.18 -
Prevx1 V2 2008.09.18 -
Rising 20.62.32.00 2008.09.18 -
Sophos 4.33.0 2008.09.18 -
Sunbelt 3.1.1647.1 2008.09.18 -
Symantec 10 2008.09.18 -
TheHacker 6.3.0.9.086 2008.09.18 -
TrendMicro 8.700.0.1004 2008.09.18 -
VBA32 3.12.8.5 2008.09.18 -
ViRobot 2008.9.18.1381 2008.09.18 -
VirusBuster 4.5.11.0 2008.09.18 -
Webwasher-Gateway 6.6.2 2008.09.18 Trojan.Crypt.XPACK.Gen
Information additionnelle
File size: 12800 bytes
MD5...: e9946f3c8eae14891f4afe3bce1ee888
SHA1..: 826ae834d92debd5f9ebd319130be890a617ac5e
SHA256: 3eff87ba172b280ba8e255182e9f9c3eae7363da3c84385c8145d9bebaab8b21
SHA512: 22e3fed32fd71432cb8d27ed92369690e6fccf0c6814c83ddcd348c0ff76b0e9<br>d00b2e9a3f225b9236f9836dbd8754df286c7047707328d14eaf6e033bd7ead1
PEiD..: -
TrID..: File type identification<br>UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000a5c0<br>timedatestamp.....: 0x489aed2e (Thu Aug 07 12:40:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x8000 0x3000 0x2800 7.86 edbb903552097a793aeb1deadb101eac<br>.rsrc 0xb000 0x1000 0x600 2.91 21685c19108408bc40dbe8a53ee97737<br><br>( 1 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree<br><br>( 1 exports ) <br>uguj<br>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
1
Réponse 15 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
18 sept. 2008 à 20:06
Et le spam est reparti
1
Réponse 16 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
18 sept. 2008 à 20:06
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.19.0 2008.09.18 -
AntiVir 7.8.1.34 2008.09.18 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.09.18 -
Avast 4.8.1195.0 2008.09.18 -
AVG 8.0.0.161 2008.09.18 -
BitDefender 7.2 2008.09.18 -
CAT-QuickHeal 9.50 2008.09.17 -
ClamAV 0.93.1 2008.09.18 -
DrWeb 4.44.0.09170 2008.09.18 -
eSafe 7.0.17.0 2008.09.18 Suspicious File
eTrust-Vet 31.6.6091 2008.09.16 -
Ewido 4.0 2008.09.18 -
F-Prot 4.4.4.56 2008.09.18 -
F-Secure 8.0.14332.0 2008.09.18 -
Fortinet 3.113.0.0 2008.09.18 -
GData 19 2008.09.18 -
Ikarus T3.1.1.34.0 2008.09.18 -
K7AntiVirus 7.10.461 2008.09.18 -
Kaspersky 7.0.0.125 2008.09.18 -
McAfee 5386 2008.09.17 -
Microsoft 1.3903 2008.09.18 -
NOD32v2 3452 2008.09.18 -
Norman 5.80.02 2008.09.18 -
Panda 9.0.0.4 2008.09.18 -
PCTools 4.4.2.0 2008.09.18 -
Prevx1 V2 2008.09.18 -
Rising 20.62.32.00 2008.09.18 -
Sophos 4.33.0 2008.09.18 -
Sunbelt 3.1.1647.1 2008.09.18 -
Symantec 10 2008.09.18 -
TheHacker 6.3.0.9.086 2008.09.18 -
TrendMicro 8.700.0.1004 2008.09.18 -
VBA32 3.12.8.5 2008.09.18 -
ViRobot 2008.9.18.1381 2008.09.18 -
VirusBuster 4.5.11.0 2008.09.18 -
Webwasher-Gateway 6.6.2 2008.09.18 Trojan.Crypt.XPACK.Gen
Information additionnelle
File size: 12800 bytes
MD5...: e9946f3c8eae14891f4afe3bce1ee888
SHA1..: 826ae834d92debd5f9ebd319130be890a617ac5e
SHA256: 3eff87ba172b280ba8e255182e9f9c3eae7363da3c84385c8145d9bebaab8b21
SHA512: 22e3fed32fd71432cb8d27ed92369690e6fccf0c6814c83ddcd348c0ff76b0e9
d00b2e9a3f225b9236f9836dbd8754df286c7047707328d14eaf6e033bd7ead1
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000a5c0
timedatestamp.....: 0x489aed2e (Thu Aug 07 12:40:14 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x8000 0x3000 0x2800 7.86 edbb903552097a793aeb1deadb101eac
.rsrc 0xb000 0x1000 0x600 2.91 21685c19108408bc40dbe8a53ee97737

