Virus Monder + APPCRASH explorer.exe sur nouveau PC??!!
Dernière réponse : dans Sécurité
Bonjour, j'ai fait l'acquisition d'un nouveau PC samedi et téléchargé 2,3 programmes et depuis ce soir j'ai antivir qui me signale ce virus toutes les 5 secondes.
De plus j'ai un problème qui me ferme internet toutes les 2 secondes appelé APPCRASH de explorer.exe
Bref je suis dépitée!!!!!
Voici mon log Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:13, on 30/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Marie\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: {93feebb7-44d4-b879-2904-4b2f524b197f} - {f791b425-f2b4-4092-978b-4d447bbeef39} - C:\Windows\system32\xezbnw.dll (file missing)
O2 - BHO: (no name) - {FC363663-3324-426A-8962-3686E9E50E7E} - C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM677ec5ad] Rundll32.exe "C:\Windows\system32\inwvypvh.dll",s
O4 - HKLM\..\Run: [644df631] rundll32.exe "C:\Windows\system32\diddfsrg.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [BM677ec5ad] Rundll32.exe "C:\Windows\system32\inwvypvh.dll",s
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 4733 bytes
Et mon log Combofix :
ComboFix 08-06-20.4 - Marie 2008-06-30 20:21:58.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1129 [GMT 2:00]
Endroit: C:\Users\Marie\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\grsfddid.ini
C:\Windows\system32\yonuuqse.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 18:26 --------- d-----w C:\Program Files\Windows Mail
2008-06-30 18:25 --------- d-----w C:\Users\Marie\AppData\Roaming\Azureus
2008-06-30 11:01 --------- d-----w C:\Program Files\Common Files\HP
2008-06-30 10:58 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-06-30 10:50 --------- d-----w C:\Program Files\Wedding Dash 2 - Rings Around the World
2008-06-30 10:25 --------- d-----w C:\PROGRA~2\Lavasoft
2008-06-30 10:23 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 10:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 09:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 09:30 --------- d-----w C:\Program Files\Realtek
2008-06-30 09:15 --------- d-----w C:\Program Files\Seagate
2008-06-29 16:51 --------- d-----w C:\Users\Marie\AppData\Roaming\DivX
2008-06-29 16:51 --------- d-----w C:\Program Files\DivX
2008-06-29 16:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-29 16:13 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-29 15:41 --------- d-----w C:\Users\Marie\AppData\Roaming\Packard Bell
2008-06-29 14:18 --------- d-----w C:\Program Files\Picasa2
2008-06-29 13:21 --------- d-----w C:\PROGRA~2\HP
2008-06-29 13:20 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-29 13:20 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-06-29 13:00 --------- d-----w C:\Program Files\HP
2008-06-29 11:28 --------- d-----w C:\Users\Marie\AppData\Roaming\PlayFirst
2008-06-29 11:28 --------- d-----w C:\PROGRA~2\PlayFirst
2008-06-29 10:02 --------- d-----w C:\PROGRA~2\Skype
2008-06-29 09:59 --------- d-----w C:\Program Files\Yahoo!
2008-06-28 19:31 --------- d-----w C:\Users\Marie\AppData\Roaming\Apple Computer
2008-06-28 19:31 --------- d-----w C:\Program Files\iTunes
2008-06-28 19:30 --------- d-----w C:\Program Files\iPod
2008-06-28 19:30 --------- d-----w C:\PROGRA~2\Apple Computer
2008-06-28 19:29 --------- d-----w C:\Program Files\QuickTime
2008-06-28 19:29 --------- d-----w C:\Program Files\Bonjour
2008-06-28 19:27 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-28 19:27 --------- d-----w C:\Program Files\Apple Software Update
2008-06-28 19:27 --------- d-----w C:\PROGRA~2\Apple
2008-06-28 19:07 --------- d-----w C:\Users\Marie\AppData\Roaming\Zylom
2008-06-28 18:56 --------- d-----w C:\Program Files\Azureus
2008-06-28 18:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-28 18:50 --------- d-----w C:\PROGRA~2\Azureus
2008-06-28 18:05 --------- d-----w C:\Program Files\CCleaner
2008-06-28 17:32 --------- d-----w C:\Program Files\Avira
2008-06-28 17:32 --------- d-----w C:\PROGRA~2\Avira
2008-06-28 17:04 --------- d-----w C:\Users\Marie\AppData\Roaming\Thunderbird
2008-06-28 16:59 --------- d-----w C:\Program Files\Google
2008-06-28 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-28 16:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-28 16:45 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-06-28 16:44 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-06-28 16:44 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-06-28 16:43 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-06-28 16:43 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-06-28 16:43 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-06-28 16:43 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-06-28 16:43 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-06-28 16:43 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-06-28 16:42 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-06-28 16:41 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-06-28 16:41 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-06-28 16:41 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-06-28 16:41 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-06-28 16:39 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-28 16:38 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-28 16:23 --------- d-----w C:\Program Files\DIFX
2008-06-28 16:22 --------- d---a-w C:\Program Files\WinVista
2008-06-28 16:05 --------- d-----w C:\Users\Marie\AppData\Roaming\Talkback
2008-06-28 15:56 --------- d-----w C:\Program Files\Wanadoo
2008-06-28 15:50 --------- d-----w C:\Program Files\Packard Bell
2008-06-28 15:46 --------- d-----w C:\Program Files\Microsoft Works
2008-06-28 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-28 15:44 --------- d-----w C:\Program Files\CyberLink
