Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Resolu] [infection] Aide pour lire mon rapport Hijackthis et assainir

dimdim

Par dimdim
dans Analyses et éradication malwares

 Partager

Messages recommandés

dimdim Junior Member

dimdim

Posté(e)
  • Auteur
Posté(e)

Je suis sur un autre pc. je sais pas si c'est normal mais apres avoir fait tout ce que tu m'as dit, mon pc s'est redémarrer tout seul. Puis bien sur tous les programmes de demarrages se sont lancés tandis qu'un message de combofix disait de ne lancer aucun programme ..

 

je patiente jusqu'a la fin et je renvoi le rapport.

 

Rapport combofix

ComboFix 08-09-03.06 - dimitri 2008-09-05 18:30:12.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2220 [GMT 2:00]

Endroit: C:\Users\dimitri\Desktop\ComboFix.exe

Command switches used :: C:\Users\dimitri\Desktop\CFScript.txt

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\DAEMON Tools Toolbar

C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

C:\ProgramData\enmxwbyr

C:\ProgramData\enmxwbyr\mpqtuxwj.exe

C:\Windows\System32\dgxwrery.exe

C:\Windows\System32\furulenu.exe

C:\Windows\System32\ytabytux.exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier cr‚‚ dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-05 16:37 --------- d-----w C:\Users\dimitri\AppData\Roaming\uTorrent

2008-09-05 15:49 --------- d-----w C:\Program Files\Apple Software Update

2008-09-05 11:44 --------- d-----w C:\ProgramData\WebCfgProc

2008-09-04 23:48 --------- d-----w C:\ProgramData\Avira

2008-09-04 23:48 --------- d-----w C:\Program Files\Avira

2008-09-04 23:43 --------- d-----w C:\ProgramData\McAfee

2008-09-04 21:58 --------- d-----w C:\Program Files\iTunes

2008-09-04 21:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-04 21:43 --------- d-----w C:\Program Files\SpeedFan

2008-09-04 20:50 --------- d-----w C:\Program Files\iPod

2008-09-04 20:49 --------- d-----w C:\Program Files\Bonjour

2008-09-04 19:45 691 ----a-w C:\Users\dimitri\AppData\Roaming\GetValue.vbs

2008-09-04 19:45 35 ----a-w C:\Users\dimitri\AppData\Roaming\SetValue.bat

2008-09-04 19:45 3,386 ----a-w C:\Windows\System32\tmp.reg

2008-09-04 18:27 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-04 18:27 --------- d-----w C:\Program Files\Microsoft Works

2008-09-04 18:25 --------- d-----w C:\Program Files\MSBuild

2008-09-04 17:53 454 ----a-w C:\Users\dimitri\AppData\Roaming\wklnhst.dat

2008-09-04 16:53 --------- d-----w C:\ProgramData\Lavasoft

2008-09-04 16:50 --------- d-----w C:\Program Files\Lavasoft

2008-09-04 16:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-09-04 16:39 --------- d-----w C:\Program Files\Common Files\Logitech

2008-09-04 13:58 --------- d-----w C:\Program Files\Trend Micro

2008-09-04 13:48 --------- d-----w C:\Program Files\CCleaner

2008-09-04 11:09 --------- d-----w C:\Users\dimitri\AppData\Roaming\Malwarebytes

2008-09-04 11:09 --------- d-----w C:\ProgramData\Malwarebytes

2008-09-04 11:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-09-04 04:44 --------- d-----w C:\Program Files\Panda Security

2008-09-04 04:26 --------- d-----w C:\ProgramData\sysdb

2008-09-04 03:17 --------- d-----w C:\ProgramData\eMule

2008-09-04 00:18 --------- d-----w C:\Program Files\Bit Che

2008-09-03 23:42 --------- d-----w C:\Users\dimitri\AppData\Roaming\Convivea

2008-09-03 22:33 13,119 ----a-w C:\Users\dimitri\AppData\Roaming\nvModes.dat

2008-09-03 11:44 --------- d-----w C:\Program Files\EA GAMES

2008-09-03 10:59 --------- d-----w C:\Program Files\Rockstar Games

2008-09-02 21:58 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe

2008-09-02 14:51 86,528 ----a-w C:\Windows\System32\VACFix.exe

2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys

2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-09-01 19:11 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-09-01 19:01 --------- d-----w C:\Program Files\Logitech