( 1 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree

( 1 exports )
uguj
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
1
Réponse 17 / 32
Utilisateur anonyme
18 sept. 2008 à 20:08
Copie le texte ci-dessous :

File::
C:\Windows\mgxoschk.ini
C:\Users\Kiao\AppData\Local\Temp\HXON.exe
C:\Windows\system32\ole2nls32.dll,uguj
C:\Windows\system32\ole2nls32.dll

Folder::
C:\\users\\public\\downloads\\emule\\incoming\\foxit.pdf.editor.v1.4.1531.cracked-apo\\crack
C:\\users\\public\\downloads\\emule\\incoming\\foxit.pdf.editor.v1.4.1531.cracked-apo

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ole2nls32"=-

Driver::
HXON
ole2nls32


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
1
Réponse 18 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
18 sept. 2008 à 20:41
ComboFix 08-09-16.05 - Kiao 2008-09-18 20:27:59.2 - NTFSx86
Lancé depuis: C:\Users\Kiao\Desktop\ComboFix.exe
Command switches used :: C:\Users\Kiao\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\mgxoschk.ini
C:\Windows\system32\ole2nls32.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_HXON
-------\Service_ole2nls32


((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-18 au 2008-09-18 ))))))))))))))))))))))))))))))))))))
.

2014-08-01 02:17 . 2014-08-01 02:17 <REP> d-------- C:\Program Files\Native Instruments
2008-09-18 06:53 . 2008-09-18 06:53 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-18 06:53 . 2008-09-18 17:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 06:53 . 2008-09-18 06:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 06:53 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-18 06:53 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-17 23:09 . 2008-09-17 23:09 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-09-17 23:09 . 2008-09-17 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-17 22:31 . 2008-09-17 22:31 <REP> d-------- C:\Program Files\Yahoo!
2008-09-17 22:30 . 2008-09-17 22:31 <REP> d-------- C:\Program Files\CCleaner
2008-09-17 21:43 . 2008-09-17 23:02 250 --a------ C:\Windows\gmer.ini
2008-09-17 21:15 . 2008-09-17 23:02 <REP> d-------- C:\Rustbfix
2008-09-16 20:39 . 2008-09-16 20:53 <REP> d-------- C:\Users\All Users\Hitman Pro
2008-09-16 20:39 . 2008-09-16 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2008-09-16 20:32 . 2008-09-16 20:32 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-09-16 20:31 . 2008-09-18 06:55 <REP> d-------- C:\Users\Kiao\.housecall6.6
2008-09-14 02:19 . 2008-09-14 02:19 <REP> d-------- C:\Users\All Users\Apple Computer
2008-09-14 02:19 . 2008-09-14 02:21 <REP> d-------- C:\Program Files\QuickTime
2008-09-14 02:19 . 2008-09-14 02:19 <REP> d-------- C:\Program Files\Common Files\Apple
2008-09-14 02:19 . 2008-09-14 02:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-10 18:31 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 18:31 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 18:31 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 18:31 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 18:31 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 18:31 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 18:31 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 18:31 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 18:31 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-07 22:18 . 2008-09-09 01:14 <REP> d-------- C:\Program Files\Buyertools Reminder
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-02 19:40 . 2008-09-02 19:40 <REP> d-------- C:\Users\ReleaseEngineer.MACROVISION
2008-09-02 19:40 . 2008-09-15 19:36 <REP> d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2008-09-02 19:40 . 2008-09-02 19:40 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-09-02 19:35 . 2008-09-02 19:35 <REP> d-------- C:\Program Files\Common Files\Skype
2008-09-02 19:25 . 2008-09-02 19:25 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-02 19:19 . 2008-09-02 19:19 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-02 19:16 . 2008-09-02 19:16 <REP> dr-h----- C:\MSOCache
2008-08-26 23:16 . 2008-08-26 23:16 <REP> d-------- C:\Users\All Users\FLEXnet
2008-08-26 23:16 . 2008-08-26 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-26 21:38 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 21:38 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 21:38 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 21:38 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 21:38 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 21:38 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 21:38 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 21:38 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 21:38 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Videos
2008-08-25 19:55 . 2006-11-02 12:23 <REP> d-------- C:\Users\LogMeInRemoteUser\Saved Games
