Trojan-spy.Win32@mx

Tandoori -  
papyber Messages postés 6406 Date d'inscription   Statut Contributeur sécurité Dernière intervention   - 6 avril 2008 à 18:32
Bonjour,
Pourriez vous m'aider a régler ce petit probleme; j'ai un panneau attention jaune dans ma barre des taches m'affichant que mon ordinateur est infecté par "trojan-spy.Win32@mx". Lorsque je clic dessus il ouvre une page internet explorer sur un site proposant l'achat d'un anti-virus . Ma page d'acceuil d'internet explorer a aussi changée.
J'ai fais des recherches sur internet pour résoudre ce probleme, seulement je m'y suis vraiment perdu a voir toute les procedure a suivre.
Je vous serais très reconnaissant si vous pouviez m'aider.
Merci par avance de vos réponses.
A voir également:

13 réponses

Réponse 1 / 13
Tandoori Messages postés 7 Date d'inscription   Statut Membre Dernière intervention  
 
Bon après avoir relus certains messages j'ai téléchargé Hijackthis et ai fais un scan.
Voila ce que cela donne, pourriez vous m'indiquer la suite ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:59, on 30/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\NetProject\NetPrxe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetProject\sbsm.exe
C:\Windows\ehome\ehtray.exe
C:\s\Justin\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Internet Explorer\IE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\s\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ5FKCSO\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\n\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\n\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVl] RtHDVl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMS] "C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\Windows\system32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\s\Justin\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [WINSOS ] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.configsys.fr/scan/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer = 86.64.145.143,84.103.237.143
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
0
Réponse 2 / 13
papyber Messages postés 6406 Date d'inscription   Statut Contributeur sécurité Dernière intervention   257
 
il y a effectivement infection
Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
http://siri.urz.free.fr/Fix
Installe le à la racine de C\ : double clique sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
Poste le rapport
Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.
0
Réponse 3 / 13
Tandoori Messages postés 7 Date d'inscription   Statut Membre Dernière intervention  
 
Merci beaucoup de m'avoir répondu, je tient a m'exc je n'avais pas vu que tu ne voulais pas de demande par MP.
Sinon j'ai suivis tes instructions et voici ce que donne le rapport :

SmitFraudFix v2.309

Scan done at 21:58:07,52, 01/04/2008
Run from D:\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\s\Justin\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribe.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ie.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

C:\Windows\system32\375013\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\s\Justin


»»»»»»»»»»»»»»»»»»»»»»»» C:\s\Justin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\s\Justin\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\NetProject\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"init"="C:\\Windows\\system32\\init.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Connexion LAN Intel(R) 82566DC Gigabit Platform
DNS Server Search Order: 86.64.145.143
DNS Server Search Order: 84.103.237.143

HKLM\SYSTEM\CCS\Services\Tip\..\{5E3ABE2A-BBBB-41A7-83FE-D4E1EC1069C1}: DhNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer=86.64.145.143,84.103.237.143
HKLM\SYSTEM\CS1\Services\Tip\..\{5E3ABE2A-BBBB-41A7-83FE-D4E1EC1069C1}: DhNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer=86.64.145.143,84.103.237.143
HKLM\SYSTEM\CS2\Services\Tip\..\{5E3ABE2A-BBBB-41A7-83FE-D4E1EC1069C1}: DhNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer=86.64.145.143,84.103.237.143


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 4 / 13
papyber Messages postés 6406 Date d'inscription   Statut Contributeur sécurité Dernière intervention   257
 
on continue
Redémarrer l'ordinateur en mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte habituel, et non istrateur

· Double cliquer sur Smitfraudfix.exe.
· Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
· A la question Voulez-vous nettoyer le registre ?], répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection. Le fix déterminera si le fichier wininet.dll est infecté.
· A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
· Quitter le programme en appuyant sur Q.
N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
Attention que l'option 2 de l'outil supprime le fond d'écran !

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Redémarrer normalement et coller sur le forum le rapport généré et un rapport hijack this
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
Tandoori Messages postés 7 Date d'inscription   Statut Membre Dernière intervention  
 
J'ai redémarrer l'ordinateur en mode sans échec, j'ai lancé Smitfraudfix.exe.
J'ai lancé l'option 2 et au bout de quelques minutes une fenêtre "Installateur INF avancé" qui est apparue disant
"Erreur d'annulation d'enregistrement de OCX C:\Windows\temp\HardwareDetection.ocx"
J'ai ensuite cliqué sur ok (seul choix possible) ,Seulement je n'ai pas eu la seconde question.
Voila le rapport généré :

SmitFraudFix v2.309

Scan done at 22:17:54,66, 01/04/2008
Run from D:\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Windows\system32\375013\ Deleted
C:\Program Files\NetProject\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tip\..\{5E3ABE2A-BBBB-41A7-83FE-D4E1EC1069C1}: DhNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer=86.64.145.143,84.103.237.143
HKLM\SYSTEM\CS1\Services\Tip\..\{5E3ABE2A-BBBB-41A7-83FE-D4E1EC1069C1}: DhNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer=86.64.145.143,84.103.237.143
HKLM\SYSTEM\CS2\Services\Tip\..\{5E3ABE2A-BBBB-41A7-83FE-D4E1EC1069C1}: DhNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer=86.64.145.143,84.103.237.143


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


et le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:40, on 01/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\s\Justin\Program Files\DNA\btdna.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribe.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\IE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\n\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\n\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVl] RtHDVl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMS] "C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\Windows\system32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\s\Justin\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [WINSOS ] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LightScribe Control ] C:\Program Files\Common Files\LightScribe\LightScribe.exe -hidden
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem ( 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer = 86.64.145.143,84.103.237.143
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
0
Réponse 6 / 13
papyber Messages postés 6406 Date d'inscription   Statut Contributeur sécurité Dernière intervention   257
 
est ce toi qui a installé WinPCDoctor? supprime le par ajout suppression de programmes et poste un nouveau rapport hijack this
0
Réponse 7 / 13
Tandoori Messages postés 7 Date d'inscription   Statut Membre Dernière intervention  
 
Je ne me souvient pas avoir installé WinPCDoctor et il ne figure pas dans la liste des progrmmes.Je ne peux donc pas le désinstaller comme ça. Et bizarrement il se trouve quand même dans C:/programmes/common files.
0
Réponse 8 / 13
papyber Messages postés 6406 Date d'inscription   Statut Contributeur sécurité Dernière intervention   257
 
ok dans ce cas on va l'éradiquer autrement

Télécharge combofix.exe (par sUBs) sur ton Bureau
http://.bleepingcomputer.com/sUBs/ComboFix.exe
désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu le réactiveras ensuite.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
Réponse 9 / 13
Tandoori Messages postés 7 Date d'inscription   Statut Membre Dernière intervention  
 