2008-06-28 15:41 --------- d-----w C:\Users\Marie\AppData\Roaming\Roxio
2008-06-28 15:41 --------- d-----w C:\Users\Marie\AppData\Roaming\CyberLink
2008-06-28 15:31 --------- d-sh--w C:\Program Files\Fichiers communs
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Modèles
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Favoris
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Bureau
2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-12-17 02:02 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f791b425-f2b4-4092-978b-4d447bbeef39}]
C:\Windows\system32\xezbnw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC363663-3324-426A-8962-3686E9E50E7E}]
2008-06-28 21:07 319488 --a------ C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-28 18:41 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"BM677ec5ad"="C:\Windows\system32\inwvypvh.dll" [2008-06-30 12:39 91136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM677ec5ad"="C:\Windows\system32\inwvypvh.dll" [2008-06-30 12:39 91136]
"644df631"="C:\Windows\system32\diddfsrg.dll" [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4E3E60F5-F691-475F-AFBA-CF9FCAB47C15}"= C:\Windows\system32\ddcYqppn.dll [2008-06-28 21:02 25088]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Users\Marie\AppData\Local\Temp\opnkliFy
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 18:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8C7E743-6D4D-4E10-98A0-0BAA72828EEB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC371163-83E3-483B-A4E5-9799AFFF7FBB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B7B20BD6-FC3D-45C1-982A-86E6B0B27B65}C:\\users\\marie\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\marie\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{B311AA1C-C996-4B94-A4A8-F31737F0344F}C:\\users\\marie\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\marie\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{C2E8A420-DDFC-4AB6-9652-C01D77553439}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{80812EB6-6656-4DE9-A3D3-E4264823CF29}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{A1E37E5F-C0F4-4645-9E35-3D25197D1703}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4EBEFC6D-564C-4B46-8F45-30C03A040FAB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{31D84A8C-9762-4E79-8822-B29C0D23E718}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4F67E44A-6A66-4BB6-A77D-884A0783904A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{A39D00C8-DD2F-4148-84B3-B2900764A1ED}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{48ED6EE3-1F13-4B7D-AFFD-93F2105A8C2C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 11:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{418f9f56-4526-11dd-9495-806e6f6e6963}]
\shell\AutoRun\command - H:\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 20:28:53
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-30 20:32:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 18:31:47
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
199 --- E O F --- 2008-06-30 18:14:42
De plus j'ai un problème qui me ferme internet toutes les 2 secondes appelé APPCRASH de explorer.exe
Bref je suis dépitée!!!!!
Voici mon log Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:13, on 30/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Marie\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: {93feebb7-44d4-b879-2904-4b2f524b197f} - {f791b425-f2b4-4092-978b-4d447bbeef39} - C:\Windows\system32\xezbnw.dll (file missing)
O2 - BHO: (no name) - {FC363663-3324-426A-8962-3686E9E50E7E} - C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM677ec5ad] Rundll32.exe "C:\Windows\system32\inwvypvh.dll",s
O4 - HKLM\..\Run: [644df631] rundll32.exe "C:\Windows\system32\diddfsrg.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [BM677ec5ad] Rundll32.exe "C:\Windows\system32\inwvypvh.dll",s
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 4733 bytes
Et mon log Combofix :
ComboFix 08-06-20.4 - Marie 2008-06-30 20:21:58.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1129 [GMT 2:00]
Endroit: C:\Users\Marie\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\grsfddid.ini
C:\Windows\system32\yonuuqse.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 18:26 --------- d-----w C:\Program Files\Windows Mail
2008-06-30 18:25 --------- d-----w C:\Users\Marie\AppData\Roaming\Azureus
2008-06-30 11:01 --------- d-----w C:\Program Files\Common Files\HP
2008-06-30 10:58 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-06-30 10:50 --------- d-----w C:\Program Files\Wedding Dash 2 - Rings Around the World
2008-06-30 10:25 --------- d-----w C:\PROGRA~2\Lavasoft
2008-06-30 10:23 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 10:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 09:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 09:30 --------- d-----w C:\Program Files\Realtek
2008-06-30 09:15 --------- d-----w C:\Program Files\Seagate
2008-06-29 16:51 --------- d-----w C:\Users\Marie\AppData\Roaming\DivX
2008-06-29 16:51 --------- d-----w C:\Program Files\DivX
2008-06-29 16:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-29 16:13 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-29 15:41 --------- d-----w C:\Users\Marie\AppData\Roaming\Packard Bell
2008-06-29 14:18 --------- d-----w C:\Program Files\Picasa2
2008-06-29 13:21 --------- d-----w C:\PROGRA~2\HP
2008-06-29 13:20 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-29 13:20 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-06-29 13:00 --------- d-----w C:\Program Files\HP
2008-06-29 11:28 --------- d-----w C:\Users\Marie\AppData\Roaming\PlayFirst
2008-06-29 11:28 --------- d-----w C:\PROGRA~2\PlayFirst
2008-06-29 10:02 --------- d-----w C:\PROGRA~2\Skype
2008-06-29 09:59 --------- d-----w C:\Program Files\Yahoo!