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Pictures
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Music
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Links
2008-08-25 19:55 . 2006-11-02 12:23 <REP> dr------- C:\Users\LogMeInRemoteUser\Downloads
2008-08-25 19:55 . 2008-08-25 19:55 <REP> dr------- C:\Users\LogMeInRemoteUser\Documents
2008-08-25 19:55 . 2006-11-02 13:18 <REP> d--h----- C:\Users\LogMeInRemoteUser\AppData
2008-08-25 19:55 . 2008-08-25 19:55 <REP> d-------- C:\Users\LogMeInRemoteUser
2008-08-24 13:59 . 2008-08-24 13:59 <REP> d-------- C:\NVIDIA
2008-08-24 13:59 . 2008-06-11 14:48 188,960 --a------ C:\Windows\System32\nvapps.xml
2008-08-24 13:38 . 2008-08-24 13:45 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-08-24 13:37 . 2008-08-24 13:37 <REP> d-------- C:\Windows\Sun
2008-08-24 13:37 . 2008-08-24 13:37 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-08-24 02:06 . 2008-08-24 02:06 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-08-24 01:36 . 2008-08-24 01:36 0 --a------ C:\Windows\sam7_E.INI
2008-08-24 01:23 . 2008-08-24 01:23 <REP> d-------- C:\Program Files\Magix
2008-08-24 01:23 . 2001-03-02 18:46 290,816 --a------ C:\Windows\System32\temp.000
2008-08-24 01:23 . 2000-02-08 02:53 120,832 --a------ C:\Windows\System32\WkWin32.dll
2008-08-24 01:23 . 1999-03-23 10:42 39,136 --a------ C:\Windows\System32\cdrom.sys
2008-08-24 01:23 . 2008-08-24 01:23 91 --a------ C:\Windows\magix.ini
2008-08-20 23:25 . 2008-08-20 23:25 <REP> d-------- C:\Program Files\GrabIt
2008-08-19 23:06 . 2008-09-18 18:09 69 --a------ C:\Windows\NeroDigital.ini
2008-08-19 21:54 . 2008-09-04 20:58 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-08-19 21:47 . 2008-08-19 21:47 <REP> d-------- C:\Users\All Users\AppData
2008-08-19 21:47 . 2008-08-19 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AppData
2008-08-19 21:40 . 2008-08-28 18:51 <REP> d-------- C:\Program Files\GENIUS TABLET
2008-08-18 17:43 . 2008-08-18 17:43 <REP> d-------- C:\Program Files\SuperCopier2
2008-08-18 17:39 . 2008-08-18 17:39 <REP> d-------- C:\Program Files\WIBU-SYSTEMS
2008-08-18 17:39 . 2008-08-18 17:39 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 17:39 . 2008-08-18 17:39 <REP> d-------- C:\Program Files\CodeMeter
2008-08-18 17:38 . 2007-04-27 10:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll
2008-08-18 17:37 . 2008-08-24 01:13 <REP> d-------- C:\Windows\System32\MAGIX
2008-08-18 17:37 . 2008-04-15 16:14 700,416 --------- C:\Windows\System32\mgxoschk.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 22:04 --------- d-----w C:\Program Files\LogMeIn
2008-09-17 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 20:50 --------- d-----w C:\Program Files\Avast4
2008-09-16 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 21:26 358,464 ----a-w C:\Windows\system32\drivers\ar5513.sys
2008-09-16 20:04 --------- d-----w C:\Program Files\BSplayer
2008-09-11 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-04 19:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-02 17:29 --------- d-----w C:\Program Files\Microsoft Works
2008-09-02 17:28 --------- d-----w C:\Program Files\MSBuild
2008-08-28 16:49 53,248 ----a-w C:\Windows\system32\drivers\ST~544C.tmp
2008-08-28 16:49 323,584 ----a-w C:\Windows\SetupX32.EXE
2008-08-28 16:49 18,944 ----a-w C:\Windows\system32\drivers\PTSimBus.sys
2008-08-28 16:49 18,432 ----a-w C:\Windows\system32\drivers\TClass2k.sys
2008-08-28 16:49 17,920 ----a-w C:\Windows\system32\drivers\Tablet2k.sys
2008-08-28 16:49 12,800 ----a-w C:\Windows\system32\drivers\UCTblHid.sys
2008-08-28 16:49 10,752 ----a-w C:\Windows\system32\drivers\PTSimHid.sys
2008-08-24 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-08-20 23:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-17 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-08-16 20:45 --------- d-----w C:\Program Files\SiS VGA Utilities
2008-08-16 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-08-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-16 20:15 --------- d-----w C:\Program Files\TomTom HOME 2
2008-08-16 20:04 --------- d-----w C:\Program Files\BOSS
2008-08-16 19:50 --------- d-----w C:\Program Files\Guitar Pro 5
2008-08-16 18:42 --------- d-----w C:\Program Files\Bonjour
2008-08-16 18:32 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-16 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-16 18:00 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-16 17:43 --------- d-----w C:\Program Files\Guitar Rig Native Instruments
2008-08-16 17:42 --------- d-----w C:\Program Files\Common Files\Native Instruments
2008-08-16 17:42 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-08-16 16:02 --------- d-----w C:\Program Files\Apple Software Update