2008-09-01 18:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-01 16:54 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-09-01 16:54 --------- d-----w C:\Users\dimitri\AppData\Roaming\DAEMON Tools

2008-09-01 16:43 --------- d-----w C:\Program Files\Smart Projects

2008-08-31 17:43 --------- d-----w C:\Users\dimitri\AppData\Roaming\Apple Computer

2008-08-31 17:43 --------- d-----w C:\ProgramData\Apple Computer

2008-08-31 17:42 --------- d-----w C:\Program Files\QuickTime

2008-08-31 17:39 --------- d-----w C:\ProgramData\Apple

2008-08-31 17:39 --------- d-----w C:\Program Files\Common Files\Apple

2008-08-31 16:39 --------- d-----w C:\Program Files\Google

2008-08-31 15:33 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-31 13:53 --------- d-----w C:\Users\dimitri\AppData\Roaming\Ahead

2008-08-30 23:00 --------- d-----w C:\Program Files\Dell

2008-08-30 16:33 --------- d-----w C:\Program Files\IrfanView

2008-08-29 19:12 --------- d-----w C:\Program Files\RocketDock

2008-08-28 20:53 --------- d-----w C:\Program Files\Alwil Software

2008-08-28 20:36 82,432 ----a-w C:\Windows\System32\IEDFix.C.exe

2008-08-28 20:14 --------- d-----w C:\Users\dimitri\AppData\Roaming\PeerNetworking

2008-08-27 12:51 --------- d-----w C:\ProgramData\Ahead

2008-08-27 12:50 --------- d-----w C:\Program Files\Common Files\Ahead

2008-08-27 12:47 --------- d-----w C:\ProgramData\Nero

2008-08-27 12:47 --------- d-----w C:\Program Files\Nero

2008-08-27 03:42 --------- d-----w C:\Program Files\Common Files\Nero

2008-08-27 01:47 --------- d-----w C:\Users\dimitri\AppData\Roaming\Nero

2008-08-26 23:33 --------- d-----w C:\Users\dimitri\AppData\Roaming\Roxio

2008-08-26 20:05 --------- d-----w C:\Program Files\Winamp

2008-08-26 00:37 --------- d-----w C:\ProgramData\Dell

2008-08-25 21:39 --------- d-----w C:\Users\dimitri\AppData\Roaming\Template

2008-08-25 20:20 --------- d-----w C:\Program Files\XP Codec Pack

2008-08-25 18:45 --------- d-----w C:\Program Files\uTorrent

2008-08-25 18:01 --------- d-----w C:\ProgramData\Messenger Plus!

2008-08-25 15:51 174 --sha-w C:\Program Files\desktop.ini

2008-08-25 13:54 --------- d-----w C:\Program Files\Windows Mail

2008-08-25 11:09 --------- d-----w C:\Users\dimitri\AppData\Roaming\Logitech

2008-08-25 11:05 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-08-25 11:02 --------- d-----w C:\ProgramData\Logitech

2008-08-25 11:01 --------- d-----w C:\Users\dimitri\AppData\Roaming\InstallShield

2008-08-25 11:01 --------- d-----w C:\ProgramData\LogiShrd

2008-08-25 10:56 --------- d-----w C:\Users\dimitri\AppData\Roaming\vlc

2008-08-25 10:53 --------- d-----w C:\Program Files\VideoLAN

2008-08-25 10:44 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-25 10:32 --------- d-----w C:\Program Files\Windows Live

2008-08-25 10:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-25 10:18 --------- d-----w C:\ProgramData\WLInstaller

2008-08-25 09:46 --------- d-----w C:\Program Files\MSXML 4.0

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Modèles

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Menu Démarrer

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Favoris

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Documents

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Bureau

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Application Data

2008-08-25 08:57 --------- d-sh--w C:\Program Files\Fichiers communs

2008-08-20 23:14 --------- d-----w C:\Program Files\Synaptics

2008-08-20 23:10 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-08-20 23:09 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll

2008-08-20 23:09 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys

2008-08-20 23:09 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe

2008-08-20 23:09 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-08-20 23:07 5,120 ----a-w C:\Windows\System32\wmi.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-05_ 0.25.35.94 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-05 15:49:59 27,136 ----a-r C:\Windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe

- 2008-08-31 15:50:24 174,152 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2008-09-05 16:33:15 406,248 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2008-09-04 19:57:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-05 16:35:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-05 16:35:28 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-09-04 22:24:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-05 16:35:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-05 16:35:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-04 21:45:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-05 16:35:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-04 21:45:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-05 16:35:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-04 21:45:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-05 16:35:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-06-27 13:03:55 75,072 ----a-w C:\Windows\System32\drivers\avipbb.sys

+ 2007-03-01 08:34:22 28,352 ----a-w C:\Windows\System32\drivers\ssmdrv.sys

- 2008-09-04 20:01:53 103,924 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-09-04 23:49:00 103,924 ----a-w C:\Windows\System32\perfc009.dat

- 2008-09-04 20:01:54 117,572 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-09-04 23:49:01 117,572 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-09-04 20:01:54 610,142 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-09-04 23:49:01 610,142 ----a-w C:\Windows\System32\perfh009.dat

- 2008-09-04 20:01:54 690,832 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-09-04 23:49:01 690,832 ----a-w C:\Windows\System32\perfh00C.dat

- 2008-09-04 19:57:24 5,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1725229292-2677776937-4082657244-1000_UserData.bin

+ 2008-09-04 23:44:53 5,422 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1725229292-2677776937-4082657244-1000_UserData.bin

- 2008-09-04 19:57:24 56,732 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-04 23:44:53 57,434 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-04 19:57:14 40,242 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-04 23:44:45 40,674 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-08-25 267056]

"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"WebCfgProc"="C:\ProgramData\WebCfgProc\uzwxkvmt.exe" [2008-09-05 102400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-08-20 77824]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2007-04-27 1123872]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\Windows\KHALMNPR.Exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-08-20 50688]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-08-20 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-20 17:55 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

--a------ 2008-07-29 15:41 1213680 C:\Program Files\CCleaner\CCleaner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

--a------ 2008-03-11 13:44 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

--a------ 2008-02-29 06:18 17920 C:\DELL\E-Center\EULALauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2006-11-02 14:35 125440 C:\Windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-08-20 17:49 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2008-05-28 08:27 570664 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

--------- 2007-05-02 19:16 184320 C:\Program Files\Dell\MediaDirect\PCMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

--a------ 2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

--a------ 2007-02-08 07:11 303104 C:\Windows\sttray.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C1099313-61DF-400E-A544-AD3C1E0123A0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{0829BAFB-7B45-4997-ABB4-C8279E19A5FF}"= UDP:4000:emule

"{9A4B8732-D5D0-47AD-8542-3F2A4ABDCACB}"= TCP:4001:emule

"{0470757B-6527-4ACC-8F3D-4B2CCD46F3E8}"= UDP:C:\Program Files\eMule\emule.exe:eMule

"{1F8A1BB4-E033-4355-8A9A-E5DC84524B02}"= TCP:C:\Program Files\eMule\emule.exe:eMule

"{1DCB447B-B2D4-41A7-95C0-0AE1B046A2B4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{1BB9F6A5-FE99-43B6-85AF-1EB1880CCFB1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{C5449F94-CDFF-4A5D-B1B2-94C8DFCA259F}"= UDP:C:\Program Files\eMule\emule.exe:eMule

"{7018AD7B-DFD3-43A2-9BCB-35B962FEF116}"= TCP:C:\Program Files\eMule\emule.exe:eMule

"{26C254AD-0C75-40BB-9A70-655956733422}"= UDP:4000:emule

"{5EC56CBF-CE0B-4B7F-8768-B627EC78F66F}"= TCP:4001:emule

"{A1A63F4B-3D38-4EA5-B4AA-0846C4C2CB93}"= UDP:C:\Program Files\XP Codec Pack\filters\ac3config.exe:AC3 Filter

