Hijackthis

Bonjour, a tous

Je voudrais me rassurer sur l etat de mon Pc et de Vista


ComboFix 08-02-25.3 - philippe 2008-02-27 16:52:36.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1162 [GMT 1:00]
Endroit: C:\Users\philippe\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Temporary

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 15:41 27,620 ----a-w C:\Users\philippe\AppData\Roaming\nvModes.dat
2008-02-27 15:40 --------- d-----w C:\Program Files\a-squared Free
2008-02-27 11:26 3,266 ----a-w C:\Windows\System32\tmp.reg
2008-02-27 11:02 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2008-02-27 07:44 --------- d-----w C:\Program Files\Windows Live
2008-02-27 07:44 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 07:41 --------- d-----w C:\ProgramData\WLInstaller
2008-02-26 07:29 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-02-25 21:33 --------- d-----w C:\Program Files\Trend Micro
2008-02-25 14:18 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-25 12:50 --------- d-----w C:\Program Files\Dot1XCfg
2008-02-25 12:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-25 12:00 --------- d---a-w C:\ProgramData\TEMP
2008-02-25 11:52 --------- d-----w C:\Users\philippe\AppData\Roaming\Download Manager
2008-02-24 08:38 --------- d-----w C:\Users\philippe\AppData\Roaming\ESET
2008-02-24 08:36 --------- d-----w C:\ProgramData\ESET
2008-02-24 08:36 --------- d-----w C:\Program Files\ESET
2008-02-24 07:35 --------- d-----w C:\Program Files\Objective Tarot
2008-02-22 18:10 --------- d-----w C:\Users\philippe\AppData\Roaming\OFFICEOne7
2008-02-22 17:44 86,016 ----a-w C:\Windows\System32\VACFix.exe
2008-02-16 04:49 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-02-16 04:24 --------- d-----w C:\Program Files\FoxTarot4
2008-02-15 08:25 --------- d-----w C:\Users\philippe\AppData\Roaming\InstallShield
2008-02-15 08:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 21:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 21:27 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 21:25 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 21:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 21:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 21:25 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 21:25 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 21:25 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 21:25 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 21:24 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 21:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 21:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 21:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 21:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 21:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 21:24 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 21:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 21:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 21:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 21:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 21:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-14 21:22 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 21:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 21:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 21:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 19:04 --------- d-----w C:\Users\philippe\AppData\Roaming\Intel
2008-02-14 16:43 --------- d-----w C:\ProgramData\Grisoft
2008-02-14 15:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-14 15:48 --------- d-----w C:\Users\philippe\AppData\Roaming\uTorrent
2008-02-14 15:48 --------- d-----w C:\ProgramData\P4G
2008-02-14 13:19 --------- d-----w C:\Users\philippe\AppData\Roaming\Uniblue
2008-02-14 12:32 --------- d-----w C:\Program Files\Everest Poker
2008-02-08 18:43 --------- d-----w C:\Program Files\Nokia
2008-02-08 18:43 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-08 18:43 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-08 18:39 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-08 09:37 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-02-07 17:22 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-07 17:20 --------- d-----w C:\ProgramData\Ahead
2008-02-07 17:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-07 17:16 --------- d-----w C:\ProgramData\Nero
2008-02-07 14:00 --------- d-----w C:\Program Files\eMule
2008-02-03 19:50 164,352 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-02-02 09:44 --------- d-----w C:\Users\philippe\AppData\Roaming\AntivirusOrdi
2008-01-31 14:00 --------- d-----w C:\Users\philippe\AppData\Roaming\OFFICE One v7
2008-01-31 13:52 --------- d-----w C:\Program Files\ISSENDIS
2008-01-31 13:48 --------- d-----w C:\ProgramData\OFFICE One v7
2008-01-31 13:48 --------- d-----w C:\Program Files\OFFICE One v7
2008-01-31 13:46 --------- d-----w C:\Program Files\OFFICE One Games
2008-01-31 13:41 16,384 ----a-w C:\Windows\System32\DsrSleep.dll
2008-01-31 13:37 77,824 ----a-w C:\Windows\System32\oopmdisp.exe
2008-01-31 13:37 69,632 ----a-w C:\Windows\System32\oopmagentts.exe
2008-01-31 13:37 624,128 ----a-w C:\Windows\System32\PDFCreatorPilot2.dll
2008-01-31 13:37 31,232 ----a-w C:\Windows\System32\progress.exe
2008-01-31 13:37 26,112 ----a-w C:\Windows\System32\oopmpm.dll
2008-01-31 13:36 --------- d-----w C:\ProgramData\Ciel
2008-01-31 13:36 --------- d-----w C:\Program Files\Common Files\Ciel
2008-01-31 13:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-31 13:24 --------- d-----w C:\Program Files\OFFICE One 7.0
2008-01-31 11:21 --------- d-----w C:\ProgramData\Apple
2008-01-31 11:21 --------- d-----w C:\Program Files\Apple Software Update
2008-01-31 10:41 --------- d-----w C:\Users\philippe\AppData\Roaming\GlarySoft
2008-01-30 11:38 71,176 ----a-w C:\Windows\system32\drivers\epfw.sys
2008-01-30 11:38 54,280 ----a-w C:\Windows\system32\drivers\epfwtdi.sys
2008-01-30 11:38 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys
2008-01-30 11:35 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys
2008-01-30 11:35 29,704 ----a-w C:\Windows\system32\drivers\easdrv.sys
2008-01-29 19:16 --------- d-----w C:\ProgramData\Apple Computer
2008-01-29 19:00 --------- d-----w C:\ProgramData\Installations
2008-01-29 18:55 --------- d-----w C:\Users\philippe\AppData\Roaming\PC Suite
2008-01-29 18:53 --------- d-----w C:\Users\philippe\AppData\Roaming\Nokia
2008-01-29 18:48 --------- d-----w C:\ProgramData\Nokia
2008-01-29 18:27 --------- d-----w C:\ProgramData\PC Suite
2008-01-29 18:17 --------- d-----w C:\Program Files\DIFX
2008-01-28 16:38 --------- d-----w C:\Program Files\uTorrent
2008-01-25 08:58 --------- d-----w C:\Users\philippe\AppData\Roaming\Ahead
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayide­ntifiers\ADSMOverlayIcon]
@={A825576B-0042-4F0F-8FB0-93CE0F054E69}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayide­ntifiers\ADSMOverlayIcon1]
@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}

