A voir également:
- Je n'arrive pas a enlever un virus de mon pc
- Mon pc s'allume mais ne démarre pas windows 10 - Guide
- Remettre a zero un pc - Guide
- Benchmark pc - Guide
- Mon pc rame que faire - Guide
- Plus de son sur mon pc - Guide
12 réponses
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
17 janv. 2008 à 19:13
17 janv. 2008 à 19:13
Un scan Hijackthis
- Télécharger Hijackthis :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
TUTO :
http://cybersecurite.xooit.com/t142-HijackThis-2-0-2-avec-Firefox.htm#1204
Qui est soigneseument écrit par Bruce Lee.
Poste ton rapport qui sortira sous un fichier TXT.
- Télécharger Hijackthis :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
TUTO :
http://cybersecurite.xooit.com/t142-HijackThis-2-0-2-avec-Firefox.htm#1204
Qui est soigneseument écrit par Bruce Lee.
Poste ton rapport qui sortira sous un fichier TXT.
merci d'avoir répendu a ma requéte j'envoie se que vous m'avait demander.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:27, on 17/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\GAMESP~1\Aphex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89B07DC5-B261-46A1-8E34-71090D6C421A} - C:\Windows\system32\DfrgResd.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:27, on 17/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\GAMESP~1\Aphex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89B07DC5-B261-46A1-8E34-71090D6C421A} - C:\Windows\system32\DfrgResd.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
rebonjour je voudrais juste savoir si quelqu'un a pris ma demande en compte .je vous remercie d'avance.
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
19 janv. 2008 à 11:24
19 janv. 2008 à 11:24
Analyse en cours du rapport...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
19 janv. 2008 à 11:26
19 janv. 2008 à 11:26
Re,
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
- ComboFix peut-etre detecté par certains antivirus comme un infection, c'est faux.
Ne pas en tenir compte et continuer.
Winin, le helper en sécu du web, surfez tranquilles !
Je suis moi même un antivirus.
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
- ComboFix peut-etre detecté par certains antivirus comme un infection, c'est faux.
Ne pas en tenir compte et continuer.
Winin, le helper en sécu du web, surfez tranquilles !
Je suis moi même un antivirus.
j'ai agit comme vous le souhaitier et en voici le résultat :
ComboFix 08-01-18.5 - SYSTEM 2008-01-19 14:04:48.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1494 [GMT 1:00]
Running from: C:\Users\Admin\Downloads\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.
2008-01-19 14:00 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-17 20:23 . 2008-01-17 20:23 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 18:53 . 2008-01-17 18:53 <REP> d-------- C:\Program Files\Panda Security
2008-01-17 18:36 . 2008-01-17 18:36 <REP> d-------- C:\Westwood
2008-01-17 18:36 . 2008-01-17 18:40 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-01-16 16:34 . 2008-01-16 16:34 <REP> d-------- C:\Program Files\Slayers Online
2008-01-16 15:51 . 2008-01-16 15:51 <REP> d-------- C:\Program Files\Bitmanagement Software
2008-01-16 15:51 . 2007-11-21 10:48 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-01-16 15:51 . 2007-11-21 10:48 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-01-16 15:51 . 2007-11-21 10:48 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-01-16 15:41 . 2008-01-16 16:14 <REP> d-------- C:\Program Files\Conquete 2.0
2008-01-16 15:17 . 2000-12-08 21:59 122,880 --a------ C:\Windows\UnGins.exe
2008-01-16 13:09 . 2008-01-17 16:31 <REP> d-------- C:\Program Files\RHEM3_DEMO
2008-01-15 19:28 . 2008-01-15 19:28 <REP> d-------- C:\Program Files\OpenAL
2008-01-15 19:28 . 2008-01-15 19:28 409,600 --a------ C:\Windows\System32\wrap_oal.dll
2008-01-15 19:28 . 2008-01-15 19:28 114,688 --a------ C:\Windows\System32\OpenAL32.dll
2008-01-13 18:03 . 2008-01-13 18:03 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-13 18:03 . 2008-01-13 18:03 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-13 18:03 . 2008-01-13 18:03 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-13 18:03 . 2008-01-13 18:03 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-13 18:03 . 2008-01-13 18:03 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-13 18:03 . 2008-01-13 18:03 215 --a------ C:\Windows\System32\MRT.INI
2008-01-13 18:02 . 2008-01-13 18:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-13 18:02 . 2008-01-13 18:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-13 18:02 . 2008-01-13 18:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-13 18:02 . 2008-01-13 18:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-13 18:02 . 2008-01-13 18:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-13 18:02 . 2008-01-13 18:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-13 18:02 . 2008-01-13 18:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-13 18:02 . 2008-01-13 18:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-13 18:02 . 2006-11-02 10:49 13,416 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-13 18:01 . 2008-01-13 18:01 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-12 15:39 . 2008-01-12 15:50 <REP> d-------- C:\Program Files\Ryzom
