virus

skimgrat

29 Septembre 2008 15:58:39

Bonjours
J'ais attrapé un virus et j'ais fai le scan de hijackthis et voicie se qu'il me donne:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:46, on 29/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Applications\iebtm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Applications\iebtmm.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\anti virus Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MSX\MSx.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MSX\MSx.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8099 bytes

Merci d'avance

Autres pages sur : virus

| Etre averti des réponses
| Alerter

Répondre à skimgrat

Angeldark

29 Septembre 2008 16:52:45

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

| Alerter

Répondre à Angeldark

skimgrat

30 Septembre 2008 15:32:42

Bonjour
J'ais fai le rapport:

2008-09-24 18:24 . 2008-01-19 09:29 705,536 --a------ C:\Windows\System32\imagesp1.dll
2008-09-24 18:24 . 2008-01-19 06:10 681,984 --a------ C:\Windows\System32\drivers\spsys.sys
2008-09-24 18:24 . 2008-01-19 09:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-09-24 18:22 . 2008-01-19 05:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-09-24 18:21 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-09-24 18:20 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-09-24 18:19 . 2008-01-19 09:33 2,515,968 --a------ C:\Windows\System32\accessibilitycpl.dll
2008-09-24 18:18 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-09-24 18:17 . 2008-01-19 09:32 1,370,624 --a------ C:\Windows\System32\Aurora.scr
2008-09-24 18:16 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-09-24 18:15 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-09-24 18:14 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-09-24 18:14 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-09-24 18:14 . 2008-01-05 13:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-09-24 18:14 . 2008-01-05 13:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-09-24 18:14 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-09-24 18:14 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-09-24 18:13 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-09-24 18:11 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-09-24 18:11 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-09-24 18:11 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-09-24 18:10 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-09-24 18:10 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-09-24 18:10 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-09-24 18:10 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-09-24 18:10 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-09-24 18:10 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-09-15 18:50 . 2008-09-15 18:50 <REP> d-------- C:\Users\veronique\AppData\Roaming\Apple Computer
2008-09-14 12:02 . 2008-09-29 16:31 54,156 --ah----- C:\Windows\QTFont.qfn
2008-09-14 12:02 . 2008-09-14 12:02 1,409 --a------ C:\Windows\QTFont.for
2008-09-10 17:43 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 17:43 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 17:22 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-08-21 14:59 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-21 14:59 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-21 14:59 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-21 14:59 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-21 14:59 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-21 14:59 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-21 14:59 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-21 14:58 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-21 14:58 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-20 20:55 . 2008-08-20 20:55 <REP> d-------- C:\Users\veronique\AppData\Roaming\vlc
2008-08-20 20:43 . 2008-08-20 20:59 <REP> d-------- C:\Users\veronique\film
2008-08-14 10:27 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 10:16 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 15:03 13,213 ----a-w C:\Users\veronique\AppData\Roaming\nvModes.dat
2008-09-29 17:19 --------- d-----w C:\Program Files\MSN Messenger
2008-09-29 16:37 174 --sha-w C:\Program Files\desktop.ini
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Mail
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Journal
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Defender
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Calendar
2008-09-29 15:11 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-29 15:11 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-29 09:04 --------- d-----w C:\Program Files\World of Warcraft
2008-09-26 10:04 --------- d-----w C:\Users\veronique\AppData\Roaming\Skype
2008-09-24 15:44 --------- d-----w C:\Users\veronique\AppData\Roaming\skypePM
2008-09-11 06:22 --------- d-----w C:\Program Files\Microsoft Works
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-21 13:21 13,072 ----a-w C:\Users\Invité\AppData\Roaming\nvModes.dat
2007-10-21 07:17 614 ----a-w C:\Users\veronique\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
2008-09-30 17:14 8704 --a------ C:\Program Files\Applications\iebt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smart Start UP"="C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe" [2007-04-27 104528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-20 155648]
"ANTIVIRUS"="C:\Program Files\MSX\MSx.exe" [2008-09-27 412160]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"smile"="C:\Program Files\Applications\wcs.exe" [2008-09-29 17408]
"start"="C:\Program Files\Applications\iebtm.exe" [2008-09-29 35328]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6EAD248-3380-420E-8AC7-31548A61C8DA}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{615648ED-EC8F-43D5-828E-0A5BBF002C89}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{7711E26C-F1DE-41B4-9A30-03C924CA8756}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E46437B2-C857-442C-91DD-1153891A8B92}"= Disabled:UDP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB06APR1\incredimail_install[1].exe:IncrediMail Installer
"{C3A628EA-49F2-48FC-BAE2-13576549745F}"= Disabled:TCP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB06APR1\incredimail_install[1].exe:IncrediMail Installer
"{750D6C56-46B8-4B11-9991-029876DD729F}"= Disabled:UDP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTYLDXR6\incredimail_install[1].exe:IncrediMail Installer
"{895207B6-C219-4310-8076-31C783A48CE5}"= Disabled:TCP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTYLDXR6\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{48B10ADB-6D01-4393-B64D-7582441505E6}C:\\users\\veronique\\demos\\emule\\emule.exe"= UDP:C:\users\veronique\demos\emule\emule.exe:emule.exe
"UDP Query User{A018738A-86F3-435F-9E6A-D6BD9FC98978}C:\\users\\veronique\\demos\\emule\\emule.exe"= TCP:C:\users\veronique\demos\emule\emule.exe:emule.exe
"{E97B1D51-AC5A-4D6C-8D0F-B8DCA0AFADF4}"= UDP:C:\Program Files\World of Warcraft\WoW-2.4.0-frFR-downloader.exe:Blizzard Downloader
"{A46FF35F-2DFF-4F6E-B199-D159CA66CAEE}"= TCP:C:\Program Files\World of Warcraft\WoW-2.4.0-frFR-downloader.exe:Blizzard Downloader
"{764E4144-8916-4654-BC1D-41CF6B18E29D}"= UDP:3724:Blizzard Downloader: 3724
"{9852708D-B6A6-40BD-A7FB-5734BEB4454B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B805D849-F1B2-4486-86A3-EBD9F8BD2EDB}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D010223E-BAA1-4E5C-91A1-ABC8F61E08F3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
O9 -: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php
O9 -: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php -
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 17:26:41
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-30 17:28:44
ComboFix-quarantined-files.txt 2008-09-30 15:28:40