"{C92BCFD1-0A89-4341-B1A1-81A2E09A4FD9}"= TCP:C:\Program Files\XP Codec Pack\filters\ac3config.exe:AC3 Filter

"TCP Query User{593E2D26-E13E-4660-A447-5498925D697F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{BC4AA93B-36CD-4138-9985-4E944BF9B8DD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

"{DEE2E7B3-7820-4EFB-9387-C50B29429128}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{079F5735-46EA-4B45-B1BA-EA551C97A09B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{E10762FB-B5B5-4707-AA7B-5D048A82FF20}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{336F82E9-C741-44F1-94B1-D77150DF440A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 0 (0x0)

 

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]

S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]

 

*Newly Created Service* - SSMDRV

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-ActMonUi - C:\Windows\system32\dgxwrery.exe

 

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-05 18:35:34

Windows 6.0.6000 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

 

C:\Users\dimitri\AppData\Local\Temp\siB4AE.tmp

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 1

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Program Files\RocketDock\RocketDock.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\IoctlSvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Windows\System32\conime.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Windows\System32\wbem\WMIADAP.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-09-05 18:41:12 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-05 16:41:05

ComboFix2.txt 2008-09-04 22:26:47

 

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Post-Run: 64,455,229,440 octets libres

 

298 --- E O F --- 2008-08-26 10:39:31

 

 

Rapportt hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:59:04, on 04/09/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\ProgramData\enmxwbyr\mpqtuxwj.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe

C:\Windows\System32\dgxwrery.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\dimitri\AppData\Local\Temp\c.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=5080820

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ActMonUi] C:\Windows\system32\dgxwrery.exe

O4 - HKCU\..\Run: [somefox] C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe

O4 - HKLM\..\Policies\Explorer\Run: [VBmup9jKUZ] C:\ProgramData\enmxwbyr\mpqtuxwj.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: McAfee Application Installer Cleanup (0000501220529474) (0000501220529474mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\000050~1.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Gestion de l'alimentation de l'adaptateur réseau interne Dell (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9982 bytes

 

 

 

 

 

Ps : j'ai noté quer le nom MCAFEE apparait encore. ccela voudrait il dire que je ne l'ai pas bien désinstaller?

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il en reste autant là. C'est le bazar, et ce n'est pas normal.

 

Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

  • Désactive ton antivirus, il peut gêner.
  • Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :

Killall::

 

File::

C:\ProgramData\enmxwbyr\mpqtuxwj.exe

C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe

C:\Windows\System32\dgxwrery.exe

C:\Users\dimitri\AppData\Local\Temp\c.exe

C:\ProgramData\WebCfgProc\uzwxkvmt.exe

 

Folder::

C:\ProgramData\WebCfgProc

C:\ProgramData\enmxwbyr

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WebCfgProc"=-

"ActMonUi"=-

"Somefox"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"VBmup9jKUZ"=-

  • Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
     
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

CFscript.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là, et réactive ton antivirus.

dimdim Junior Member

dimdim

Posté(e)
  • Auteur
Posté(e)

si je refais la manip, ça va encore redemarrer mon pc et du coup ouvrir les programmes alors quil faut pas pdt le scan. je le fais quand meme?

je vais le refaire mais peux tu me dire par quoi je suis infecté?

merci de répondre

dimdim Junior Member

dimdim

Posté(e)
  • Auteur
Posté(e)

Combofix

 

ComboFix 08-09-04.09 - dimitri 2008-09-05 23:35:32.3 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2506 [GMT 2:00]

Endroit: C:\Users\dimitri\Desktop\ComboFix.exe

Command switches used :: C:\Users\dimitri\Desktop\CFScript.txt

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ProgramData\WebCfgProc

C:\ProgramData\WebCfgProc\uzwxkvmt.exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier cr‚‚ dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-05 21:41 --------- d-----w C:\Users\dimitri\AppData\Roaming\uTorrent

2008-09-05 15:49 --------- d-----w C:\Program Files\Apple Software Update

2008-09-04 23:48 --------- d-----w C:\ProgramData\Avira

2008-09-04 23:48 --------- d-----w C:\Program Files\Avira

2008-09-04 23:43 --------- d-----w C:\ProgramData\McAfee

2008-09-04 21:58 --------- d-----w C:\Program Files\iTunes

2008-09-04 21:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-04 21:43 --------- d-----w C:\Program Files\SpeedFan