2008-01-12 15:26 . 2008-01-12 15:51 <REP> d-------- C:\Program Files\Landes Eternelles
2008-01-12 15:13 . 2008-01-12 15:13 <REP> d-------- C:\Users\Admin\WoW-2.0.0-frFR-Installer
2008-01-12 15:13 . 2008-01-12 15:13 <REP> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-10 20:17 . 2008-01-10 20:17 <REP> d-------- C:\Users\Admin\AppData\Roaming\Nero
2008-01-09 19:06 . 2008-01-09 19:06 <REP> d--h----- C:\Windows\PIF
2008-01-08 21:07 . 2008-01-08 21:07 <REP> d-------- C:\Users\Admin\AppData\Roaming\DeepBurner
2008-01-08 21:06 . 2008-01-08 21:06 <REP> d-------- C:\Program Files\Astonsoft
2008-01-07 20:32 . 2008-01-07 20:32 <REP> d-------- C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Talkback
2008-01-07 20:22 . 2008-01-07 20:22 <REP> d-------- C:\Program Files\Yahoo!
2008-01-07 20:15 . 2008-01-07 20:15 <REP> d-------- C:\Users\Admin\AppData\Roaming\Talkback
2008-01-07 20:15 . 2008-01-07 20:15 335 --a------ C:\Windows\nsreg.dat
2008-01-07 20:14 . 2008-01-13 17:17 <REP> d-------- C:\Program Files\mozilla.org
2008-01-07 20:14 . 2008-01-08 21:04 8,995 --a------ C:\Windows\mozver.dat
2008-01-07 19:14 . 2008-01-17 18:57 <REP> d-------- C:\Windows\BDOSCAN8
2008-01-07 18:27 . 2008-01-18 20:42 182 --a------ C:\Windows\NeroDigital.ini
2008-01-07 18:24 . 2008-01-07 18:24 <REP> d-------- C:\Users\All Users\Ahead
2008-01-07 18:24 . 2008-01-10 20:19 <REP> d-------- C:\Users\Admin\AppData\Roaming\Ahead
2008-01-07 18:24 . 2008-01-07 18:24 <REP> d-------- C:\ProgramData\Ahead
2008-01-07 18:21 . 2008-01-07 18:21 <REP> d-------- C:\Users\All Users\Nero
2008-01-07 18:21 . 2008-01-07 18:21 <REP> d-------- C:\ProgramData\Nero
2008-01-07 18:21 . 2008-01-07 18:21 <REP> d-------- C:\Program Files\Nero
2008-01-07 18:21 . 2008-01-07 18:23 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-01-06 13:45 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-05 23:20 . 2000-02-29 13:43 283,648 --a------ C:\Windows\uninst.exe
2008-01-04 20:23 . 2008-01-04 20:23 <REP> d-------- C:\Users\Admin\AppData\Roaming\Printer Info Cache
2008-01-04 20:23 . 2008-01-04 20:34 <REP> d-------- C:\Users\Admin\AppData\Roaming\Image Zone Express
2008-01-03 19:54 . 2008-01-03 20:04 <REP> d-------- C:\Program Files\WinSTon
2008-01-03 17:50 . 2008-01-03 17:50 <REP> d-------- C:\Users\Admin\AppData\Roaming\dvdcss
2008-01-03 08:46 . 2008-01-03 08:46 <REP> d-------- C:\UltrahleSAV
2008-01-03 08:44 . 2008-01-09 17:05 <REP> d-------- C:\Program Files\Project64 v1.5
2008-01-01 10:12 . 2008-01-13 17:50 <REP> d-------- C:\Program Files\Avast4
2007-12-31 17:03 . 2007-12-31 17:03 <REP> d-------- C:\Users\Admin\AppData\Roaming\vlc
2007-12-31 17:02 . 2007-12-31 17:02 <REP> d-------- C:\Program Files\VideoLAN
2007-12-30 20:08 . 2006-08-05 17:25 87,424 --a------ C:\Windows\System32\drivers\aswmon2.sys
2007-12-30 20:08 . 2006-08-05 17:25 85,952 --a------ C:\Windows\System32\drivers\aswmon.sys
2007-12-30 20:08 . 2006-08-05 17:22 36,176 --a------ C:\Windows\System32\drivers\aswTdi.sys
2007-12-30 20:08 . 2006-08-05 17:20 24,304 --a------ C:\Windows\System32\drivers\aavmker4.sys
2007-12-30 20:08 . 2006-08-05 17:24 16,352 --a------ C:\Windows\System32\drivers\aswRdr.sys
2007-12-30 20:07 . 2007-12-30 20:07 <REP> d-------- C:\Program Files\Alwil Software
2007-12-30 20:07 . 2006-08-08 18:53 635,520 --a------ C:\Windows\System32\aswBoot.exe
2007-12-30 20:07 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2007-12-30 20:07 . 2006-08-05 08:18 90,112 --a------ C:\Windows\System32\AVASTSS.scr
2007-12-29 13:13 . 2007-12-29 13:13 <REP> d-------- C:\Users\Admin\AppData\Roaming\AdobeUM
2007-12-29 10:15 . 2007-12-29 10:15 <REP> d-------- C:\Users\Admin\AppData\Roaming\ATI
2007-12-28 17:26 . 2008-01-13 19:07 186,076,089 --a------ C:\Windows\MEMORY.DMP
2007-12-28 15:04 . 2008-01-03 08:43 <REP> d-------- C:\Users\Admin\AppData\Roaming\Corel
2007-12-28 15:03 . 2007-12-28 15:03 <REP> d-------- C:\Users\All Users\Corel
2007-12-28 15:03 . 2007-12-28 15:03 <REP> d-------- C:\ProgramData\Corel
2007-12-28 15:03 . 2007-12-28 15:03 <REP> d-------- C:\Program Files\Common Files\Corel
2007-12-28 14:59 . 2008-01-03 08:43 2,516 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2007-12-28 14:59 . 2008-01-03 08:42 88 -r-hs---- C:\Windows\System32\A7D464C49E.sys
2007-12-28 14:58 . 2007-12-28 15:03 <REP> d-------- C:\Program Files\Corel
2007-12-28 14:43 . 2007-12-28 14:47 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-28 14:43 . 2007-11-05 05:34 43,528 --------- C:\Windows\System32\drivers\PxHelp20.sys
2007-12-28 14:43 . 2007-11-05 05:34 9,464 --------- C:\Windows\System32\drivers\cdralw2k.sys
2007-12-28 14:43 . 2007-11-05 05:34 9,336 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2007-12-28 14:25 . 2007-12-28 14:25 <REP> d-------- C:\Users\Admin\AppData\Roaming\ABBYY
2007-12-28 14:19 . 2007-12-28 14:26 <REP> d-------- C:\Users\All Users\ABBYY