Avant ça, je ne sais même pas si j'ai un antispyware. Peux tu me dire comment le savoir ? Ou as tu le moyen de le savoir a partir des rapports précédent ?
0
Réponse 10 / 13
Tandoori Messages postés 7 Date d'inscription   Statut Membre Dernière intervention  
 
Voila le rapport:

ComboFix 08-04-01.2 - Justin 2008-04-02 16:33:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale 6.0.6000.0.1252.1.1036.18.1198 [GMT 1:00]
Endroit: C:\s\Justin\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 15:33 --------- d-----w C:\s\Justin\AppData\Roaming\DNA
2008-04-01 21:42 --------- d-----w C:\Program Files\Trend Micro
2008-04-01 21:18 691 ----a-w C:\s\Justin\AppData\Roaming\GetValue.vbs
2008-04-01 21:18 35 ----a-w C:\s\Justin\AppData\Roaming\SetValue.bat
2008-04-01 21:18 3,108 ----a-w C:\Windows\System32\tmp.reg
2008-03-30 14:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-30 14:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-30 13:12 --------- d-----w C:\Program Files\Enigma Software Group
2008-03-30 12:52 --------- d-----w C:\Program Files\AdwareSpywareScannerDeleter
2008-03-30 12:12 --------- d-----w C:\Program Files\VoissaNoPubs
2008-03-29 23:17 260,376 ----a-w C:\s\Justin\AppData\Roaming\setup_en[1].exe
2008-03-29 23:17 --------- d-----w C:\Program Files\Common Files\WinPCDoctor
2008-03-29 21:36 --------- d-----w C:\Program Files\AskTBar
2008-03-29 18:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 18:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 18:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 18:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 18:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 18:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-27 14:19 --------- d-----w C:\s\Justin\AppData\Roaming\BitTorrent
2008-03-24 14:12 --------- d-----w C:\Program Files\World of Warcraft
2008-03-15 21:37 --------- d-----w C:\s\Justin\AppData\Roaming\gtk-2.0
2008-03-13 17:56 --------- d-----w C:\s\Justin\AppData\Roaming\BitTorrent DNA
2008-03-11 17:45 --------- d-----w C:\Program Files\Windows Mail
2008-03-10 17:30 --------- d-----w C:\s\Justin\AppData\Roaming\Skype
2008-03-09 18:31 --------- d-----w C:\s\Justin\AppData\Roaming\teamspeak2
2008-03-09 18:31 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-03-09 18:27 32 ----a-w C:\s\All s\ezsid.dat
2008-03-09 18:27 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-09 18:27 --------- d-----w C:\s\Justin\AppData\Roaming\skypePM
2008-03-09 18:22 --------- d-----w C:\ProgramData\Skype
2008-03-09 18:22 --------- d-----w C:\Program Files\Skype
2008-03-09 18:22 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-17 19:59 --------- d-----w C:\Program Files\DivX
2008-02-17 12:13 --------- d-----w C:\Program Files\Warcraft III
2008-02-17 10:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 10:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-17 10:14 803,328 ----a-w C:\Windows\system32\drivers\tip.sys
2008-02-17 10:13 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 10:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 10:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 10:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-17 10:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 11:54 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-07 18:13 126,976 ----a-w C:\Windows\War3Unin.exe
2007-12-19 19:06 22,328 ----a-w C:\s\Justin\AppData\Roaming\PnkBstrK.sys
2007-12-14 16:12 900,592 ----a-w C:\s\Public\SPTDinst-v153-x86.exe
2007-11-24 09:16 110 ----a-w C:\s\Justin\BackupResult.DAT
2007-09-26 15:58 174 --sha-w C:\Program Files\desktop.ini
2006-02-10 19:58 346,623 ----a-w C:\Program Files\GTA-SA Crazy Trainer.exe
2007-10-04 20:39 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-04 20:39 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-04 20:39 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:54 1232896]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BitTorrent DNA"="C:\s\Justin\Program Files\DNA\btdna.exe" [2008-03-26 06:51 288576]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"Voissa No Pubs"="C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe" [2002-10-11 16:01 655360]
"WINSOS "="C:\Program Files\Winsos\WINSOS.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"LightScribe Control "="C:\Program Files\Common Files\LightScribe\LightScribe.exe" [2007-06-20 12:49 451872]
"Salestart"="C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" [2008-02-26 09:40 426496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-25 23:30 1006264]
"RtHDVl"="RtHDVl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVl.exe]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"Acer Tour"="" []
"CCUTRAYICON"="FactoryMode" []
"NMS"="C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe" [2006-09-26 09:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvlDaemon"="C:\Windows\system32\Nvl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"strpmon"="C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" [2008-02-26 09:40 426496]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-08 07:38:39 113664]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 18:07:23 528384]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= T:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{B3C4E1EC-0AA5-47B0-86AD-52CFC565F796}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDT.exe:SPCM
"{06EC1C39-D6DD-468A-9CA6-9CBDC0E017B9}"= T:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDT.exe:SPCM
"{49624C35-3AF3-4D14-9B5C-B8F174EC7B0C}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{F9C6E3C9-2608-40E3-B9EC-6646CAA0259A}"= T:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A844C085-592B-48B4-BB5C-EC548C0EF35C}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{9433B598-FF87-4588-8229-94DC8247C4FC}"= T:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{731DC02C-0771-46BB-9CC3-0B87B6D4FF2C}"= T:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{42252B73-51E2-4FB4-BF1F-2B37EF3C15CA}"= T:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{35B4AF84-9F5B-4C51-A643-477A37FED4B4}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{3EC4F22D-229F-4BE4-AC1C-9188B1495F4E}"= T:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"T Query {39522C77-7F0A-4DFD-860E-8E61ADA381D1}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
"UDP Query {E937241B-D421-40BB-83F4-3B1698841344}C:\\ut2004\\system\\ut2004.exe"= T:C:\ut2004\system\ut2004.exe:UT2004
"T Query {CAA5F637-AB52-44F5-BC07-D876DEF20379}C:\\s\\justin\\appdata\\local\\temp\\st_ng_setupwizard\\stinstall.exe"= UDP:C:\s\justin\appdata\local\temp\st_ng_setupwizard\stinstall.exe:stinstall.exe
"UDP Query {3D524B32-EB81-4EA5-B3B1-2979B11FFA95}C:\\s\\justin\\appdata\\local\\temp\\st_ng_setupwizard\\stinstall.exe"= T:C:\s\justin\appdata\local\temp\st_ng_setupwizard\stinstall.exe:stinstall.exe
"{FE592BD3-44C1-4742-90B6-5C0F83AAAA93}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"T Query {B01D0093-58B7-4205-A705-B643AB669F4F}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
"UDP Query {77A3B729-BF41-45B6-8FF8-AB54E1E15323}C:\\ut2004\\system\\ut2004.exe"= T:C:\ut2004\system\ut2004.exe:UT2004
"T Query {D222B282-CB42-4C5C-8C42-5E6911D71A85}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query {2E5AF05A-7B93-478B-8C10-C7B204BF3992}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= T:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"T Query {E7FEDA53-56EF-427A-BE43-9AF8B8F1B13A}C:\\program files\\ea games\\la bataille pour la terre du milieu(tm)\\game.dat"= UDP:C:\program files\ea games\la bataille pour la terre du milieu(tm)\game.dat:game.dat
"UDP Query {4A59F9BC-0060-4C41-B8F5-255C4250A75C}C:\\program files\\ea games\\la bataille pour la terre du milieu(tm)\\game.dat"= T:C:\program files\ea games\la bataille pour la terre du milieu(tm)\game.dat:game.dat
"T Query {F703E9BA-5BC0-40D4-8B66-FB3B659B3A82}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query {98A142B7-2BAF-4137-9EE3-61DCB86F4E24}C:\\program files\\emule\\emule.exe"= T:C:\program files\emule\emule.exe:eMule