Avant-CF: 77,146,914,816 octets libres
Après-CF: 77,476,835,328 octets libres

205 --- E O F --- 2008-09-29 15:26:26

Seulemant je ne sais pas comment on désactive les protections.
Merci

| Alerter

Répondre à skimgrat

Angeldark

30 Septembre 2008 15:45:18

Ton rapport n'est pas complet

| Alerter

Répondre à Angeldark

skimgrat

1 Octobre 2008 10:23:24

bonjour
Je vais refaire un rapport mais seulement il m'a supprimé mes périphérique audio donc je n'ais plus de son comment faire?

| Alerter

Répondre à skimgrat

skimgrat

1 Octobre 2008 10:36:33

Voici le nouveaux scan:

ComboFix 08-09-30.03 - veronique 2008-10-01 12:26:48.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.431 [GMT 2:00]
Lancé depuis: C:\Users\veronique\Desktop\comboFix\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))
.

2008-09-30 17:21 . 2008-10-01 12:25 <REP> d-------- C:\32788R22FWJFW
2008-09-30 09:18 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-30 09:18 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-30 09:18 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-30 09:18 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-30 09:18 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-30 09:18 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-29 18:23 . 2008-09-29 18:23 <REP> d-------- C:\PerfLogs
2008-09-29 17:42 . 2008-09-29 17:42 <REP> d-------- C:\Program Files\anti virus Trend Micro
2008-09-29 17:37 . 2008-09-29 17:37 <REP> d-------- C:\Program Files\Trend Micro
2008-09-29 16:46 . 2008-09-29 16:46 <REP> d-------- C:\Program Files\MSX
2008-09-29 16:46 . 2008-09-27 19:27 166,912 --a------ C:\Windows\System32\MSx.cpl
2008-09-29 16:45 . 2008-10-01 09:45 <REP> d-------- C:\Program Files\Applications
2008-09-24 18:24 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-09-24 18:24 . 2008-01-19 09:33 2,091,520 --a------ C:\Windows\System32\dfsr.exe
2008-09-24 18:24 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-09-24 18:24 . 2008-01-19 09:36 1,107,968 --a------ C:\Windows\System32\pidgenx.dll
2008-09-24 18:24 . 2008-01-19 09:29 705,536 --a------ C:\Windows\System32\imagesp1.dll
2008-09-24 18:24 . 2008-01-19 06:10 681,984 --a------ C:\Windows\System32\drivers\spsys.sys
2008-09-24 18:24 . 2008-01-19 09:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-09-24 18:22 . 2008-01-19 05:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-09-24 18:21 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-09-24 18:20 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-09-24 18:19 . 2008-01-19 09:33 2,515,968 --a------ C:\Windows\System32\accessibilitycpl.dll
2008-09-24 18:18 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-09-24 18:17 . 2008-01-19 09:32 1,370,624 --a------ C:\Windows\System32\Aurora.scr
2008-09-24 18:16 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-09-24 18:15 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-09-24 18:14 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-09-24 18:14 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-09-24 18:14 . 2008-01-05 13:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-09-24 18:14 . 2008-01-05 13:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-09-24 18:14 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-09-24 18:14 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-09-24 18:13 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-09-24 18:11 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-09-24 18:11 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-09-24 18:11 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-09-24 18:10 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-09-24 18:10 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-09-24 18:10 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-09-24 18:10 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-09-24 18:10 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-09-24 18:10 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-09-15 18:50 . 2008-09-15 18:50 <REP> d-------- C:\Users\veronique\AppData\Roaming\Apple Computer
2008-09-14 12:02 . 2008-09-29 16:31 54,156 --ah----- C:\Windows\QTFont.qfn
2008-09-14 12:02 . 2008-09-14 12:02 1,409 --a------ C:\Windows\QTFont.for
2008-09-10 17:43 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 17:43 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 17:22 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 17:37 --------- d-----w C:\Users\veronique\AppData\Roaming\Skype
2008-09-30 15:03 13,213 ----a-w C:\Users\veronique\AppData\Roaming\nvModes.dat