2007-12-28 14:19 . 2007-12-28 14:26 <REP> d-------- C:\ProgramData\ABBYY
2007-12-28 13:49 . 2007-12-28 13:49 2,923,520 --a------ C:\Windows\explorer.exe
2007-12-28 13:48 . 2007-12-28 13:48 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-12-28 13:48 . 2007-12-28 13:48 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-12-28 13:46 . 2007-12-28 13:46 414,208 --a------ C:\Windows\System32\msscp.dll
2007-12-28 13:44 . 2007-12-28 13:44 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-12-28 13:44 . 2007-12-28 13:44 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-12-28 13:43 . 2007-12-28 13:43 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2007-12-28 13:43 . 2007-12-28 13:43 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 19:01 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 17:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-13 17:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-13 17:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-13 17:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-13 17:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 11:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-02 11:05 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 09:20 --------- d-----w C:\ProgramData\Symantec
2007-12-30 19:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 16:04 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-28 12:55 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 12:52 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 12:52 --------- d-----w C:\Program Files\Windows Calendar
2007-12-28 12:50 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-28 12:50 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-28 12:50 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-28 12:50 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-28 12:50 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-28 12:50 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-28 12:50 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-28 12:50 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-28 12:50 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-28 12:50 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-28 12:50 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-28 12:50 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-28 12:50 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-28 12:50 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-28 12:50 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-28 12:50 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-28 12:50 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-28 12:50 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-28 12:50 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-28 12:50 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-28 12:50 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-28 12:50 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-28 12:49 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 12:49 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-28 12:49 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-28 12:49 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-28 12:49 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-28 12:49 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2007-12-28 12:49 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2007-12-28 12:49 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2007-12-28 12:49 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-28 12:49 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-28 12:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-28 12:49 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-28 12:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-28 12:45 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-28 12:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-28 12:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-28 12:45 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-12-28 12:45 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-28 12:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-28 12:45 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-28 12:45 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-28 12:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-28 12:45 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-12-28 12:45 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-28 12:45 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-28 12:45 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-12-28 12:41 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-28 12:41 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-28 12:41 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-28 12:41 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-28 12:41 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-28 12:41 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-28 12:41 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-28 