2008-06-28 19:31 --------- d-----w C:\Users\Marie\AppData\Roaming\Apple Computer
2008-06-28 19:31 --------- d-----w C:\Program Files\iTunes
2008-06-28 19:30 --------- d-----w C:\Program Files\iPod
2008-06-28 19:30 --------- d-----w C:\PROGRA~2\Apple Computer
2008-06-28 19:29 --------- d-----w C:\Program Files\QuickTime
2008-06-28 19:29 --------- d-----w C:\Program Files\Bonjour
2008-06-28 19:27 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-28 19:27 --------- d-----w C:\Program Files\Apple Software Update
2008-06-28 19:27 --------- d-----w C:\PROGRA~2\Apple
2008-06-28 19:07 --------- d-----w C:\Users\Marie\AppData\Roaming\Zylom
2008-06-28 18:56 --------- d-----w C:\Program Files\Azureus
2008-06-28 18:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-28 18:50 --------- d-----w C:\PROGRA~2\Azureus
2008-06-28 18:05 --------- d-----w C:\Program Files\CCleaner
2008-06-28 17:32 --------- d-----w C:\Program Files\Avira
2008-06-28 17:32 --------- d-----w C:\PROGRA~2\Avira
2008-06-28 17:04 --------- d-----w C:\Users\Marie\AppData\Roaming\Thunderbird
2008-06-28 16:59 --------- d-----w C:\Program Files\Google
2008-06-28 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-28 16:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-28 16:45 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-06-28 16:44 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-06-28 16:44 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-06-28 16:43 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-06-28 16:43 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-06-28 16:43 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-06-28 16:43 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-06-28 16:43 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-06-28 16:43 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-06-28 16:42 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-06-28 16:41 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-06-28 16:41 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-06-28 16:41 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-06-28 16:41 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-06-28 16:39 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-28 16:38 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-28 16:23 --------- d-----w C:\Program Files\DIFX
2008-06-28 16:22 --------- d---a-w C:\Program Files\WinVista
2008-06-28 16:05 --------- d-----w C:\Users\Marie\AppData\Roaming\Talkback
2008-06-28 15:56 --------- d-----w C:\Program Files\Wanadoo
2008-06-28 15:50 --------- d-----w C:\Program Files\Packard Bell
2008-06-28 15:46 --------- d-----w C:\Program Files\Microsoft Works
2008-06-28 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-28 15:44 --------- d-----w C:\Program Files\CyberLink
2008-06-28 15:41 --------- d-----w C:\Users\Marie\AppData\Roaming\Roxio
2008-06-28 15:41 --------- d-----w C:\Users\Marie\AppData\Roaming\CyberLink
2008-06-28 15:31 --------- d-sh--w C:\Program Files\Fichiers communs
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Modèles
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Favoris
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Bureau
2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-12-17 02:02 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f791b425-f2b4-4092-978b-4d447bbeef39}]
C:\Windows\system32\xezbnw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC363663-3324-426A-8962-3686E9E50E7E}]
2008-06-28 21:07 319488 --a------ C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-28 18:41 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"BM677ec5ad"="C:\Windows\system32\inwvypvh.dll" [2008-06-30 12:39 91136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM677ec5ad"="C:\Windows\system32\inwvypvh.dll" [2008-06-30 12:39 91136]
"644df631"="C:\Windows\system32\diddfsrg.dll" [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4E3E60F5-F691-475F-AFBA-CF9FCAB47C15}"= C:\Windows\system32\ddcYqppn.dll [2008-06-28 21:02 25088]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Users\Marie\AppData\Local\Temp\opnkliFy
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 18:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8C7E743-6D4D-4E10-98A0-0BAA72828EEB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC371163-83E3-483B-A4E5-9799AFFF7FBB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B7B20BD6-FC3D-45C1-982A-86E6B0B27B65}C:\\users\\marie\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\marie\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{B311AA1C-C996-4B94-A4A8-F31737F0344F}C:\\users\\marie\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\marie\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{C2E8A420-DDFC-4AB6-9652-C01D77553439}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{80812EB6-6656-4DE9-A3D3-E4264823CF29}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{A1E37E5F-C0F4-4645-9E35-3D25197D1703}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4EBEFC6D-564C-4B46-8F45-30C03A040FAB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{31D84A8C-9762-4E79-8822-B29C0D23E718}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4F67E44A-6A66-4BB6-A77D-884A0783904A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{A39D00C8-DD2F-4148-84B3-B2900764A1ED}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{48ED6EE3-1F13-4B7D-AFFD-93F2105A8C2C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 11:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{418f9f56-4526-11dd-9495-806e6f6e6963}]
\shell\AutoRun\command - H:\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 20:28:53
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-30 20:32:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 18:31:47
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
199 --- E O F --- 2008-06-30 18:14:42
Autres pages sur : virus monder appcrash explorer exe nouveau
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Essaie ce lien :
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d57...
Peut être que cela va fonctionner.
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d57...
Peut être que cela va fonctionner.
Re,
On va faire autrement.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
On va faire autrement.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
C:\Windows\system32\inwvypvh.dll
C:\Windows\system32\diddfsrg.dll
C:\Windows\system32\ddcYqppn.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f791b425-f2b4-4092-978b-4d447bbeef39}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC363663-3324-426A-8962-3686E9E50E7E}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM677ec5ad"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM677ec5ad"=-
"644df631"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4E3E60F5-F691-475F-AFBA-CF9FCAB47C15}"=-
C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
C:\Windows\system32\inwvypvh.dll
C:\Windows\system32\diddfsrg.dll
C:\Windows\system32\ddcYqppn.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f791b425-f2b4-4092-978b-4d447bbeef39}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC363663-3324-426A-8962-3686E9E50E7E}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM677ec5ad"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM677ec5ad"=-
"644df631"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4E3E60F5-F691-475F-AFBA-CF9FCAB47C15}"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Alors j'ai réussi à le glisser mais je ne pense pas que ça a marché vu que j'ai eu un message de combofix me disant le fichier est introuvable, il a alors redémarré et voici le log :
ComboFix 08-06-20.4 - Marie 2008-06-30 21:48:41.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1279 [GMT 2:00]
Endroit: C:\Users\Marie\Desktop\ComboFix.exe
Command switches used :: C:\Users\Marie\Desktop\CFScript.txt.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
C:\Windows\system32\ddcYqppn.dll
C:\Windows\system32\diddfsrg.dll
C:\Windows\system32\inwvypvh.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\ddcYqppn.dll
C:\Windows\system32\grsfddid.ini
C:\Windows\system32\inwvypvh.dll
C:\Windows\system32\yonuuqse.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
.