[HKEY_CLASSES_ROOT\CLSID\{A825576B-0042-4F0F-8FB0-93CE0F054E69}]
2007-06-15 19:28 147456 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 02:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-23 14:26 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"BMfffb04a5"="C:\Users\philippe\AppData\Local\Temp\golreebn.dll" [2008-02-26 17:45 91712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 22:37 174872]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-22 15:34 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-22 15:34 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-22 15:34 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 12:04 4423680 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 10:31 630784]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 07:36 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 14:24 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 19:10 778240]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-11-19 19:59 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-11-19 19:59 33136]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\qttask.exe" [2007-02-16 10:54 282624]
"ooquickpdfv7"="C:\Windows\system32\oopmagentts.exe" [2008-01-31 14:37 69632]
"bm"="C:\Program Files\Common Files\AntivirusOrdi\bm.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-06-01 10:05 1057328]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-01-30 12:37 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{18D92339-9B37-47F3-91E2-D104D35B2952}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9C61006D-D3C5-4A80-B996-E7464748E7F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{5BCEFB1A-40C7-479C-B37E-4C66AD4DA138}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"UDP Query User{A5B9D7B6-887D-4E6B-A7D7-2FA3BA353588}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"TCP Query User{2429E1B3-C2F0-42F0-A9BC-D257E1C8D8B2}C:\program files\real\realplayer\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
"UDP Query User{8D745DEA-9911-429C-8325-43563F40982A}C:\program files\real\realplayer\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
"TCP Query User{119CBCA7-C448-461B-BCEF-B4CA34B1BB7E}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus|Desc=eMule Plus
"UDP Query User{2EE34A42-E3D7-4B78-9825-57CD9EFAED48}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus|Desc=eMule Plus
"TCP Query User{2D36A57B-AFC2-4B2F-A44B-23410E7FF295}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"UDP Query User{8DC7903F-D5CD-4A55-A8CF-53D078A00DB8}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"TCP Query User{C2CE4234-14F2-47D6-B42B-18BE3A3305AE}C:\program files\nokia\nokia software updater\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater|Desc=Nokia Software Updater
"UDP Query User{F2E8E18A-5930-4EB2-8D85-88F784CF6A6C}C:\program files\nokia\nokia software updater\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater|Desc=Nokia Software Updater
"TCP Query User{4E82C757-55D5-4BA2-8840-83CB8329C176}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process |Desc=Nokia Service Layer Host Process
"UDP Query User{744069AA-AD2D-4A40-A63C-D22461CF8443}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process |Desc=Nokia Service Layer Host Process
"{F5CDB068-787A-4A38-8722-83A8D2E43413}"= UDP:4662:emuletcp
"{FBE61D76-0442-4011-9F41-FEB4EFC8A875}"= TCP:4672:emuleudp

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AsDsm;AsDsm;C:\Windows\system32\drivers\AsDsm.sys [2007-04-25 02:28]
R2 ADSMService;ADSM Service;C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 11:31]
R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 03:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 07:42]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 07:41]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-21 01:14]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 15:45]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-05-30 08:22]
S2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-16 03:02]
S3 BthAvrcp;Profil AVRCP Bluetooth;C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-11-19 19:56]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 08:30]
S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 10:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 16:05:16 C:\Windows\Tasks\User_Feed_Synchronization-{04C5EED0-AE8B-43C3-BB14-03A1CEA20FFA}.job"­;
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 17:08:45
Windows 6.0.6000 NTFS

Balayage processus cachés ...

? [1092]
? [2920]
? [3132]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll
-> C:\Users\philippe\AppData\Local\Temp\golreebn.dll
.
Temps d'accomplissement: 2008-02-27 17:09:29
.
2008-02-27 14:40:47 --- E O F ---


CORDIALEMENT, KOMICSTRIP