2008-09-04 20:50 --------- d-----w C:\Program Files\iPod

2008-09-04 20:49 --------- d-----w C:\Program Files\Bonjour

2008-09-04 19:45 691 ----a-w C:\Users\dimitri\AppData\Roaming\GetValue.vbs

2008-09-04 19:45 35 ----a-w C:\Users\dimitri\AppData\Roaming\SetValue.bat

2008-09-04 19:45 3,386 ----a-w C:\Windows\System32\tmp.reg

2008-09-04 18:27 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-04 18:27 --------- d-----w C:\Program Files\Microsoft Works

2008-09-04 18:25 --------- d-----w C:\Program Files\MSBuild

2008-09-04 17:53 454 ----a-w C:\Users\dimitri\AppData\Roaming\wklnhst.dat

2008-09-04 16:53 --------- d-----w C:\ProgramData\Lavasoft

2008-09-04 16:50 --------- d-----w C:\Program Files\Lavasoft

2008-09-04 16:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-09-04 16:39 --------- d-----w C:\Program Files\Common Files\Logitech

2008-09-04 13:58 --------- d-----w C:\Program Files\Trend Micro

2008-09-04 13:48 --------- d-----w C:\Program Files\CCleaner

2008-09-04 11:09 --------- d-----w C:\Users\dimitri\AppData\Roaming\Malwarebytes

2008-09-04 11:09 --------- d-----w C:\ProgramData\Malwarebytes

2008-09-04 11:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-09-04 04:44 --------- d-----w C:\Program Files\Panda Security

2008-09-04 04:26 --------- d-----w C:\ProgramData\sysdb

2008-09-04 03:17 --------- d-----w C:\ProgramData\eMule

2008-09-04 00:18 --------- d-----w C:\Program Files\Bit Che

2008-09-03 23:42 --------- d-----w C:\Users\dimitri\AppData\Roaming\Convivea

2008-09-03 22:33 13,119 ----a-w C:\Users\dimitri\AppData\Roaming\nvModes.dat

2008-09-03 11:44 --------- d-----w C:\Program Files\EA GAMES

2008-09-03 10:59 --------- d-----w C:\Program Files\Rockstar Games

2008-09-02 21:58 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe

2008-09-02 14:51 86,528 ----a-w C:\Windows\System32\VACFix.exe

2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys

2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-09-01 19:11 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-09-01 19:01 --------- d-----w C:\Program Files\Logitech

2008-09-01 18:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-01 16:54 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-09-01 16:54 --------- d-----w C:\Users\dimitri\AppData\Roaming\DAEMON Tools

2008-09-01 16:43 --------- d-----w C:\Program Files\Smart Projects

2008-08-31 17:43 --------- d-----w C:\Users\dimitri\AppData\Roaming\Apple Computer

2008-08-31 17:43 --------- d-----w C:\ProgramData\Apple Computer

2008-08-31 17:42 --------- d-----w C:\Program Files\QuickTime

2008-08-31 17:39 --------- d-----w C:\ProgramData\Apple

2008-08-31 17:39 --------- d-----w C:\Program Files\Common Files\Apple

2008-08-31 16:39 --------- d-----w C:\Program Files\Google

2008-08-31 15:33 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-31 13:53 --------- d-----w C:\Users\dimitri\AppData\Roaming\Ahead

2008-08-30 23:00 --------- d-----w C:\Program Files\Dell

2008-08-30 16:33 --------- d-----w C:\Program Files\IrfanView

2008-08-29 19:12 --------- d-----w C:\Program Files\RocketDock

2008-08-28 20:53 --------- d-----w C:\Program Files\Alwil Software

2008-08-28 20:36 82,432 ----a-w C:\Windows\System32\IEDFix.C.exe

2008-08-28 20:14 --------- d-----w C:\Users\dimitri\AppData\Roaming\PeerNetworking