2008-09-29 17:19 --------- d-----w C:\Program Files\MSN Messenger
2008-09-29 16:37 174 --sha-w C:\Program Files\desktop.ini
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Mail
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Journal
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Defender
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Calendar
2008-09-29 15:11 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-29 15:11 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-29 09:04 --------- d-----w C:\Program Files\World of Warcraft
2008-09-24 15:44 --------- d-----w C:\Users\veronique\AppData\Roaming\skypePM
2008-09-11 06:22 --------- d-----w C:\Program Files\Microsoft Works
2008-08-20 18:55 --------- d-----w C:\Users\veronique\AppData\Roaming\vlc
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-21 13:21 13,072 ----a-w C:\Users\Invité\AppData\Roaming\nvModes.dat
2007-10-21 07:17 614 ----a-w C:\Users\veronique\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-30_17.27.44.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-30 15:13:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-01 10:18:55 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-30 15:13:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-01 10:18:55 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-30 15:15:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-01 10:20:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-09-30 15:15:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-01 10:20:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-01 10:20:38 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-30 15:14:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-01 10:19:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-30 15:14:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 10:19:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-30 15:14:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-01 10:19:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-30 15:11:04 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-01 10:26:40 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-01-19 07:33:05 139,264 ----a-w C:\Windows\System32\cscript.exe
+ 2008-05-08 21:58:40 135,168 ----a-w C:\Windows\System32\cscript.exe
- 2008-01-19 05:55:53 72,192 ----a-w C:\Windows\System32\drivers\pacer.sys
+ 2008-04-05 01:21:42 72,192 ----a-w C:\Windows\System32\drivers\pacer.sys
- 2008-01-19 07:43:39 891,448 ----a-w C:\Windows\System32\drivers\tcpip.sys
+ 2008-04-26 08:26:49 891,448 ----a-w C:\Windows\System32\drivers\tcpip.sys
- 2008-01-19 07:34:35 512,000 ----a-w C:\Windows\System32\jscript.dll
+ 2008-05-08 21:59:28 512,000 ----a-w C:\Windows\System32\jscript.dll
- 2008-01-19 07:43:48 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
+ 2008-04-26 08:25:53 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
- 2008-01-19 07:43:47 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
+ 2008-04-26 08:25:54 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
- 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\System32\pacerprf.dll
+ 2008-04-05 03:34:31 15,360 ----a-w C:\Windows\System32\pacerprf.dll
- 2008-09-30 15:18:21 113,114 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-01 10:23:34 113,114 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-30 15:18:21 138,374 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-10-01 10:23:34 138,374 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-30 15:18:21 619,932 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-01 10:23:34 619,932 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-30 15:18:21 718,030 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-10-01 10:23:34 718,030 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-01-19 07:36:17 785,408 ----a-w C:\Windows\System32\rpcrt4.dll
+ 2008-04-12 03:32:11 784,896 ----a-w C:\Windows\System32\rpcrt4.dll
- 2008-01-19 07:36:19 180,224 ----a-w C:\Windows\System32\scrobj.dll
+ 2008-05-08 21:59:32 180,224 ----a-w C:\Windows\System32\scrobj.dll
- 2008-01-19 07:36:19 172,032 ----a-w C:\Windows\System32\scrrun.dll
+ 2008-05-08 21:59:32 172,032 ----a-w C:\Windows\System32\scrrun.dll
- 2008-09-30 07:31:17 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-10-01 06:21:38 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-01-19 07:36:47 430,080 ----a-w C:\Windows\System32\vbscript.dll
+ 2008-05-08 21:59:33 430,080 ----a-w C:\Windows\System32\vbscript.dll