2008-06-30 20:05 . 2008-06-30 20:05 <REP> d-------- C:\VundoFix Backups
2008-06-30 13:01 . 2008-06-30 13:01 <REP> d-------- C:\Program Files\Common Files\HP
2008-06-30 12:58 . 2008-06-30 12:58 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-06-30 12:58 . 2008-06-30 12:58 <REP> d-------- C:\PROGRA~2\Hewlett-Packard
2008-06-30 12:52 . 2007-03-15 16:39 958,464 --a------ C:\Windows\System32\hpotiop4.dll
2008-06-30 12:52 . 2007-03-15 16:39 675,840 --a------ C:\Windows\System32\hpowiax4.dll
2008-06-30 12:52 . 2007-03-06 14:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-06-30 12:52 . 2007-03-06 14:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-06-30 12:52 . 2007-03-15 16:39 303,104 --a------ C:\Windows\System32\hpovst11.dll
2008-06-30 12:52 . 2007-03-29 01:29 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-06-30 12:52 . 2007-03-28 14:01 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
2008-06-30 12:50 . 2008-06-30 12:50 <REP> d-------- C:\Windows\Wedding Dash 2 - Rings Around the World
2008-06-30 12:50 . 2008-06-30 12:50 <REP> d-------- C:\Program Files\Wedding Dash 2 - Rings Around the World
2008-06-30 12:50 . 2008-06-30 13:05 160,351 --a------ C:\Windows\hpoins15.dat
2008-06-30 12:50 . 2007-12-12 22:02 1,039 --------- C:\Windows\hpomdl15.dat
2008-06-30 12:23 . 2008-06-30 12:25 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-30 12:23 . 2008-06-30 12:23 <REP> d-------- C:\Program Files\Lavasoft
2008-06-30 12:23 . 2008-06-30 12:25 <REP> d-------- C:\PROGRA~2\Lavasoft
2008-06-29 18:51 . 2008-06-29 18:51 <REP> d-------- C:\Users\Marie\AppData\Roaming\DivX
2008-06-29 18:49 . 2008-06-29 18:51 <REP> d-------- C:\Program Files\DivX
2008-06-29 17:51 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-29 17:51 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-06-29 16:18 . 2008-06-29 16:18 <REP> d-------- C:\Program Files\Picasa2
2008-06-29 15:20 . 2008-06-29 15:20 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-06-29 15:20 . 2008-06-29 15:20 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-29 15:00 . 2008-06-29 15:00 <REP> d-------- C:\Program Files\HP
2008-06-29 14:59 . 2008-06-29 15:21 <REP> d-------- C:\Users\All Users\HP
2008-06-29 14:59 . 2008-06-29 15:21 <REP> d-------- C:\PROGRA~2\HP
2008-06-29 13:28 . 2008-06-29 13:28 <REP> d-------- C:\Users\Marie\AppData\Roaming\PlayFirst
2008-06-29 13:28 . 2008-06-29 13:28 <REP> d-------- C:\Users\All Users\PlayFirst
2008-06-29 13:28 . 2008-06-29 13:28 <REP> d-------- C:\PROGRA~2\PlayFirst
2008-06-29 11:51 . 2008-06-29 11:59 <REP> d-------- C:\Program Files\Yahoo!
2008-06-28 21:31 . 2008-06-28 21:31 <REP> d-------- C:\Users\Marie\AppData\Roaming\Apple Computer
2008-06-28 21:30 . 2008-06-28 21:31 <REP> d-------- C:\Program Files\iTunes
2008-06-28 21:30 . 2008-06-28 21:30 <REP> d-------- C:\Program Files\iPod
2008-06-28 21:29 . 2008-06-28 21:29 <REP> d-------- C:\Program Files\Bonjour
2008-06-28 21:28 . 2008-06-28 21:30 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-28 21:28 . 2008-06-28 21:29 <REP> d-------- C:\Program Files\QuickTime
2008-06-28 21:28 . 2008-06-28 21:30 <REP> d-------- C:\PROGRA~2\Apple Computer
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\Users\All Users\Apple
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\Program Files\Common Files\Apple
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\PROGRA~2\Apple
2008-06-28 21:07 . 2008-06-28 21:07 <REP> d-------- C:\Users\Marie\AppData\Roaming\Zylom
2008-06-28 21:03 . 2008-06-28 21:03 14 --a------ C:\Windows\popcinfo.dat
2008-06-28 20:50 . 2008-06-30 21:39 <REP> d-------- C:\Users\Marie\AppData\Roaming\Azureus
2008-06-28 20:50 . 2008-06-28 20:50 <REP> d-------- C:\Users\All Users\Azureus
2008-06-28 20:50 . 2008-06-28 20:51 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-06-28 20:50 . 2008-06-28 20:50 <REP> d-------- C:\PROGRA~2\Azureus
2008-06-28 20:32 . 2008-06-28 20:56 <REP> d-------- C:\Program Files\Azureus
2008-06-28 20:27 . 2008-06-28 20:27 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-28 20:05 . 2008-06-28 20:05 <REP> d-------- C:\Program Files\CCleaner
2008-06-28 19:32 . 2008-06-28 19:32 <REP> d-------- C:\Users\All Users\Avira
2008-06-28 19:32 . 2008-06-28 19:32 <REP> d-------- C:\Program Files\Avira
2008-06-28 19:32 . 2008-06-28 19:32 <REP> d-------- C:\PROGRA~2\Avira
2008-06-28 19:04 . 2008-06-28 19:04 <REP> d-------- C:\Users\Marie\AppData\Roaming\Thunderbird
2008-06-28 19:04 . 2008-06-29 18:49 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-28 19:04 . 2008-06-28 19:04 0 --a------ C:\Windows\nsreg.dat
2008-06-28 18:45 . 2008-06-28 18:45 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-06-28 18:45 . 2008-06-28 18:45 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-06-28 18:44 . 2008-06-28 18:44 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-06-28 18:44 . 2008-06-28 18:44 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-06-28 18:44 . 2008-06-28 18:44 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-06-28 18:44 . 2008-06-28 18:44 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-06-28 18:44 . 2008-06-28 18:44 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-06-28 18:42 . 2008-06-28 18:42 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-06-28 18:42 . 2008-06-28 18:42 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-06-28 18:42 . 2008-06-28 18:42 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-06-28 18:42 . 2008-06-28 18:42 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-28 18:42 . 2008-06-28 18:42 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-28 18:42 . 2008-06-28 18:42 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-06-28 18:42 . 2008-06-28 18:42 2,048 --a------ C:\Windows\System32\asferror.dll