12:41 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-28 12:41 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-28 12:41 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-28 12:41 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-28 12:39 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-28 12:39 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-28 12:39 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-28 12:39 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-28 12:39 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-28 12:39 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-28 12:39 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-28 12:39 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-28 12:39 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-28 12:39 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-28 12:39 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-28 12:39 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-28 12:39 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-28 12:39 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-28 12:39 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-28 12:37 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-28 12:37 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-28 12:37 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-28 12:37 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-28 12:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-28 12:37 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-28 12:37 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-28 12:37 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-28 10:59 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-28 10:59 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-28 10:59 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89B07DC5-B261-46A1-8E34-71090D6C421A}]
C:\Windows\system32\DfrgResd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 18:01 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 12:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 20:33:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
C:\Windows\system32\drivers\hldrrr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2007-05-13 15:57 5308416 C:\Program Files\eMule\emule.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
--a------ 2007-04-12 07:00 182272 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2007-03-12 10:22 517768 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
--a------ 2006-12-12 19:16 90112 C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-12-28 13:47 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
C:\Users\Admin\AppData\Local\Temp\svchost.exe
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 04:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-12-04 17:51]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 17:54]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 15:04]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 14:07:40
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-19 14:09:09 - machine was rebooted [Admin]
ComboFix-quarantined-files.txt 2008-01-19 13:09:06
.
2008-01-17 21:49:02 --- E O F ---
ComboFix 08-01-18.5 - SYSTEM 2008-01-19 14:04:48.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1494 [GMT 1:00]
Running from: C:\Users\Admin\Downloads\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.
2008-01-19 14:00 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-17 20:23 . 2008-01-17 20:23 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 18:53 . 2008-01-17 18:53 <REP> d-------- C:\Program Files\Panda Security
2008-01-17 18:36 . 2008-01-17 18:36 <REP> d-------- C:\Westwood
2008-01-17 18:36 . 2008-01-17 18:40 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-01-16 16:34 . 2008-01-16 16:34 <REP> d-------- C:\Program Files\Slayers Online
2008-01-16 15:51 . 2008-01-16 15:51 <REP> d-------- C:\Program Files\Bitmanagement Software
2008-01-16 15:51 . 2007-11-21 10:48 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-01-16 15:51 . 2007-11-21 10:48 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-01-16 15:51 . 2007-11-21 10:48 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-01-16 15:41 . 2008-01-16 16:14 <REP> d-------- C:\Program Files\Conquete 2.0
2008-01-16 15:17 . 2000-12-08 21:59 122,880 --a------ C:\Windows\UnGins.exe
2008-01-16 13:09 . 2008-01-17 16:31 <REP> d-------- C:\Program Files\RHEM3_DEMO
2008-01-15 19:28 . 2008-01-15 19:28 <REP> d-------- C:\Program Files\OpenAL
2008-01-15 19:28 . 2008-01-15 19:28 409,600 --a------ C:\Windows\System32\wrap_oal.dll
2008-01-15 19:28 . 2008-01-15 19:28 114,688 --a------ C:\Windows\System32\OpenAL32.dll
2008-01-13 18:03 . 2008-01-13 18:03 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-13 18:03 . 2008-01-13 18:03 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-13 18:03 . 2008-01-13 18:03 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-13 18:03 . 2008-01-13 18:03 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-13 18:03 . 2008-01-13 18:03 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-13 18:03 . 2008-01-13 18:03 215 --a------ C:\Windows\System32\MRT.INI