- 2008-09-30 15:15:48 15,160 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3587287723-2278268552-551057220-1000_UserData.bin
+ 2008-10-01 10:21:34 15,176 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3587287723-2278268552-551057220-1000_UserData.bin
- 2008-09-30 15:15:48 72,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 10:21:34 72,848 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-30 15:04:48 52,650 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 10:21:32 53,154 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-19 07:33:40 155,648 ----a-w C:\Windows\System32\wscript.exe
+ 2008-05-08 21:59:26 155,648 ----a-w C:\Windows\System32\wscript.exe
- 2008-01-19 07:37:11 90,112 ----a-w C:\Windows\System32\wshext.dll
+ 2008-05-08 21:59:35 90,112 ----a-w C:\Windows\System32\wshext.dll
+ 2008-06-26 03:29:02 45,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.18098_none_f64ce87593b7801f\dataclen.dll
+ 2008-06-26 03:15:06 45,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.22211_none_f7260480ac9a8c27\dataclen.dll
+ 2008-05-10 03:35:15 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18069_none_9e540f60f6e2ecf1\emdmgmt.dll
+ 2008-06-26 03:29:02 565,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\emdmgmt.dll
+ 2008-05-10 03:17:36 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22176_none_9ecfdb62100b5ca7\emdmgmt.dll
+ 2008-06-26 03:15:30 565,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22211_none_9f0bbb5e0fdf3375\emdmgmt.dll
+ 2008-08-02 03:26:00 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\cdd.dll
+ 2008-08-02 01:01:23 625,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\dxgkrnl.sys
+ 2008-08-02 03:20:51 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\cdd.dll
+ 2008-08-02 00:59:11 625,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\dxgkrnl.sys
+ 2008-05-20 02:07:31 148,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.18075_none_4ec1fb0e8f26c88a\nwifi.sys
+ 2008-05-20 02:00:06 148,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.22183_none_4f3ec759a84e5197\nwifi.sys
+ 2008-05-28 03:27:17 223,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22188_none_56d68c90cea4d169\netio.sys
+ 2008-05-28 03:17:25 328,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\BFE.DLL
+ 2008-05-28 03:28:43 101,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\FWPKCLNT.SYS
+ 2008-05-28 03:19:07 595,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\FWPUCLNT.DLL
+ 2008-05-28 03:19:32 438,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\IKEEXT.DLL
+ 2008-04-26 08:25:53 3,600,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe
+ 2008-04-26 08:25:54 3,549,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
+ 2008-04-26 08:11:34 3,601,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe
+ 2008-04-26 08:11:33 3,549,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
+ 2008-04-05 01:21:42 72,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacer.sys
+ 2008-04-05 03:34:31 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacerprf.dll
+ 2008-04-05 01:20:52 72,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacer.sys
+ 2008-04-05 03:20:42 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacerprf.dll
+ 2008-04-05 03:21:19 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\traffic.dll
+ 2008-04-05 03:21:39 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\wshqos.dll
+ 2008-04-12 03:32:11 784,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\rpcrt4.dll
+ 2008-04-12 03:16:32 784,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22156_none_b4542e025e5512e8\rpcrt4.dll
+ 2008-05-08 21:59:35 90,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.0.6001.18068_none_0a48f9ec246cf834\wshext.dll
+ 2008-05-08 05:22:33 90,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.0.6001.22175_none_0ac4c5ed3d9567ea\wshext.dll
+ 2008-05-08 21:59:28 512,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18068_none_82a70b5ef74dc96b\jscript.dll
+ 2008-05-08 05:18:59 512,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22175_none_8322d76010763921\jscript.dll
+ 2008-05-08 21:59:33 430,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18068_none_482126172e1075a7\vbscript.dll
+ 2008-05-08 05:22:13 430,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.22175_none_489cf2184738e55d\vbscript.dll
+ 2008-05-08 21:58:40 135,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\cscript.exe
+ 2008-05-08 21:59:32 180,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\scrobj.dll
+ 2008-05-08 21:59:32 172,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\scrrun.dll