2008-06-28 18:41 . 2008-06-28 18:41 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-06-28 18:41 . 2008-06-28 18:41 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-06-28 18:41 . 2008-06-28 18:41 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-06-28 18:41 . 2008-06-28 18:41 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-06-28 18:41 . 2008-06-28 18:41 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-06-28 18:41 . 2008-06-28 18:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-06-28 18:41 . 2008-06-28 18:41 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-06-28 18:40 . 2008-06-28 18:40 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-28 18:39 . 2008-06-28 18:39 <REP> d-------- C:\Program Files\MSXML 4.0
2008-06-28 18:37 . 2008-06-28 18:37 2,048 --a------ C:\Windows\System32\tzres.dll
2008-06-28 18:24 . 2008-06-28 18:24 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-06-28 18:24 . 2008-06-28 18:24 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-06-28 18:24 . 2008-06-28 18:24 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-06-28 18:24 . 2008-06-28 18:24 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-06-28 18:24 . 2008-06-28 18:24 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-06-28 18:24 . 2008-06-28 18:24 43,352 --a------ C:\Windows\System32\wups2.dll
2008-06-28 18:24 . 2008-06-28 18:24 33,624 --a------ C:\Windows\System32\wups.dll
2008-06-28 18:23 . 2008-06-28 18:23 <REP> d-------- C:\Program Files\DIFX
2008-06-28 18:23 . 2008-06-28 18:23 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-06-28 18:23 . 2008-06-28 18:23 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-06-28 18:22 . 2008-06-28 18:22 <REP> d-a------ C:\Program Files\WinVista
2008-06-28 18:22 . 2006-12-20 11:18 217,600 --a------ C:\Windows\System32\drivers\sis163u.sys
2008-06-28 18:05 . 2008-06-28 18:05 <REP> d-------- C:\Users\Marie\AppData\Roaming\Talkback
2008-06-28 17:56 . 2008-06-28 17:56 <REP> d-------- C:\Program Files\Wanadoo
2008-06-28 17:56 . 2008-06-28 17:56 21 --a------ C:\Windows\kit.ini
2008-06-28 17:41 . 2008-06-28 17:41 <REP> d-------- C:\Users\Marie\AppData\Roaming\Roxio
2008-06-28 17:41 . 2008-06-28 17:41 <REP> d-------- C:\Users\Marie\AppData\Roaming\CyberLink
2008-06-28 17:40 . 2008-06-28 17:40 <REP> dr------- C:\Users\Marie\Searches
2008-06-28 17:40 . 2008-06-28 17:40 <REP> dr------- C:\Users\Marie\Contacts
2008-06-28 17:40 . 2008-06-29 17:41 <REP> d-------- C:\Users\Marie\AppData\Roaming\Packard Bell
2008-06-28 17:34 . 2008-06-29 18:49 <REP> dr------- C:\Users\Marie\Videos
2008-06-28 17:34 . 2008-06-29 11:43 <REP> dr------- C:\Users\Marie\Saved Games
2008-06-28 17:34 . 2008-06-28 20:24 <REP> dr------- C:\Users\Marie\Pictures
2008-06-28 17:34 . 2008-06-28 21:31 <REP> dr------- C:\Users\Marie\Music
2008-06-28 17:34 . 2008-06-28 17:40 <REP> dr------- C:\Users\Marie\Links
2008-06-28 17:34 . 2008-06-28 21:27 <REP> dr------- C:\Users\Marie\Downloads
2008-06-28 17:34 . 2008-06-30 21:25 <REP> dr------- C:\Users\Marie\Documents
2008-06-28 17:34 . 2006-11-02 14:37 <REP> d-------- C:\Users\Marie\AppData\Roaming\Media Center Programs
2008-06-28 17:34 . 2008-06-28 17:40 <REP> d--h----- C:\Users\Marie\AppData
2008-06-28 17:34 . 2008-06-30 21:39 <REP> d-a------ C:\Users\Marie
2008-06-28 17:31 . 2008-06-28 17:31 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 19:42 --------- d-----w C:\Program Files\Windows Mail
2008-06-30 19:39 --------- d-----w C:\Program Files\Packard Bell
2008-06-30 10:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 09:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 09:30 --------- d-----w C:\Program Files\Realtek
2008-06-30 09:15 --------- d-----w C:\Program Files\Seagate
2008-06-29 16:13 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-29 10:02 --------- d-----w C:\PROGRA~2\Skype
2008-06-28 16:59 --------- d-----w C:\Program Files\Google
2008-06-28 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-28 16:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-28 16:43 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-06-28 16:43 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-06-28 16:43 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-06-28 16:43 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-06-28 16:43 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-06-28 16:43 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-06-28 16:38 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-28 15:46 --------- d-----w C:\Program Files\Microsoft Works
2008-06-28 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-28 15:44 --------- d-----w C:\Program Files\CyberLink
2008-06-28 15:31 --------- d-sh--w C:\Program Files\Fichiers communs
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Modèles
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Favoris
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Bureau