2008-01-13 18:02 . 2008-01-13 18:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-13 18:02 . 2008-01-13 18:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-13 18:02 . 2008-01-13 18:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-13 18:02 . 2008-01-13 18:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-13 18:02 . 2008-01-13 18:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-13 18:02 . 2008-01-13 18:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-13 18:02 . 2008-01-13 18:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-13 18:02 . 2008-01-13 18:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-13 18:02 . 2006-11-02 10:49 13,416 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-13 18:01 . 2008-01-13 18:01 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-12 15:39 . 2008-01-12 15:50 <REP> d-------- C:\Program Files\Ryzom
2008-01-12 15:26 . 2008-01-12 15:51 <REP> d-------- C:\Program Files\Landes Eternelles
2008-01-12 15:13 . 2008-01-12 15:13 <REP> d-------- C:\Users\Admin\WoW-2.0.0-frFR-Installer
2008-01-12 15:13 . 2008-01-12 15:13 <REP> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-10 20:17 . 2008-01-10 20:17 <REP> d-------- C:\Users\Admin\AppData\Roaming\Nero
2008-01-09 19:06 . 2008-01-09 19:06 <REP> d--h----- C:\Windows\PIF
2008-01-08 21:07 . 2008-01-08 21:07 <REP> d-------- C:\Users\Admin\AppData\Roaming\DeepBurner
2008-01-08 21:06 . 2008-01-08 21:06 <REP> d-------- C:\Program Files\Astonsoft
2008-01-07 20:32 . 2008-01-07 20:32 <REP> d-------- C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Talkback
2008-01-07 20:22 . 2008-01-07 20:22 <REP> d-------- C:\Program Files\Yahoo!
2008-01-07 20:15 . 2008-01-07 20:15 <REP> d-------- C:\Users\Admin\AppData\Roaming\Talkback
2008-01-07 20:15 . 2008-01-07 20:15 335 --a------ C:\Windows\nsreg.dat
2008-01-07 20:14 . 2008-01-13 17:17 <REP> d-------- C:\Program Files\mozilla.org
2008-01-07 20:14 . 2008-01-08 21:04 8,995 --a------ C:\Windows\mozver.dat
2008-01-07 19:14 . 2008-01-17 18:57 <REP> d-------- C:\Windows\BDOSCAN8
2008-01-07 18:27 . 2008-01-18 20:42 182 --a------ C:\Windows\NeroDigital.ini
2008-01-07 18:24 . 2008-01-07 18:24 <REP> d-------- C:\Users\All Users\Ahead
2008-01-07 18:24 . 2008-01-10 20:19 <REP> d-------- C:\Users\Admin\AppData\Roaming\Ahead
2008-01-07 18:24 . 2008-01-07 18:24 <REP> d-------- C:\ProgramData\Ahead
2008-01-07 18:21 . 2008-01-07 18:21 <REP> d-------- C:\Users\All Users\Nero
2008-01-07 18:21 . 2008-01-07 18:21 <REP> d-------- C:\ProgramData\Nero
2008-01-07 18:21 . 2008-01-07 18:21 <REP> d-------- C:\Program Files\Nero
2008-01-07 18:21 . 2008-01-07 18:23 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-01-06 13:45 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-05 23:20 . 2000-02-29 13:43 283,648 --a------ C:\Windows\uninst.exe
2008-01-04 20:23 . 2008-01-04 20:23 <REP> d-------- C:\Users\Admin\AppData\Roaming\Printer Info Cache
2008-01-04 20:23 . 2008-01-04 20:34 <REP> d-------- C:\Users\Admin\AppData\Roaming\Image Zone Express
2008-01-03 19:54 . 2008-01-03 20:04 <REP> d-------- C:\Program Files\WinSTon
2008-01-03 17:50 . 2008-01-03 17:50 <REP> d-------- C:\Users\Admin\AppData\Roaming\dvdcss
2008-01-03 08:46 . 2008-01-03 08:46 <REP> d-------- C:\UltrahleSAV
2008-01-03 08:44 . 2008-01-09 17:05 <REP> d-------- C:\Program Files\Project64 v1.5
2008-01-01 10:12 . 2008-01-13 17:50 <REP> d-------- C:\Program Files\Avast4
2007-12-31 17:03 . 2007-12-31 17:03 <REP> d-------- C:\Users\Admin\AppData\Roaming\vlc
2007-12-31 17:02 . 2007-12-31 17:02 <REP> d-------- C:\Program Files\VideoLAN
2007-12-30 20:08 . 2006-08-05 17:25 87,424 --a------ C:\Windows\System32\drivers\aswmon2.sys
2007-12-30 20:08 . 2006-08-05 17:25 85,952 --a------ C:\Windows\System32\drivers\aswmon.sys
2007-12-30 20:08 . 2006-08-05 17:22 36,176 --a------ C:\Windows\System32\drivers\aswTdi.sys
2007-12-30 20:08 . 2006-08-05 17:20 24,304 --a------ C:\Windows\System32\drivers\aavmker4.sys
2007-12-30 20:08 . 2006-08-05 17:24 16,352 --a------ C:\Windows\System32\drivers\aswRdr.sys
2007-12-30 20:07 . 2007-12-30 20:07 <REP> d-------- C:\Program Files\Alwil Software
2007-12-30 20:07 . 2006-08-08 18:53 635,520 --a------ C:\Windows\System32\aswBoot.exe
2007-12-30 20:07 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2007-12-30 20:07 . 2006-08-05 08:18 90,112 --a------ C:\Windows\System32\AVASTSS.scr
2007-12-29 13:13 . 2007-12-29 13:13 <REP> d-------- C:\Users\Admin\AppData\Roaming\AdobeUM
2007-12-29 10:15 . 2007-12-29 10:15 <REP> d-------- C:\Users\Admin\AppData\Roaming\ATI
2007-12-28 17:26 . 2008-01-13 19:07 186,076,089 --a------ C:\Windows\MEMORY.DMP
2007-12-28 15:04 . 2008-01-03 08:43 <REP> d-------- C:\Users\Admin\AppData\Roaming\Corel
2007-12-28 15:03 . 2007-12-28 15:03 <REP> d-------- C:\Users\All Users\Corel
2007-12-28 15:03 . 2007-12-28 15:03 <REP> d-------- C:\ProgramData\Corel