"T Query {29384332-559D-44A7-AEAB-7149930BCF27}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus
"UDP Query {A17497F2-E023-44A5-BA3B-6990934104A0}C:\\program files\\morpheus\\morpheus.exe"= T:C:\program files\morpheus\morpheus.exe:Morpheus
"T Query {B9AED7B4-4EA6-426A-B757-DA4F27B0FDD7}\\\\pc-de-justin\\public\\halo\\halo.exe"= UDP:\\pc-de-justin\public\halo\halo.exe:halo.exe
"UDP Query {47836CD8-132D-4795-A73E-DD5C9F49F504}\\\\pc-de-justin\\public\\halo\\halo.exe"= T:\\pc-de-justin\public\halo\halo.exe:halo.exe
"T Query {C36EECF4-D121-4DE1-9CA4-11CDAD477DA8}C:\\program files\\halo\\halo.exe"= UDP:C:\program files\halo\halo.exe:Halo
"UDP Query {2BF3117D-5401-47FB-9036-7A6F52ACBD59}C:\\program files\\halo\\halo.exe"= T:C:\program files\halo\halo.exe:Halo
"{8C294657-1204-487E-8F92-6E7F1D947281}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{C1B42A5E-8A81-4C3B-8369-DE92634DE671}"= T:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"T Query {20497605-EEA3-474A-A1D4-B9942158AA90}C:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query {85EAA01F-EC63-45AA-82F0-FD86AF361A27}C:\\program files\\sierra\\fear\\fpupdate.exe"= T:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"T Query {EBB233BF-BBE7-43B2-8CD1-EF9A9669FBED}C:\\s\\justin\\appdata\\local\\temp\\lmi2665.tmp\\rescue.exe"= UDP:C:\s\justin\appdata\local\temp\lmi2665.tmp\rescue.exe:rescue.exe
"UDP Query {C26441FC-0FC7-43A0-A3C8-35E0CFCC518B}C:\\s\\justin\\appdata\\local\\temp\\lmi2665.tmp\\rescue.exe"= T:C:\s\justin\appdata\local\temp\lmi2665.tmp\rescue.exe:rescue.exe
"{EFAC55E4-DD56-463F-A780-F73050378E34}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{FADDC94B-5A69-42FC-A8EA-65F29D6A90BF}"= T:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"T Query {AA92B877-7204-47DE-8414-A849F4B2B891}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query {2596FC0F-C1F8-427E-8D0B-C536087E4897}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= T:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{6A9BA9B0-7148-4E51-9326-B076829EC820}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{D9E0B141-9673-4BA5-BE98-CDA69FC46EBD}"= T:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C6B923E1-4374-4E0B-BC6B-E2AB65D6CEF5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{D551B5D8-2E76-4BD2-86B8-09CD622C6CFF}"= T:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{3DA3EC7B-56B2-4C67-B379-0374C08E072C}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{78BAFB79-FFDA-4729-B9D1-FDAF7FCC61AF}"= T:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{713580D5-0666-4A2A-B049-4B66BF1A171F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F82CA9E3-F1D4-4D16-9083-2FE2B7E0DAD3}"= T:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"T Query {93B74DB6-F68B-4CF8-A5F0-2C76B35B7E17}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query {D78B1F87-8FBE-45F5-B989-747B3138F387}C:\\program files\\emule\\emule.exe"= T:C:\program files\emule\emule.exe:eMule
"T Query {1D790679-5972-4F00-800F-6C056F207666}C:\\program files\\ea games\\la bataille pour la terre du milieu(tm)\\patchget.dat"= UDP:C:\program files\ea games\la bataille pour la terre du milieu(tm)\patchget.dat:patchgrabber
"UDP Query {EF064ABF-4DD8-42F7-90E0-9FB868DAF91E}C:\\program files\\ea games\\la bataille pour la terre du milieu(tm)\\patchget.dat"= T:C:\program files\ea games\la bataille pour la terre du milieu(tm)\patchget.dat:patchgrabber
"T Query {5470BDC4-AA6A-4EAC-A9C6-5B7048F1A5B3}C:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query {03597574-F72F-41D1-A070-325D34340347}C:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= T:C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"T Query {A9B934BF-9FDE-410C-A3CC-D752183A7E99}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query {E1F05264-A9F4-4E67-A216-1F4DC01DAC71}C:\\program files\\warcraft iii\\war3.exe"= T:C:\program files\warcraft iii\war3.exe:Warcraft III
"{376ED0DF-634C-412E-BB80-738B628032DA}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{EB9C464A-2ED4-4702-9CA7-3C90D928E877}"= T:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{00EC8CB6-79D1-4274-B10E-5D8E94072925}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{F6E876BA-2D2B-4A70-A792-AC7BD1CEE760}"= T:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"T Query {E42A68D9-6E32-4014-8A57-4803472299BB}C:\\s\\justin\\desktop\\utorrent.exe"= UDP:C:\s\justin\desktop\utorrent.exe:utorrent.exe
"UDP Query {89594E77-97A5-43A4-B7B2-587AC95C9707}C:\\s\\justin\\desktop\\utorrent.exe"= T:C:\s\justin\desktop\utorrent.exe:utorrent.exe
"T Query {B8F1BF55-9ACC-4300-9946-F18FCF7DFA62}C:\\s\\justin\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\s\justin\program files\bittorrent_dna\dna.exe:dna.exe
"UDP Query {4CDBDAA9-62C9-44B4-85EF-DEF6DCB91416}C:\\s\\justin\\program files\\bittorrent_dna\\dna.exe"= T:C:\s\justin\program files\bittorrent_dna\dna.exe:dna.exe
"T Query {26028394-0226-49F0-890F-8232DCF7606B}C:\\s\\justin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\zwx8l91p\\tbc_fr[1].exe"= UDP:C:\s\justin\appdata\local\microsoft\windows\temporary internet files\content.ie5\zwx8l91p\tbc_fr[1].exe:tbc_fr[1].exe
"UDP Query {258EEF6B-8FE2-4670-934F-78FD6E90B904}C:\\s\\justin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\zwx8l91p\\tbc_fr[1].exe"= T:C:\s\justin\appdata\local\microsoft\windows\temporary internet files\content.ie5\zwx8l91p\tbc_fr[1].exe:tbc_fr[1].exe
"T Query {73A73DF6-519E-47BD-94FE-E7B16E04CBF2}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query {0F5F3720-E3E3-421E-9A84-2569A953A7FA}C:\\program files\\world of warcraft\\repair.exe"= T:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{3C9854B2-CB13-45BA-96B1-EE8806DE88D7}"= UDP:C:\Program Files\World of Warcraft\WoW.exe:World of Warcraft
"{92BF86E5-EE61-4E6A-AFC7-1AE07AD2CE45}"= T:C:\Program Files\World of Warcraft\WoW.exe:World of Warcraft
"T Query {3DF3BC47-B491-4B07-A0DE-F4E9096A2FB2}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-er.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-er.exe:Blizzard er
"UDP Query {0ABD6AEE-069E-439A-9839-32DC8B50B24C}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-er.exe"= T:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-er.exe:Blizzard er
"{82E90FF6-26A3-42B8-93FC-E72A32B6DB4D}"= UDP:3724:Blizzard er
"{51E16BA4-0655-4CA9-ADFA-5A40D6CB9F80}"= T:3724:Blizzard er
"{0F62D933-97F1-4607-B684-CECF04F9B8C7}"= UDP:6112:Blizzard er
"T Query {9EB762AE-9671-4E11-8690-9E8F674BCC0C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query {CB962562-9A23-4D65-9D5F-E119369B1390}C:\\program files\\skype\\phone\\skype.exe"= T:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"T Query {A8CE37DC-C483-42A7-BCCD-A760E8481437}C:\\s\\justin\\program files\\dna\\btdna.exe"= UDP:C:\s\justin\program files\dna\btdna.exe:btdna.exe
"UDP Query {DD0FE0A4-D0B8-4A7B-A080-4C74287ACDC5}C:\\s\\justin\\program files\\dna\\btdna.exe"= T:C:\s\justin\program files\dna\btdna.exe:btdna.exe
"T Query {B873D569-B8E0-4DDB-A237-E95FDC3DA8C9}C:\\s\\justin\\program files\\dna\\btdna.exe"= UDP:C:\s\justin\program files\dna\btdna.exe:btdna.exe
"UDP Query {1CC1E945-C755-49E3-A3D0-565FC182FC41}C:\\s\\justin\\program files\\dna\\btdna.exe"= T:C:\s\justin\program files\dna\btdna.exe:btdna.exe
"T Query {C06BC77A-65D7-49AF-8739-E4E3BED53585}C:\\program files\\unreal tournament 3 demo\\binaries\\ut3demo.exe"= UDP:C:\program files\unreal tournament 3 demo\binaries\ut3demo.exe:UT3Demo
"UDP Query {BBB0511B-3CA6-42E1-A452-BC620667F89B}C:\\program files\\unreal tournament 3 demo\\binaries\\ut3demo.exe"= T:C:\program files\unreal tournament 3 demo\binaries\ut3demo.exe:UT3Demo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound T traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\Winsos\\winsos.exe"= C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-10-29 08:03]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 15:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 14:49]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-07-02 02:18]
S3 IntelDHSvcConf;IntelDHSvcConf;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-11-18 05:59]