2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-12-17 02:02 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-28 18:41 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 18:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8C7E743-6D4D-4E10-98A0-0BAA72828EEB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC371163-83E3-483B-A4E5-9799AFFF7FBB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B7B20BD6-FC3D-45C1-982A-86E6B0B27B65}C:\\users\\marie\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\marie\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{B311AA1C-C996-4B94-A4A8-F31737F0344F}C:\\users\\marie\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\marie\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{C2E8A420-DDFC-4AB6-9652-C01D77553439}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{80812EB6-6656-4DE9-A3D3-E4264823CF29}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{A1E37E5F-C0F4-4645-9E35-3D25197D1703}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4EBEFC6D-564C-4B46-8F45-30C03A040FAB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{31D84A8C-9762-4E79-8822-B29C0D23E718}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4F67E44A-6A66-4BB6-A77D-884A0783904A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{A39D00C8-DD2F-4148-84B3-B2900764A1ED}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{48ED6EE3-1F13-4B7D-AFFD-93F2105A8C2C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 11:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{418f9f56-4526-11dd-9495-806e6f6e6963}]
\shell\AutoRun\command - H:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-30 18:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-06-28 16:59:59 C:\Windows\Tasks\HDReg.job"
- C:\Program Files\HDReg\HDRegRem.exe
"2008-06-30 18:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 21:56:01
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-30 21:57:48 - machine was rebooted [Marie]
ComboFix-quarantined-files.txt 2008-06-30 19:57:44
ComboFix2.txt 2008-06-30 18:32:52
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 291,161,546,752 octets libres
267 --- E O F --- 2008-06-30 18:14:42
ComboFix 08-06-20.4 - Marie 2008-06-30 21:48:41.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1279 [GMT 2:00]
Endroit: C:\Users\Marie\Desktop\ComboFix.exe
Command switches used :: C:\Users\Marie\Desktop\CFScript.txt.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
C:\Windows\system32\ddcYqppn.dll
C:\Windows\system32\diddfsrg.dll
C:\Windows\system32\inwvypvh.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Marie\AppData\Local\Temp\opnkliFy.dll
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\ddcYqppn.dll
C:\Windows\system32\grsfddid.ini
C:\Windows\system32\inwvypvh.dll
C:\Windows\system32\yonuuqse.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
.
2008-06-30 20:05 . 2008-06-30 20:05 <REP> d-------- C:\VundoFix Backups
2008-06-30 13:01 . 2008-06-30 13:01 <REP> d-------- C:\Program Files\Common Files\HP
2008-06-30 12:58 . 2008-06-30 12:58 <REP> d-------- C:\Users\All Users\Hewlett-Packard
2008-06-30 12:58 . 2008-06-30 12:58 <REP> d-------- C:\PROGRA~2\Hewlett-Packard
2008-06-30 12:52 . 2007-03-15 16:39 958,464 --a------ C:\Windows\System32\hpotiop4.dll
2008-06-30 12:52 . 2007-03-15 16:39 675,840 --a------ C:\Windows\System32\hpowiax4.dll
2008-06-30 12:52 . 2007-03-06 14:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-06-30 12:52 . 2007-03-06 14:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-06-30 12:52 . 2007-03-15 16:39 303,104 --a------ C:\Windows\System32\hpovst11.dll
2008-06-30 12:52 . 2007-03-29 01:29 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-06-30 12:52 . 2007-03-28 14:01 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
2008-06-30 12:50 . 2008-06-30 12:50 <REP> d-------- C:\Windows\Wedding Dash 2 - Rings Around the World
2008-06-30 12:50 . 2008-06-30 12:50 <REP> d-------- C:\Program Files\Wedding Dash 2 - Rings Around the World
2008-06-30 12:50 . 2008-06-30 13:05 160,351 --a------ C:\Windows\hpoins15.dat
2008-06-30 12:50 . 2007-12-12 22:02 1,039 --------- C:\Windows\hpomdl15.dat
2008-06-30 12:23 . 2008-06-30 12:25 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-30 12:23 . 2008-06-30 12:23 <REP> d-------- C:\Program Files\Lavasoft
2008-06-30 12:23 . 2008-06-30 12:25 <REP> d-------- C:\PROGRA~2\Lavasoft
2008-06-29 18:51 . 2008-06-29 18:51 <REP> d-------- C:\Users\Marie\AppData\Roaming\DivX
2008-06-29 18:49 . 2008-06-29 18:51 <REP> d-------- C:\Program Files\DivX
2008-06-29 17:51 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-29 17:51 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-06-29 16:18 . 2008-06-29 16:18 <REP> d-------- C:\Program Files\Picasa2
2008-06-29 15:20 . 2008-06-29 15:20 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-06-29 15:20 . 2008-06-29 15:20 <REP> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-29 15:00 . 2008-06-29 15:00 <REP> d-------- C:\Program Files\HP
2008-06-29 14:59 . 2008-06-29 15:21 <REP> d-------- C:\Users\All Users\HP
2008-06-29 14:59 . 2008-06-29 15:21 <REP> d-------- C:\PROGRA~2\HP
2008-06-29 13:28 . 2008-06-29 13:28 <REP> d-------- C:\Users\Marie\AppData\Roaming\PlayFirst
2008-06-29 13:28 . 2008-06-29 13:28 <REP> d-------- C:\Users\All Users\PlayFirst
2008-06-29 13:28 . 2008-06-29 13:28 <REP> d-------- C:\PROGRA~2\PlayFirst
2008-06-29 11:51 . 2008-06-29 11:59 <REP> d-------- C:\Program Files\Yahoo!