+ 2008-05-08 21:59:26 155,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\wscript.exe
+ 2008-05-08 03:12:11 135,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\cscript.exe
+ 2008-05-08 05:17:02 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\dispex.dll
+ 2008-05-08 05:21:52 180,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\scrobj.dll
+ 2008-05-08 05:21:52 172,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\scrrun.dll
+ 2008-05-08 03:12:11 155,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\wscript.exe
+ 2008-05-08 05:22:33 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\wshcon.dll
+ 2008-05-08 19:21:56 211,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18068_none_886bae514b981fe3\mrxsmb10.sys
+ 2008-05-08 02:47:34 211,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22175_none_88e77a5264c08f99\mrxsmb10.sys
+ 2008-04-26 08:26:49 891,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
+ 2008-04-26 08:08:16 891,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
2008-10-01 12:20 8704 --a------ C:\Program Files\Applications\iebt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smart Start UP"="C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe" [2007-04-27 104528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-20 155648]
"ANTIVIRUS"="C:\Program Files\MSX\MSx.exe" [2008-09-27 412160]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"smile"="C:\Program Files\Applications\wcs.exe" [2008-09-29 17408]
"start"="C:\Program Files\Applications\iebtm.exe" [2008-09-29 35328]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6EAD248-3380-420E-8AC7-31548A61C8DA}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{615648ED-EC8F-43D5-828E-0A5BBF002C89}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{7711E26C-F1DE-41B4-9A30-03C924CA8756}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E46437B2-C857-442C-91DD-1153891A8B92}"= Disabled:UDP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB06APR1\incredimail_install[1].exe:IncrediMail Installer
"{C3A628EA-49F2-48FC-BAE2-13576549745F}"= Disabled:TCP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB06APR1\incredimail_install[1].exe:IncrediMail Installer
"{750D6C56-46B8-4B11-9991-029876DD729F}"= Disabled:UDP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTYLDXR6\incredimail_install[1].exe:IncrediMail Installer
"{895207B6-C219-4310-8076-31C783A48CE5}"= Disabled:TCP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTYLDXR6\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{48B10ADB-6D01-4393-B64D-7582441505E6}C:\\users\\veronique\\demos\\emule\\emule.exe"= UDP:C:\users\veronique\demos\emule\emule.exe:emule.exe
"UDP Query User{A018738A-86F3-435F-9E6A-D6BD9FC98978}C:\\users\\veronique\\demos\\emule\\emule.exe"= TCP:C:\users\veronique\demos\emule\emule.exe:emule.exe
"{E97B1D51-AC5A-4D6C-8D0F-B8DCA0AFADF4}"= UDP:C:\Program Files\World of Warcraft\WoW-2.4.0-frFR-downloader.exe:Blizzard Downloader
"{A46FF35F-2DFF-4F6E-B199-D159CA66CAEE}"= TCP:C:\Program Files\World of Warcraft\WoW-2.4.0-frFR-downloader.exe:Blizzard Downloader
"{764E4144-8916-4654-BC1D-41CF6B18E29D}"= UDP:3724:Blizzard Downloader: 3724
"{9852708D-B6A6-40BD-A7FB-5734BEB4454B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B805D849-F1B2-4486-86A3-EBD9F8BD2EDB}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D010223E-BAA1-4E5C-91A1-ABC8F61E08F3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
O9 -: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php
O9 -: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php -
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 12:31:59
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-01 12:34:00
ComboFix-quarantined-files.txt 2008-10-01 10:33:55
ComboFix2.txt 2008-09-30 15:28:45

Avant-CF: 76ÿ905ÿ984ÿ000 octets libres
Après-CF: 76,914,200,576 octets libres

297 --- E O F --- 2008-10-01 06:16:58

Voila.

| Alerter

Répondre à skimgrat

Angeldark

1 Octobre 2008 11:02:53

Citation :

Je vais refaire un rapport mais seulement il m'a supprimé mes périphérique audio donc je n'ais plus de son comment faire?

Comment ça ?

| Alerter

Répondre à Angeldark

skimgrat

1 Octobre 2008 11:10:59

Je n'ais plus de périphérique audio donc plus de son mais je pense que c'est le spyware qui me la supprimé.

| Alerter

Répondre à skimgrat

Angeldark

1 Octobre 2008 11:21:43

Je ne pense pas

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

| Alerter

Répondre à Angeldark

Tom's guide dans le monde