[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b55bf4b-69c6-11dc-879b-001c2503b2d0}]
\shell\AutoRun\command - K:\AutoRun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 16:35:59
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-02 16:36:30
ComboFix-quarantined-files.txt 2008-04-02 15:36:26
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-02 15:15:48 --- E O F ---

(Je ne comprends vraiment pas comment tu fais pour t'y retrouver avec tous ces rapports ^^)
0
Réponse 11 / 13
papyber Messages postés 6406 Date d'inscription   Statut Contributeur sécurité Dernière intervention   257
 
Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte en citation : 
Folder::
C:\Program Files\Common Files\WinPCDoctor 
C:\Program Files\AskTBar
File::
C:\Windows\System32\tmp.reg
Registry::
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Salestart"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"strpmon"=-


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

http://img115.imageshack.us/img115/6742/cfscriptws3.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Télécharge OAD ( par !aur3n7) http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : WinPCDoctor
- Type de recherche : sélectionne l'option 6 puis valide [entrée]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient
recommence avec
strpmon
puis
Salestart

ensuite
Télécharge BTFix de bibi26
http://cluster1.easy-hebergement.net/
Dé zippe l'archive sur ton Bureau (clic droit/extraire…)
Ouvre le dossier BTFix
Double clique sur BTFix.exe
Clique sur Rechercher
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
Ouvre BTFix.
Clique sur Nettoyer
poste les rapport obtenus et un rapports hijack this



0
Réponse 12 / 13
Tandoori Messages postés 7 Date d'inscription   Statut Membre Dernière intervention  
 
J'ai tout fais sauf la partie avec BTFix car quand j'éssaie de le dézipper Windows defender affiche une alerte a propos d'un adware(niveau d'alerte élevé). Donc je ne sais pas si j'ignore ce message ou si je le laisse le supprimer.