2008-08-27 12:51 --------- d-----w C:\ProgramData\Ahead

2008-08-27 12:50 --------- d-----w C:\Program Files\Common Files\Ahead

2008-08-27 12:47 --------- d-----w C:\ProgramData\Nero

2008-08-27 12:47 --------- d-----w C:\Program Files\Nero

2008-08-27 03:42 --------- d-----w C:\Program Files\Common Files\Nero

2008-08-27 01:47 --------- d-----w C:\Users\dimitri\AppData\Roaming\Nero

2008-08-26 23:33 --------- d-----w C:\Users\dimitri\AppData\Roaming\Roxio

2008-08-26 20:05 --------- d-----w C:\Program Files\Winamp

2008-08-26 00:37 --------- d-----w C:\ProgramData\Dell

2008-08-25 21:39 --------- d-----w C:\Users\dimitri\AppData\Roaming\Template

2008-08-25 20:20 --------- d-----w C:\Program Files\XP Codec Pack

2008-08-25 18:45 --------- d-----w C:\Program Files\uTorrent

2008-08-25 18:01 --------- d-----w C:\ProgramData\Messenger Plus!

2008-08-25 15:51 174 --sha-w C:\Program Files\desktop.ini

2008-08-25 13:54 --------- d-----w C:\Program Files\Windows Mail

2008-08-25 11:09 --------- d-----w C:\Users\dimitri\AppData\Roaming\Logitech

2008-08-25 11:05 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-08-25 11:02 --------- d-----w C:\ProgramData\Logitech

2008-08-25 11:01 --------- d-----w C:\Users\dimitri\AppData\Roaming\InstallShield

2008-08-25 11:01 --------- d-----w C:\ProgramData\LogiShrd

2008-08-25 10:56 --------- d-----w C:\Users\dimitri\AppData\Roaming\vlc

2008-08-25 10:53 --------- d-----w C:\Program Files\VideoLAN

2008-08-25 10:44 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-25 10:32 --------- d-----w C:\Program Files\Windows Live

2008-08-25 10:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-25 10:18 --------- d-----w C:\ProgramData\WLInstaller

2008-08-25 09:46 --------- d-----w C:\Program Files\MSXML 4.0

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Modèles

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Menu Démarrer

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Favoris

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Documents

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Bureau

2008-08-25 08:57 --------- d-sh--w C:\ProgramData\Application Data

2008-08-25 08:57 --------- d-sh--w C:\Program Files\Fichiers communs

2008-08-20 23:14 --------- d-----w C:\Program Files\Synaptics

2008-08-20 23:10 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-08-20 23:09 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll

2008-08-20 23:09 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys

2008-08-20 23:09 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe

2008-08-20 23:09 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-08-20 23:07 5,120 ----a-w C:\Windows\System32\wmi.dll

2008-08-20 23:07 152,576 ----a-w C:\Windows\System32\imagehlp.dll

.

 

((((((((((((((((((((((((((((( snapshot_2008-09-05_18.40.17.35 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-05 16:33:15 406,248 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2008-09-05 21:37:55 406,248 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2008-09-05 16:35:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-05 21:40:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-09-05 16:35:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-05 21:40:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-05 21:40:03 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-05 16:35:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-05 21:39:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-05 16:35:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-05 21:39:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-05 16:35:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-05 21:39:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-04 22:21:46 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-05 21:35:25 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-09-04 23:49:00 103,924 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-09-05 19:57:40 103,924 ----a-w C:\Windows\System32\perfc009.dat

- 2008-09-04 23:49:01 117,572 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-09-05 19:57:40 117,572 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-09-04 23:49:01 610,142 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-09-05 19:57:40 610,142 ----a-w C:\Windows\System32\perfh009.dat

- 2008-09-04 23:49:01 690,832 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-09-05 19:57:40 690,832 ----a-w C:\Windows\System32\perfh00C.dat

- 2008-09-04 23:44:53 5,422 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1725229292-2677776937-4082657244-1000_UserData.bin

+ 2008-09-05 19:53:15 5,494 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1725229292-2677776937-4082657244-1000_UserData.bin

- 2008-09-04 23:44:53 57,434 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-05 19:53:14 58,628 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-04 23:44:45 40,674 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-05 19:53:05 42,682 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-08-25 267056]