2008-06-28 21:31 . 2008-06-28 21:31 <REP> d-------- C:\Users\Marie\AppData\Roaming\Apple Computer
2008-06-28 21:30 . 2008-06-28 21:31 <REP> d-------- C:\Program Files\iTunes
2008-06-28 21:30 . 2008-06-28 21:30 <REP> d-------- C:\Program Files\iPod
2008-06-28 21:29 . 2008-06-28 21:29 <REP> d-------- C:\Program Files\Bonjour
2008-06-28 21:28 . 2008-06-28 21:30 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-28 21:28 . 2008-06-28 21:29 <REP> d-------- C:\Program Files\QuickTime
2008-06-28 21:28 . 2008-06-28 21:30 <REP> d-------- C:\PROGRA~2\Apple Computer
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\Users\All Users\Apple
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\Program Files\Common Files\Apple
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\PROGRA~2\Apple
2008-06-28 21:07 . 2008-06-28 21:07 <REP> d-------- C:\Users\Marie\AppData\Roaming\Zylom
2008-06-28 21:03 . 2008-06-28 21:03 14 --a------ C:\Windows\popcinfo.dat
2008-06-28 20:50 . 2008-06-30 21:39 <REP> d-------- C:\Users\Marie\AppData\Roaming\Azureus
2008-06-28 20:50 . 2008-06-28 20:50 <REP> d-------- C:\Users\All Users\Azureus
2008-06-28 20:50 . 2008-06-28 20:51 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-06-28 20:50 . 2008-06-28 20:50 <REP> d-------- C:\PROGRA~2\Azureus
2008-06-28 20:32 . 2008-06-28 20:56 <REP> d-------- C:\Program Files\Azureus
2008-06-28 20:27 . 2008-06-28 20:27 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-28 20:05 . 2008-06-28 20:05 <REP> d-------- C:\Program Files\CCleaner
2008-06-28 19:32 . 2008-06-28 19:32 <REP> d-------- C:\Users\All Users\Avira
2008-06-28 19:32 . 2008-06-28 19:32 <REP> d-------- C:\Program Files\Avira
2008-06-28 19:32 . 2008-06-28 19:32 <REP> d-------- C:\PROGRA~2\Avira
2008-06-28 19:04 . 2008-06-28 19:04 <REP> d-------- C:\Users\Marie\AppData\Roaming\Thunderbird
2008-06-28 19:04 . 2008-06-29 18:49 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-28 19:04 . 2008-06-28 19:04 0 --a------ C:\Windows\nsreg.dat
2008-06-28 18:45 . 2008-06-28 18:45 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-06-28 18:45 . 2008-06-28 18:45 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-06-28 18:44 . 2008-06-28 18:44 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-06-28 18:44 . 2008-06-28 18:44 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-06-28 18:44 . 2008-06-28 18:44 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-06-28 18:44 . 2008-06-28 18:44 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-06-28 18:44 . 2008-06-28 18:44 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-06-28 18:42 . 2008-06-28 18:42 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-06-28 18:42 . 2008-06-28 18:42 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-06-28 18:42 . 2008-06-28 18:42 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-06-28 18:42 . 2008-06-28 18:42 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-28 18:42 . 2008-06-28 18:42 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-28 18:42 . 2008-06-28 18:42 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-06-28 18:42 . 2008-06-28 18:42 2,048 --a------ C:\Windows\System32\asferror.dll
2008-06-28 18:41 . 2008-06-28 18:41 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-06-28 18:41 . 2008-06-28 18:41 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-06-28 18:41 . 2008-06-28 18:41 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-06-28 18:41 . 2008-06-28 18:41 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-06-28 18:41 . 2008-06-28 18:41 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-06-28 18:41 . 2008-06-28 18:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-06-28 18:41 . 2008-06-28 18:41 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-06-28 18:40 . 2008-06-28 18:40 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-28 18:39 . 2008-06-28 18:39 <REP> d-------- C:\Program Files\MSXML 4.0
2008-06-28 18:37 . 2008-06-28 18:37 2,048 --a------ C:\Windows\System32\tzres.dll
2008-06-28 18:24 . 2008-06-28 18:24 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-06-28 18:24 . 2008-06-28 18:24 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-06-28 18:24 . 2008-06-28 18:24 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-06-28 18:24 . 2008-06-28 18:24 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-06-28 18:24 . 2008-06-28 18:24 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-06-28 18:24 . 2008-06-28 18:24 43,352 --a------ C:\Windows\System32\wups2.dll
2008-06-28 18:24 . 2008-06-28 18:24 33,624 --a------ C:\Windows\System32\wups.dll
2008-06-28 18:23 . 2008-06-28 18:23 <REP> d-------- C:\Program Files\DIFX
2008-06-28 18:23 . 2008-06-28 18:23 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-06-28 18:23 . 2008-06-28 18:23 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-06-28 18:22 . 2008-06-28 18:22 <REP> d-a------ C:\Program Files\WinVista
2008-06-28 18:22 . 2006-12-20 11:18 217,600 --a------ C:\Windows\System32\drivers\sis163u.sys
2008-06-28 18:05 . 2008-06-28 18:05 <REP> d-------- C:\Users\Marie\AppData\Roaming\Talkback
2008-06-28 17:56 . 2008-06-28 17:56 <REP> d-------- C:\Program Files\Wanadoo
2008-06-28 17:56 . 2008-06-28 17:56 21 --a------ C:\Windows\kit.ini
2008-06-28 17:41 . 2008-06-28 17:41 <REP> d-------- C:\Users\Marie\AppData\Roaming\Roxio
2008-06-28 17:41 . 2008-06-28 17:41 <REP> d-------- C:\Users\Marie\AppData\Roaming\CyberLink
2008-06-28 17:40 . 2008-06-28 17:40 <REP> dr------- C:\Users\Marie\Searches
2008-06-28 17:40 . 2008-06-28 17:40 <REP> dr------- C:\Users\Marie\Contacts
2008-06-28 17:40 . 2008-06-29 17:41 <REP> d-------- C:\Users\Marie\AppData\Roaming\Packard Bell
2008-06-28 17:34 . 2008-06-29 18:49 <REP> dr------- C:\Users\Marie\Videos