Donc le rapport de ComboFix :

ComboFix 08-04-01.2 - Justin 2008-04-05 20:39:04.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale 6.0.6000.0.1252.1.1036.18.1232 [GMT 1:00]
Endroit: C:\s\Justin\Desktop\ComboFix.exe
Command switches used :: C:\s\Justin\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\System32\tmp.reg
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 19:35 --------- d-----w C:\s\Justin\AppData\Roaming\DNA
2008-04-05 18:14 --------- d-----w C:\s\Justin\AppData\Roaming\BitTorrent
2008-04-01 21:42 --------- d-----w C:\Program Files\Trend Micro
2008-04-01 21:18 691 ----a-w C:\s\Justin\AppData\Roaming\GetValue.vbs
2008-04-01 21:18 35 ----a-w C:\s\Justin\AppData\Roaming\SetValue.bat
2008-03-30 14:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-30 14:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-30 13:12 --------- d-----w C:\Program Files\Enigma Software Group
2008-03-30 12:52 --------- d-----w C:\Program Files\AdwareSpywareScannerDeleter
2008-03-30 12:12 --------- d-----w C:\Program Files\VoissaNoPubs
2008-03-29 23:17 260,376 ----a-w C:\s\Justin\AppData\Roaming\setup_en[1].exe
2008-03-29 18:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 18:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 18:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 18:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 18:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 18:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-24 14:12 --------- d-----w C:\Program Files\World of Warcraft
2008-03-15 21:37 --------- d-----w C:\s\Justin\AppData\Roaming\gtk-2.0
2008-03-13 17:56 --------- d-----w C:\s\Justin\AppData\Roaming\BitTorrent DNA
2008-03-11 17:45 --------- d-----w C:\Program Files\Windows Mail
2008-03-10 17:30 --------- d-----w C:\s\Justin\AppData\Roaming\Skype
2008-03-09 18:31 --------- d-----w C:\s\Justin\AppData\Roaming\teamspeak2
2008-03-09 18:31 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-03-09 18:27 32 ----a-w C:\s\All s\ezsid.dat
2008-03-09 18:27 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-09 18:27 --------- d-----w C:\s\Justin\AppData\Roaming\skypePM
2008-03-09 18:22 --------- d-----w C:\ProgramData\Skype
2008-03-09 18:22 --------- d-----w C:\Program Files\Skype
2008-03-09 18:22 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-17 19:59 --------- d-----w C:\Program Files\DivX
2008-02-17 12:13 --------- d-----w C:\Program Files\Warcraft III
2008-02-17 10:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 10:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-17 10:14 803,328 ----a-w C:\Windows\system32\drivers\tip.sys
2008-02-17 10:13 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 10:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 10:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 10:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-17 10:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 11:54 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-07 18:13 126,976 ----a-w C:\Windows\War3Unin.exe
2007-12-19 19:06 22,328 ----a-w C:\s\Justin\AppData\Roaming\PnkBstrK.sys
2007-12-14 16:12 900,592 ----a-w C:\s\Public\SPTDinst-v153-x86.exe
2007-11-24 09:16 110 ----a-w C:\s\Justin\BackupResult.DAT
2007-09-26 15:58 174 --sha-w C:\Program Files\desktop.ini
2006-02-10 19:58 346,623 ----a-w C:\Program Files\GTA-SA Crazy Trainer.exe
2007-10-04 20:39 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-04 20:39 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-04 20:39 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-04-03_20.59.48,13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 19:52:53 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-05 10:53:49 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-03 19:54:27 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-05 19:09:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-03 19:54:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NT.DAT
+ 2008-04-05 10:55:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NT.DAT
+ 2008-04-05 10:55:20 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\nt.dat.LOG1
- 2008-04-03 19:54:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-05 19:39:09 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-03 19:59:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NT.DAT
+ 2008-04-05 19:40:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NT.DAT
+ 2008-04-05 19:40:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\nt.dat.LOG1
- 2008-04-03 19:53:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-05 19:30:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-03 19:53:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-05 19:30:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-03 19:53:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-05 19:30:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-03 19:59:16 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-05 10:58:36 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-03 19:59:16 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-05 10:58:36 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-03 19:59:16 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-05 10:58:36 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-03 19:59:16 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-05 10:58:36 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-03 19:54:58 9,456 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1024164282-2496838329-129842858-1001_Data.bin
+ 2008-04-05 10:56:08 9,488 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1024164282-2496838329-129842858-1001_Data.bin
- 2008-04-03 19:54:58 80,458 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-05 10:56:08 80,708 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-03 19:54:57 53,042 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-05 10:56:07 53,130 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:54 1232896]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BitTorrent DNA"="C:\s\Justin\Program Files\DNA\btdna.exe" [2008-03-26 06:51 288576]
"Voissa No Pubs"="C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe" [2002-10-11 16:01 655360]
"WINSOS "="C:\Program Files\Winsos\WINSOS.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"LightScribe Control "="C:\Program Files\Common Files\LightScribe\LightScribe.exe" [2007-06-20 12:49 451872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-25 23:30 1006264]
"RtHDVl"="RtHDVl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVl.exe]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"Acer Tour"="" []
"CCUTRAYICON"="FactoryMode" []
"NMS"="C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe" [2006-09-26 09:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvlDaemon"="C:\Windows\system32\Nvl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-08 07:38:39 113664]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 18:07:23 528384]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= T:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{B3C4E1EC-0AA5-47B0-86AD-52CFC565F796}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDT.exe:SPCM
"{06EC1C39-D6DD-468A-9CA6-9CBDC0E017B9}"= T:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDT.exe:SPCM
"{49624C35-3AF3-4D14-9B5C-B8F174EC7B0C}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{F9C6E3C9-2608-40E3-B9EC-6646CAA0259A}"= T:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A844C085-592B-48B4-BB5C-EC548C0EF35C}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{9433B598-FF87-4588-8229-94DC8247C4FC}"= T:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{731DC02C-0771-46BB-9CC3-0B87B6D4FF2C}"= T:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{42252B73-51E2-4FB4-BF1F-2B37EF3C15CA}"= T:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{35B4AF84-9F5B-4C51-A643-477A37FED4B4}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{3EC4F22D-229F-4BE4-AC1C-9188B1495F4E}"= T:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"T Query {39522C77-7F0A-4DFD-860E-8E61ADA381D1}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
"UDP Query {E937241B-D421-40BB-83F4-3B1698841344}C:\\ut2004\\system\\ut2004.exe"= T:C:\ut2004\system\ut2004.exe:UT2004
"T Query {CAA5F637-AB52-44F5-BC07-D876DEF20379}C:\\s\\justin\\appdata\\local\\temp\\st_ng_setupwizard\\stinstall.exe"= UDP:C:\s\justin\appdata\local\temp\st_ng_setupwizard\stinstall.exe:stinstall.exe
"UDP Query {3D524B32-EB81-4EA5-B3B1-2979B11FFA95}C:\\s\\justin\\appdata\\local\\temp\\st_ng_setupwizard\\stinstall.exe"= T:C:\s\justin\appdata\local\temp\st_ng_setupwizard\stinstall.exe:stinstall.exe
"{FE592BD3-44C1-4742-90B6-5C0F83AAAA93}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"T Query {B01D0093-58B7-4205-A705-B643AB669F4F}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
"UDP Query {77A3B729-BF41-45B6-8FF8-AB54E1E15323}C:\\ut2004\\system\\ut2004.exe"= T:C:\ut2004\system\ut2004.exe:UT2004