2008-08-16 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-16 13:14 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-16 12:47 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-08-16 12:25 --------- d-----w C:\Program Files\DivX
2008-08-16 12:24 --------- d-----w C:\Program Files\Foxit Software
2008-08-15 21:34 --------- d-----w C:\Program Files\VLC
2008-08-15 12:22 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 12:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-13 12:29 --------- d-----w C:\Program Files\Java
2008-08-13 12:25 --------- d-----w C:\Program Files\Common Files\Java
2008-08-12 15:04 --------- d-----w C:\Program Files\Windows Live
2008-08-12 15:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-12 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-12 13:23 --------- d-----w C:\Program Files\Vimicro
2008-08-12 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\eMule
2008-08-12 11:42 --------- d-----w C:\Program Files\Google
2008-08-12 11:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-12 11:35 --------- d-----w C:\Program Files\Roxio
2008-08-12 11:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-08-12 11:35 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-08-12 11:35 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-12 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-08-12 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-12 11:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-12 11:30 --------- d-----w C:\Program Files\Seagate
2008-08-12 11:28 --------- d-----w C:\Program Files\Packard Bell ImageWriter
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Templates
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Start Menu
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Favorites
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Documents
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Desktop
2008-08-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Application Data
2008-08-12 11:16 --------- d-----w C:\Program Files\eMule
2008-08-12 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-12 10:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-12 10:42 --------- d-sh--w C:\Program Files\Fichiers communs
2008-08-12 10:42 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\Modèles
2008-08-12 10:42 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\Menu Démarrer
2008-08-12 10:42 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\Favoris
2008-08-12 10:42 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\Bureau
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-09-18_19.26.46.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-09-17 21:10:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-18 18:35:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-18 18:35:11 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-17 21:10:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-18 18:35:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-18 18:35:11 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-18 15:55:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-18 18:35:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-18 15:55:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-18 18:35:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-18 15:55:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-18 18:35:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-17 21:42:56 105,078 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-18 18:32:44 105,078 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-17 21:42:56 128,212 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-18 18:32:44 128,212 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-17 21:42:56 595,748 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-18 18:32:44 595,748 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-17 21:42:56 679,180 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-18 18:32:44 679,180 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-17 21:10:34 5,978 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-869092566-848032560-3345837901-1000_UserData.bin
+ 2008-09-18 18:27:08 6,054 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-869092566-848032560-3345837901-1000_UserData.bin
- 2008-09-17 21:10:34 60,514 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-18 18:27:08 60,600 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-17 21:10:30 39,892 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-18 18:27:06 40,018 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-17 29744]
"SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [2007-12-07 552960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 C:\Windows\SkyTel.exe]
"WTClient"="WTClient.exe" [2007-04-11 C:\Windows\System32\WTClient.exe]