"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-08-20 77824]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2007-04-27 1123872]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\Windows\KHALMNPR.Exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-08-20 50688]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-08-20 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-20 17:55 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

--a------ 2008-07-29 15:41 1213680 C:\Program Files\CCleaner\CCleaner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

--a------ 2008-03-11 13:44 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

--a------ 2008-02-29 06:18 17920 C:\DELL\E-Center\EULALauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2006-11-02 14:35 125440 C:\Windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-08-20 17:49 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2008-05-28 08:27 570664 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

--------- 2007-05-02 19:16 184320 C:\Program Files\Dell\MediaDirect\PCMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

--a------ 2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

--a------ 2007-02-08 07:11 303104 C:\Windows\sttray.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C1099313-61DF-400E-A544-AD3C1E0123A0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{0829BAFB-7B45-4997-ABB4-C8279E19A5FF}"= UDP:4000:emule

"{9A4B8732-D5D0-47AD-8542-3F2A4ABDCACB}"= TCP:4001:emule

"{0470757B-6527-4ACC-8F3D-4B2CCD46F3E8}"= UDP:C:\Program Files\eMule\emule.exe:eMule

"{1F8A1BB4-E033-4355-8A9A-E5DC84524B02}"= TCP:C:\Program Files\eMule\emule.exe:eMule

"{1DCB447B-B2D4-41A7-95C0-0AE1B046A2B4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{1BB9F6A5-FE99-43B6-85AF-1EB1880CCFB1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{C5449F94-CDFF-4A5D-B1B2-94C8DFCA259F}"= UDP:C:\Program Files\eMule\emule.exe:eMule

"{7018AD7B-DFD3-43A2-9BCB-35B962FEF116}"= TCP:C:\Program Files\eMule\emule.exe:eMule

"{26C254AD-0C75-40BB-9A70-655956733422}"= UDP:4000:emule

"{5EC56CBF-CE0B-4B7F-8768-B627EC78F66F}"= TCP:4001:emule

"{A1A63F4B-3D38-4EA5-B4AA-0846C4C2CB93}"= UDP:C:\Program Files\XP Codec Pack\filters\ac3config.exe:AC3 Filter

"{C92BCFD1-0A89-4341-B1A1-81A2E09A4FD9}"= TCP:C:\Program Files\XP Codec Pack\filters\ac3config.exe:AC3 Filter

"TCP Query User{593E2D26-E13E-4660-A447-5498925D697F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{BC4AA93B-36CD-4138-9985-4E944BF9B8DD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

"{DEE2E7B3-7820-4EFB-9387-C50B29429128}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{079F5735-46EA-4B45-B1BA-EA551C97A09B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{E10762FB-B5B5-4707-AA7B-5D048A82FF20}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{336F82E9-C741-44F1-94B1-D77150DF440A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 0 (0x0)

 

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]

S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-05 23:40:26

Windows 6.0.6000 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\IoctlSvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Windows\System32\conime.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\wbem\WMIADAP.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-09-05 23:45:03 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-05 21:44:56

ComboFix2.txt 2008-09-05 16:41:13

ComboFix3.txt 2008-09-04 22:26:47

 

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Post-Run: 63,054,819,328 octets libres

 

280 --- E O F --- 2008-08-26 10:39:31

 

 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:59:04, on 04/09/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\ProgramData\enmxwbyr\mpqtuxwj.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe

C:\Windows\System32\dgxwrery.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\dimitri\AppData\Local\Temp\c.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=5080820

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ActMonUi] C:\Windows\system32\dgxwrery.exe

O4 - HKCU\..\Run: [somefox] C:\Users\dimitri\AppData\Local\Temp\6.tmp.exe

O4 - HKLM\..\Policies\Explorer\Run: [VBmup9jKUZ] C:\ProgramData\enmxwbyr\mpqtuxwj.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: McAfee Application Installer Cleanup (0000501220529474) (0000501220529474mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\000050~1.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Gestion de l'alimentation de l'adaptateur réseau interne Dell (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9982 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bon, on va faire autrement, il y a un os.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Je préfèrerais - n'étant pas là sur les manips d'avant - une "recherche rapide" (pas la peine de faire complète, inutile ici), après mise à jour de MBAM.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...