"T Query {D222B282-CB42-4C5C-8C42-5E6911D71A85}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query {2E5AF05A-7B93-478B-8C10-C7B204BF3992}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= T:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"T Query {E7FEDA53-56EF-427A-BE43-9AF8B8F1B13A}C:\\program files\\ea games\\la bataille pour la terre du milieu(tm)\\game.dat"= UDP:C:\program files\ea games\la bataille pour la terre du milieu(tm)\game.dat:game.dat
"UDP Query {4A59F9BC-0060-4C41-B8F5-255C4250A75C}C:\\program files\\ea games\\la bataille pour la terre du milieu(tm)\\game.dat"= T:C:\program files\ea games\la bataille pour la terre du milieu(tm)\game.dat:game.dat
"T Query {F703E9BA-5BC0-40D4-8B66-FB3B659B3A82}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query {98A142B7-2BAF-4137-9EE3-61DCB86F4E24}C:\\program files\\emule\\emule.exe"= T:C:\program files\emule\emule.exe:eMule
"T Query {29384332-559D-44A7-AEAB-7149930BCF27}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus
"UDP Query {A17497F2-E023-44A5-BA3B-6990934104A0}C:\\program files\\morpheus\\morpheus.exe"= T:C:\program files\morpheus\morpheus.exe:Morpheus
"T Query {B9AED7B4-4EA6-426A-B757-DA4F27B0FDD7}\\\\pc-de-justin\\public\\halo\\halo.exe"= UDP:\\pc-de-justin\public\halo\halo.exe:halo.exe
"UDP Query {47836CD8-132D-4795-A73E-DD5C9F49F504}\\\\pc-de-justin\\public\\halo\\halo.exe"= T:\\pc-de-justin\public\halo\halo.exe:halo.exe
"T Query {C36EECF4-D121-4DE1-9CA4-11CDAD477DA8}C:\\program files\\halo\\halo.exe"= UDP:C:\program files\halo\halo.exe:Halo
"UDP Query {2BF3117D-5401-47FB-9036-7A6F52ACBD59}C:\\program files\\halo\\halo.exe"= T:C:\program files\halo\halo.exe:Halo
"{8C294657-1204-487E-8F92-6E7F1D947281}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{C1B42A5E-8A81-4C3B-8369-DE92634DE671}"= T:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"T Query {20497605-EEA3-474A-A1D4-B9942158AA90}C:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query {85EAA01F-EC63-45AA-82F0-FD86AF361A27}C:\\program files\\sierra\\fear\\fpupdate.exe"= T:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"T Query {EBB233BF-BBE7-43B2-8CD1-EF9A9669FBED}C:\\s\\justin\\appdata\\local\\temp\\lmi2665.tmp\\rescue.exe"= UDP:C:\s\justin\appdata\local\temp\lmi2665.tmp\rescue.exe:rescue.exe
"UDP Query {C26441FC-0FC7-43A0-A3C8-35E0CFCC518B}C:\\s\\justin\\appdata\\local\\temp\\lmi2665.tmp\\rescue.exe"= T:C:\s\justin\appdata\local\temp\lmi2665.tmp\rescue.exe:rescue.exe
"{EFAC55E4-DD56-463F-A780-F73050378E34}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{FADDC94B-5A69-42FC-A8EA-65F29D6A90BF}"= T:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"T Query {AA92B877-7204-47DE-8414-A849F4B2B891}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query {2596FC0F-C1F8-427E-8D0B-C536087E4897}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= T:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{6A9BA9B0-7148-4E51-9326-B076829EC820}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{D9E0B141-9673-4BA5-BE98-CDA69FC46EBD}"= T:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C6B923E1-4374-4E0B-BC6B-E2AB65D6CEF5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{D551B5D8-2E76-4BD2-86B8-09CD622C6CFF}"= T:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{3DA3EC7B-56B2-4C67-B379-0374C08E072C}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{78BAFB79-FFDA-4729-B9D1-FDAF7FCC61AF}"= T:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{713580D5-0666-4A2A-B049-4B66BF1A171F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F82CA9E3-F1D4-4D16-9083-2FE2B7E0DAD3}"= T:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"T Query {93B74DB6-F68B-4CF8-A5F0-2C76B35B7E17}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query {D78B1F87-8FBE-45F5-B989-747B3138F387}C:\\program files\\emule\\emule.exe"= T:C:\program files\emule\emule.exe:eMule
"T Query {1D790679-5972-4F00-800F-6C056F207666}C:\\program files\\ea games\\la bataille pour la terre du milieu(tm)\\patchget.dat"= UDP:C:\program files\ea games\la bataille pour la terre du milieu(tm)\patchget.dat:patchgrabber
"UDP Query {EF064ABF-4DD8-42F7-90E0-9FB868DAF91E}C:\\program files\\ea games\\la bataille pour la terre du milieu(tm)\\patchget.dat"= T:C:\program files\ea games\la bataille pour la terre du milieu(tm)\patchget.dat:patchgrabber
"T Query {5470BDC4-AA6A-4EAC-A9C6-5B7048F1A5B3}C:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query {03597574-F72F-41D1-A070-325D34340347}C:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= T:C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer
"T Query {A9B934BF-9FDE-410C-A3CC-D752183A7E99}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query {E1F05264-A9F4-4E67-A216-1F4DC01DAC71}C:\\program files\\warcraft iii\\war3.exe"= T:C:\program files\warcraft iii\war3.exe:Warcraft III
"{376ED0DF-634C-412E-BB80-738B628032DA}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{EB9C464A-2ED4-4702-9CA7-3C90D928E877}"= T:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{00EC8CB6-79D1-4274-B10E-5D8E94072925}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{F6E876BA-2D2B-4A70-A792-AC7BD1CEE760}"= T:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"T Query {E42A68D9-6E32-4014-8A57-4803472299BB}C:\\s\\justin\\desktop\\utorrent.exe"= UDP:C:\s\justin\desktop\utorrent.exe:utorrent.exe
"UDP Query {89594E77-97A5-43A4-B7B2-587AC95C9707}C:\\s\\justin\\desktop\\utorrent.exe"= T:C:\s\justin\desktop\utorrent.exe:utorrent.exe
"T Query {B8F1BF55-9ACC-4300-9946-F18FCF7DFA62}C:\\s\\justin\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\s\justin\program files\bittorrent_dna\dna.exe:dna.exe
"UDP Query {4CDBDAA9-62C9-44B4-85EF-DEF6DCB91416}C:\\s\\justin\\program files\\bittorrent_dna\\dna.exe"= T:C:\s\justin\program files\bittorrent_dna\dna.exe:dna.exe
"T Query {26028394-0226-49F0-890F-8232DCF7606B}C:\\s\\justin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\zwx8l91p\\tbc_fr[1].exe"= UDP:C:\s\justin\appdata\local\microsoft\windows\temporary internet files\content.ie5\zwx8l91p\tbc_fr[1].exe:tbc_fr[1].exe
"UDP Query {258EEF6B-8FE2-4670-934F-78FD6E90B904}C:\\s\\justin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\zwx8l91p\\tbc_fr[1].exe"= T:C:\s\justin\appdata\local\microsoft\windows\temporary internet files\content.ie5\zwx8l91p\tbc_fr[1].exe:tbc_fr[1].exe
"T Query {73A73DF6-519E-47BD-94FE-E7B16E04CBF2}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query {0F5F3720-E3E3-421E-9A84-2569A953A7FA}C:\\program files\\world of warcraft\\repair.exe"= T:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{3C9854B2-CB13-45BA-96B1-EE8806DE88D7}"= UDP:C:\Program Files\World of Warcraft\WoW.exe:World of Warcraft
"{92BF86E5-EE61-4E6A-AFC7-1AE07AD2CE45}"= T:C:\Program Files\World of Warcraft\WoW.exe:World of Warcraft
"T Query {3DF3BC47-B491-4B07-A0DE-F4E9096A2FB2}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-er.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-er.exe:Blizzard er
"UDP Query {0ABD6AEE-069E-439A-9839-32DC8B50B24C}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-er.exe"= T:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-er.exe:Blizzard er
"{82E90FF6-26A3-42B8-93FC-E72A32B6DB4D}"= UDP:3724:Blizzard er
"{51E16BA4-0655-4CA9-ADFA-5A40D6CB9F80}"= T:3724:Blizzard er
"{0F62D933-97F1-4607-B684-CECF04F9B8C7}"= UDP:6112:Blizzard er
"T Query {9EB762AE-9671-4E11-8690-9E8F674BCC0C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query {CB962562-9A23-4D65-9D5F-E119369B1390}C:\\program files\\skype\\phone\\skype.exe"= T:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"T Query {A8CE37DC-C483-42A7-BCCD-A760E8481437}C:\\s\\justin\\program files\\dna\\btdna.exe"= UDP:C:\s\justin\program files\dna\btdna.exe:btdna.exe
"UDP Query {DD0FE0A4-D0B8-4A7B-A080-4C74287ACDC5}C:\\s\\justin\\program files\\dna\\btdna.exe"= T:C:\s\justin\program files\dna\btdna.exe:btdna.exe
"T Query {B873D569-B8E0-4DDB-A237-E95FDC3DA8C9}C:\\s\\justin\\program files\\dna\\btdna.exe"= UDP:C:\s\justin\program files\dna\btdna.exe:btdna.exe
"UDP Query {1CC1E945-C755-49E3-A3D0-565FC182FC41}C:\\s\\justin\\program files\\dna\\btdna.exe"= T:C:\s\justin\program files\dna\btdna.exe:btdna.exe
"T Query {C06BC77A-65D7-49AF-8739-E4E3BED53585}C:\\program files\\unreal tournament 3 demo\\binaries\\ut3demo.exe"= UDP:C:\program files\unreal tournament 3 demo\binaries\ut3demo.exe:UT3Demo
"UDP Query {BBB0511B-3CA6-42E1-A452-BC620667F89B}C:\\program files\\unreal tournament 3 demo\\binaries\\ut3demo.exe"= T:C:\program files\unreal tournament 3 demo\binaries\ut3demo.exe:UT3Demo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound T traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\Winsos\\winsos.exe"= C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-10-29 08:03]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 15:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 14:49]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-07-02 02:18]
S3 IntelDHSvcConf;IntelDHSvcConf;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-11-18 05:59]