2007-12-28 15:03 . 2007-12-28 15:03 <REP> d-------- C:\Program Files\Common Files\Corel
2007-12-28 14:59 . 2008-01-03 08:43 2,516 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2007-12-28 14:59 . 2008-01-03 08:42 88 -r-hs---- C:\Windows\System32\A7D464C49E.sys
2007-12-28 14:58 . 2007-12-28 15:03 <REP> d-------- C:\Program Files\Corel
2007-12-28 14:43 . 2007-12-28 14:47 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-28 14:43 . 2007-11-05 05:34 43,528 --------- C:\Windows\System32\drivers\PxHelp20.sys
2007-12-28 14:43 . 2007-11-05 05:34 9,464 --------- C:\Windows\System32\drivers\cdralw2k.sys
2007-12-28 14:43 . 2007-11-05 05:34 9,336 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2007-12-28 14:25 . 2007-12-28 14:25 <REP> d-------- C:\Users\Admin\AppData\Roaming\ABBYY
2007-12-28 14:19 . 2007-12-28 14:26 <REP> d-------- C:\Users\All Users\ABBYY
2007-12-28 14:19 . 2007-12-28 14:26 <REP> d-------- C:\ProgramData\ABBYY
2007-12-28 13:49 . 2007-12-28 13:49 2,923,520 --a------ C:\Windows\explorer.exe
2007-12-28 13:48 . 2007-12-28 13:48 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-12-28 13:48 . 2007-12-28 13:48 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-12-28 13:46 . 2007-12-28 13:46 414,208 --a------ C:\Windows\System32\msscp.dll
2007-12-28 13:44 . 2007-12-28 13:44 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-12-28 13:44 . 2007-12-28 13:44 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-12-28 13:43 . 2007-12-28 13:43 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2007-12-28 13:43 . 2007-12-28 13:43 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 19:01 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 17:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-13 17:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-13 17:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-13 17:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-13 17:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-02 11:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-02 11:05 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 09:20 --------- d-----w C:\ProgramData\Symantec
2007-12-30 19:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 16:04 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-28 12:55 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 12:52 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 12:52 --------- d-----w C:\Program Files\Windows Calendar
2007-12-28 12:50 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-28 12:50 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-28 12:50 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-28 12:50 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-28 12:50 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-28 12:50 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-28 12:50 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-28 12:50 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-28 12:50 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-28 12:50 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-28 12:50 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-28 12:50 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-28 12:50 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-28 12:50 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-28 12:50 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-28 12:50 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-28 12:50 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-28 12:50 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-28 12:50 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-28 12:50 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-28 12:50 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-28 12:50 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-28 12:49 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 12:49 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-28 12:49 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-28 12:49 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-28 12:49 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-28 12:49 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2007-12-28 12:49 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2007-12-28 12:49 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2007-12-28 12:49 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-28 12:49 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-28 12:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-28 12:49 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-28 12:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-28 12:45 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-28 12:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-28 12:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-28 12:45 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-12-28 12:45 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-28 12:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-28 12:45 