C:\Users\Kiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2007-03-23 4984832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= rddv1052.dll
"midi1"= rddv1052.dll

[HKLM\~\startupfolder\C:^Users^Kiao^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Kiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
--a------ 2008-02-22 11:31 262080 C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-01-11 11:40 232184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 18:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"= C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AF84C3E7-4A60-4355-BB5F-E2818409FC55}C:\\program files\\packard bell\\updator\\pbupdator.exe"= UDP:C:\program files\packard bell\updator\pbupdator.exe:Packard Bell Updator
"UDP Query User{C1085A72-AFC8-4E40-9DC0-208DDF511056}C:\\program files\\packard bell\\updator\\pbupdator.exe"= TCP:C:\program files\packard bell\updator\pbupdator.exe:Packard Bell Updator
"TCP Query User{DB7A8AB8-9CAA-472F-A7CC-39B877DF0D99}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{97C7670E-45D0-4D51-A55F-93FBF5374C51}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{5E56B07E-9766-4CC9-8122-9BC54D87876E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A693AD04-3F13-4BA5-BC4D-13E0B18A2C23}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1A5C66B1-B8AC-4560-94EB-DA2B545EFA81}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A3ECB454-C895-4957-BF7C-1BE37250092C}C:\\users\\public\\downloads\\emule\\incoming\\foxit.pdf.editor.v1.4.1531.cracked-apo\\crack\\pdfedit.exe"= UDP:C:\users\public\downloads\emule\incoming\foxit.pdf.editor.v1.4.1531.cracked-apo\crack\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{F4459315-91C7-4A42-8A5F-AC697C7B56B6}C:\\users\\public\\downloads\\emule\\incoming\\foxit.pdf.editor.v1.4.1531.cracked-apo\\crack\\pdfedit.exe"= TCP:C:\users\public\downloads\emule\incoming\foxit.pdf.editor.v1.4.1531.cracked-apo\crack\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{84583D22-DDFC-4326-AA09-B8C7AA904AB5}C:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:C:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{05A5AFE2-C35E-4D9A-BDC7-FC928B2A978D}C:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:C:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{7472966A-E087-4925-91BE-D1431BF1E48C}C:\\program files\\vlc\\vlc.exe"= UDP:C:\program files\vlc\vlc.exe:VLC media player
"UDP Query User{22068BE2-A927-4AD8-B1AC-CA15A037172A}C:\\program files\\vlc\\vlc.exe"= TCP:C:\program files\vlc\vlc.exe:VLC media player
"{8FEE72EC-D364-4ACE-AB32-E3D1B97CD602}"= UDP:C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:CodeMeter Runtime Server
"{258E40D6-2D41-4B9B-B981-2997AE242417}"= TCP:C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:CodeMeter Runtime Server
"{A7977830-69FE-4562-A5CC-ADDC47D54DDF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{91A49E1D-ECA7-44B1-9561-9421E1E98DEA}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2733908A-6D5E-4896-B341-D69FDC7D1BE0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{22FF60EA-B1DD-457C-8939-DDF6A3CD76CF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"= C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2007-08-23 2007040]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 AR5513;%ATHER.Service.DispName%;C:\Windows\system32\DRIVERS\ar5513.sys [2008-09-16 358464]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\system32\DRIVERS\PTSimBus.sys [2008-08-28 18944]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\system32\DRIVERS\PTSimHid.sys [2008-08-28 10752]
S3 RDID1052;BOSS GT-PRO;C:\Windows\system32\Drivers\rdwm1052.sys [2005-01-11 161749]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);C:\Windows\system32\Drivers\vmcam323av.sys [2007-04-09 232960]
S3 vvftav323;vvftav323;C:\Windows\system32\drivers\vvftav323.sys [2007-03-19 475136]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4cd9257-6b94-11dd-90b8-00179a4106aa}]
\shell\AutoRun\command - J:\Setup.exe
.
Contenu du dossier 'Tƒches planifi‚es'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-ole2nls32 - ole2nls32.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 20:35:31
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Windows\System32\conime.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\System32\drivers\WTSrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-09-18 20:39:32 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-18 18:39:21
ComboFix2.txt 2008-09-18 17:27:26

Avant-CF: 135,108,792,320 octets libres
AprŠs-CF: 134,704,345,088 octets libres

350 --- E O F --- 2008-09-18 15:56:31
1
Réponse 19 / 32
kiao Messages postés 21 Date d'inscription dimanche 25 février 2007 Statut Membre Dernière intervention 19 septembre 2008 9
18 sept. 2008 à 20:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:48, on 18/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\WTClient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kiao\Downloads\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
1
Réponse 20 / 32
Utilisateur anonyme
18 sept. 2008 à 20:45
1) désinstal emule (tu le réinstallera ensuite)

2)-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo)

:http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> Tuto : https://www.malekal.com/tutoriel-ccleaner/


ensuite dis nous pour les spams
0

Discussions similaires

'Votre colis est dans le site de livraison qui dessert votre adresse' que faire
relakztek82 -
Unemeuf -

25 réponses
Échec d’envoie message messenger
Kris68 -
Colibri -

2 réponses
"Votre colis est arrivé sur son site de distribution", cad ?
Mir -
lolol -

13 réponses
Colis en Transit sur plateforme logistique la poste
LittleFeather -
LittleFeather -

2 réponses
impossible d'envoyer un message sur Messenger
Lemiel -
Venema -

2 réponses