[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b55bf4b-69c6-11dc-879b-001c2503b2d0}]
\shell\AutoRun\command - K:\AutoRun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 20:40:35
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 20:41:04
ComboFix-quarantined-files.txt 2008-04-05 19:41:01
ComboFix2.txt 2008-04-03 20:00:00
ComboFix3.txt 2008-04-03 19:21:54
ComboFix4.txt 2008-04-02 15:36:30
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-04 17:13:29 --- E O F ---

le rapport de OAD pour WinPCDoctor :

05/04/2008 ---- 21:47:15,22

----------------------------------
§§§§§§ [WinPCDoctor] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair]
"domain"="winpcdoctor.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\System Error Repair]
"pname"="WinPCDoctor"

[HKEY_LOCAL_MACHINE\SOFTWARE\WinPCDoctor]

[HKEY_LOCAL_MACHINE\SOFTWARE\WinPCDoctor]
"InstallPath"="C:\\Program Files\\WinPCDoctor\\"

[HKEY_S\S-1-5-21-1024164282-2496838329-129842858-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files\\WinPCDoctor\\SysRep.exe"="RUNAS"

[HKEY_S\S-1-5-21-1024164282-2496838329-129842858-1001\Software\WinPCDoctor]

"UpdateURL"="http://tryup.winpcdoctor.com/?eai=gsfcesddl_xx_fr&eli=5599&eaf=gs_124621301&cnt=xx&lng=fr&tid=0001&nud=[nud]"