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-28 12:45 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-28 12:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-28 12:45 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-12-28 12:45 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-28 12:45 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-28 12:45 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-12-28 12:41 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-28 12:41 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-28 12:41 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-28 12:41 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-28 12:41 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-28 12:41 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-28 12:41 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-28 12:41 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-28 12:41 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-28 12:41 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-28 12:41 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-28 12:39 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-28 12:39 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-28 12:39 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-28 12:39 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-28 12:39 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-28 12:39 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-28 12:39 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-28 12:39 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-28 12:39 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-28 12:39 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-28 12:39 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-28 12:39 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-28 12:39 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-28 12:39 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-28 12:39 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-28 12:37 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-28 12:37 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-28 12:37 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-28 12:37 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-28 12:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-28 12:37 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-28 12:37 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-28 12:37 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-28 10:59 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-28 10:59 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-28 10:59 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89B07DC5-B261-46A1-8E34-71090D6C421A}]
C:\Windows\system32\DfrgResd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 18:01 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 12:04 4423680 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 20:33:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
C:\Windows\system32\drivers\hldrrr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2007-05-13 15:57 5308416 C:\Program Files\eMule\emule.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
--a------ 2007-04-12 07:00 182272 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2007-03-12 10:22 517768 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
--a------ 2006-12-12 19:16 90112 C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-12-28 13:47 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
C:\Users\Admin\AppData\Local\Temp\svchost.exe
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 04:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-12-04 17:51]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 17:54]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 15:04]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 14:07:40
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-19 14:09:09 - machine was rebooted [Admin]
ComboFix-quarantined-files.txt 2008-01-19 13:09:06
.
2008-01-17 21:49:02 --- E O F ---
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
19 janv. 2008 à 14:19
19 janv. 2008 à 14:19
Fais un scan en ligne de Kaspersky :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Poste le rapport :
hiboox.com
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Poste le rapport :
hiboox.com
bonjour que voulai vous que je face , un scan ok mais ensuite je le poste sur le forum? pourquoi avoir marquer hiboox.com
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
19 janv. 2008 à 17:45
19 janv. 2008 à 17:45
hiboox.com est le site où tu pourra stocker ton rapport et nous donner un lien.
je n'arrive pas a poster le rapport , sa me marque que se n'est pas au bon format . il s'agit d'un fichier texte ne voulait vous pas que je le poste ici?
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
19 janv. 2008 à 19:18
19 janv. 2008 à 19:18
Re, convertit le :
https://www.unibet.co.uk/?mktid=1:1419722:8389-9633
https://www.unibet.co.uk/?mktid=1:1419722:8389-9633