2008-06-28 17:34 . 2008-06-29 11:43 <REP> dr------- C:\Users\Marie\Saved Games
2008-06-28 17:34 . 2008-06-28 20:24 <REP> dr------- C:\Users\Marie\Pictures
2008-06-28 17:34 . 2008-06-28 21:31 <REP> dr------- C:\Users\Marie\Music
2008-06-28 17:34 . 2008-06-28 17:40 <REP> dr------- C:\Users\Marie\Links
2008-06-28 17:34 . 2008-06-28 21:27 <REP> dr------- C:\Users\Marie\Downloads
2008-06-28 17:34 . 2008-06-30 21:25 <REP> dr------- C:\Users\Marie\Documents
2008-06-28 17:34 . 2006-11-02 14:37 <REP> d-------- C:\Users\Marie\AppData\Roaming\Media Center Programs
2008-06-28 17:34 . 2008-06-28 17:40 <REP> d--h----- C:\Users\Marie\AppData
2008-06-28 17:34 . 2008-06-30 21:39 <REP> d-a------ C:\Users\Marie
2008-06-28 17:31 . 2008-06-28 17:31 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 19:42 --------- d-----w C:\Program Files\Windows Mail
2008-06-30 19:39 --------- d-----w C:\Program Files\Packard Bell
2008-06-30 10:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 09:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 09:30 --------- d-----w C:\Program Files\Realtek
2008-06-30 09:15 --------- d-----w C:\Program Files\Seagate
2008-06-29 16:13 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-29 10:02 --------- d-----w C:\PROGRA~2\Skype
2008-06-28 16:59 --------- d-----w C:\Program Files\Google
2008-06-28 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-28 16:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-28 16:43 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-06-28 16:43 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-06-28 16:43 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-06-28 16:43 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-06-28 16:43 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-06-28 16:43 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-06-28 16:38 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-28 15:46 --------- d-----w C:\Program Files\Microsoft Works
2008-06-28 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-28 15:44 --------- d-----w C:\Program Files\CyberLink
2008-06-28 15:31 --------- d-sh--w C:\Program Files\Fichiers communs
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Modèles
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Menu Démarrer
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Favoris
2008-06-28 15:31 --------- d-sh--w C:\PROGRA~2\Bureau
2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-12-17 02:02 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-28 18:41 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 18:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8C7E743-6D4D-4E10-98A0-0BAA72828EEB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC371163-83E3-483B-A4E5-9799AFFF7FBB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B7B20BD6-FC3D-45C1-982A-86E6B0B27B65}C:\\users\\marie\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\marie\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{B311AA1C-C996-4B94-A4A8-F31737F0344F}C:\\users\\marie\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\marie\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{C2E8A420-DDFC-4AB6-9652-C01D77553439}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{80812EB6-6656-4DE9-A3D3-E4264823CF29}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{A1E37E5F-C0F4-4645-9E35-3D25197D1703}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4EBEFC6D-564C-4B46-8F45-30C03A040FAB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{31D84A8C-9762-4E79-8822-B29C0D23E718}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4F67E44A-6A66-4BB6-A77D-884A0783904A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{A39D00C8-DD2F-4148-84B3-B2900764A1ED}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{48ED6EE3-1F13-4B7D-AFFD-93F2105A8C2C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 11:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{418f9f56-4526-11dd-9495-806e6f6e6963}]
\shell\AutoRun\command - H:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-30 18:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-06-28 16:59:59 C:\Windows\Tasks\HDReg.job"
- C:\Program Files\HDReg\HDRegRem.exe
"2008-06-30 18:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 21:56:01
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-30 21:57:48 - machine was rebooted [Marie]
ComboFix-quarantined-files.txt 2008-06-30 19:57:44
ComboFix2.txt 2008-06-30 18:32:52
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 291,161,546,752 octets libres
267 --- E O F --- 2008-06-30 18:14:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10:29, on 01/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Marie\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 4204 bytes
Désolée pour le retard, j'ai même pu faire la 1ère manip avec l'anti-malaware mais le log ne s'est pas enregistré. Il a éffacé
4 erreurs.
En tout cas merci beaucoup pour ton aide efficace et rapide.
Scan saved at 00:10:29, on 01/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Marie\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 4204 bytes
Désolée pour le retard, j'ai même pu faire la 1ère manip avec l'anti-malaware mais le log ne s'est pas enregistré. Il a éffacé
4 erreurs.
En tout cas merci beaucoup pour ton aide efficace et rapide.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumNouveau pc vista infectes de virus
- ForumVirus pc infecte et antivirus detruit .exe
- ForumVirus autoruns .exe dand mon pc
- ForumNouveau virus pc
- ForumVirus explorer exe
- ForumExplorer exe virus
- ForumProbleme virus explorer .exe
- ForumVirus firefox nouveau virus
- ForumVirus sur les .exe
- ForumVirus exe
- Voir plus