"PurchaseURL"="http://winpcdoctor.com/clean/sale.php?eai=gsfcesddl_xx_fr&eli=5599&eaf=gs_124621301&cnt=xx&lng=fr&tid=0001&nid=uges_0001_[nw]_[nuh]&p=[ppid]&ne=[ne]&lp=&issued20203=5126676&addt="

"PurchaseURL"="http://winpcdoctor.com/clean/sale.php?eai=gsfcesddl_xx_fr&eli=5599&eaf=gs_124621301&cnt=xx&lng=fr&tid=0001&nid=uges_0001_[nw]_[nuh]&p=[ppid]&ne=[ne]&lp=&issued20203=5126676&addt="
"CookieURL"="http://winpcdoctor.com"

"PurchaseURL"="http://winpcdoctor.com/clean/sale.php?eai=gsfcesddl_xx_fr&eli=5599&eaf=gs_124621301&cnt=xx&lng=fr&tid=0001&nid=uges_0001_[nw]_[nuh]&p=[ppid]&ne=[ne]&lp=&issued20203=5126676&addt="
"PaidURL"="http://winpcdoctor.com"

"PurchaseURL"="http://winpcdoctor.com/clean/sale.php?eai=gsfcesddl_xx_fr&eli=5599&eaf=gs_124621301&cnt=xx&lng=fr&tid=0001&nid=uges_0001_[nw]_[nuh]&p=[ppid]&ne=[ne]&lp=&issued20203=5126676&addt="
"URL"="http://winpcdoctor.com/clean/_us/"

*******************
[Fichier]
*******************

c:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPCDoctor
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPCDoctor\WinPCDoctor.lnk
c:\QooBox\Quarantine\C\Program Files\Common Files\WinPCDoctor
c:\s\All s\Microsoft\Windows\Start Menu\Programs\WinPCDoctor
c:\s\All s\Microsoft\Windows\Start Menu\Programs\WinPCDoctor\WinPCDoctor.lnk
c:\s\Public\Application Data\winpcdoctor
c:\s\Public\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer


*********************
[Même date]
*********************

[30/03/2008 ] --- REP ---> C:\Program Files\AdwareSpywareScannerDeleter
[30/03/2008 ] --- REP ---> C:\Program Files\Enigma Software Group
[30/03/2008 ] --- REP ---> C:\Program Files\Spybot - Search & Destroy
[30/03/2008 ] --- REP ---> C:\Program Files\VoissaNoPubs
[30/03/2008 ] ---> C:\Windows\system32\ACTSKN43.OCX
[30/03/2008 ] ---> C:\Windows\system32\drivers\aswFsBlk.sys
[30/03/2008 ] ---> C:\Windows\system32\drivers\aswSP.sys
[30/03/2008 ] ---> C:\Windows\system32\Flash.ocx
[30/03/2008 ] ---> C:\Windows\system32\MSADODC.ocx
[30/03/2008 ] ---> C:\Windows\system32\ProgressBar4.ocx
[30/03/2008 ] ---> C:\Windows\system32\threadapi.tlb
[30/03/2008 ] ---> C:\Windows\system32\VB6STKIT.DLL
[30/03/2008 ] ---> C:\Windows\system32\XceedBkp.dll
[R‚pertoire ] --- REP ---> C:\Program Files\Files



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------


le rapport de OAD pour strpmon :

05/04/2008 ---- 21:49:15,59

----------------------------------
§§§§§§ [strpmon] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

c:\QooBox\Quarantine\C\Program Files\Common Files\WinPCDoctor\strpmon.exe.vir


*********************
[Même date]
*********************

[30/03/2008 ] --- REP ---> C:\Program Files\AdwareSpywareScannerDeleter
[30/03/2008 ] --- REP ---> C:\Program Files\Enigma Software Group
[30/03/2008 ] --- REP ---> C:\Program Files\Spybot - Search & Destroy
[30/03/2008 ] --- REP ---> C:\Program Files\VoissaNoPubs
[30/03/2008 ] ---> C:\Windows\system32\ACTSKN43.OCX
[30/03/2008 ] ---> C:\Windows\system32\drivers\aswFsBlk.sys
[30/03/2008 ] ---> C:\Windows\system32\drivers\aswSP.sys
[30/03/2008 ] ---> C:\Windows\system32\Flash.ocx
[30/03/2008 ] ---> C:\Windows\system32\MSADODC.ocx
[30/03/2008 ] ---> C:\Windows\system32\ProgressBar4.ocx
[30/03/2008 ] ---> C:\Windows\system32\threadapi.tlb
[30/03/2008 ] ---> C:\Windows\system32\VB6STKIT.DLL
[30/03/2008 ] ---> C:\Windows\system32\XceedBkp.dll



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------


et enfin le rapport de OAD pour Salestart :


05/04/2008 ---- 21:50:56,79

----------------------------------
§§§§§§ [Salestart] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Je mets aussi hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:40, on 01/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\s\Justin\Program Files\DNA\btdna.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribe.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\IE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\n\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\n\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVl] RtHDVl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMS] "C:\Program Files\Common Files\Intel\IntelDH\NMS\\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\Windows\system32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\s\Justin\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [WINSOS ] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LightScribe Control ] C:\Program Files\Common Files\LightScribe\LightScribe.exe -hidden
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem ( 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tip\..\{714546E9-3DFF-4886-B2FB-3471DE1B3D88}: NameServer = 86.64.145.143,84.103.237.143
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
0
Réponse 13 / 13
papyber Messages postés 6406 Date d'inscription   Statut Contributeur sécurité Dernière intervention   257
 
Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte en citation : 
Folder::
C:\Program Files\AdwareSpywareScannerDeleter
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPCDoctor
c:\s\All s\Microsoft\Windows\Start Menu\Programs\WinPCDoctor 
c:\s\Public\Application Data\winpcdoctor

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WinPCDoctor]
[HKEY_S\S-1-5-21-1024164282-2496838329-129842858-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files\\WinPCDoctor\\SysRep.exe"=-
[-HKEY_S\S-1-5-21-1024164282-2496838329-129842858-1001\Software\WinPCDoctor]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

http://img115.imageshack.us/img115/6742/cfscriptws3.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

pour ôter le reste des éventuelles traces fait ceci
télécharge malwarebyte et suis ce tuto puis poste le rapport obtenu
https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses
[Virus] Trojan ou virus dans csrss.exe et spo
Igor -
Igor -

5 réponses