Malware Defense me souhaite un joyeu noel...

[Falkra]

Il y a plusieurs familles d'infections.

 

Tes clés USB et autres périphériques amovibles (disques durs externes, etc) peuvent être infectés. Branche-les et laisse-les branchés avant de passer à la 2eme étape de combofix.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

• Télécharge le fichier CFscript.txt depuis ce site :
  http://senduit.com/d31f63
   
  
• Place-le sur le bureau, près de l'icône de combofix.
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[missplouf]

Conbofix me fait peur là...au secours...je suis chez ma soeur là, il a bloqué toutes les clé de registre, je peux plus accéder à internet ni rien du tout, ca donne à chaque ouverture un truc du genre "imposssible d'accéder, clé de registre marquée pour suppression"

 

help j'ai envie de dire, parce que je peux pas accéder à regedit ou quoi que ce soit pour changer la donne

 

 

Bon, tout de même le rapport donne ça:

 

ComboFix 09-12-26.05 - Camille 27/12/2009 17:04:57.2.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2047.1143 [GMT 1:00]

Lancé depuis: c:\users\Camille\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Camille\Desktop\CFscript.txt

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-27 au 2009-12-27 ))))))))))))))))))))))))))))))))))))

.

 

2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Audrey\AppData\Local\temp

2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Administrateur\AppData\Local\temp

2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Administrateur.PC-de-Camille\AppData\Local\temp

2009-12-27 15:38 . 2009-12-27 16:26 -------- d-----w- c:\users\Camille\AppData\Local\temp

2009-12-27 13:53 . 2009-12-27 13:53 4844295 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-27 02:22 . 2009-12-27 02:22 -------- d-----w- c:\program files\trend micro

2009-12-27 02:22 . 2009-12-27 02:22 -------- d-----w- C:\rsit

2009-12-26 10:38 . 2009-12-26 10:38 -------- d-----w- c:\program files\Micro Application

2009-12-20 17:03 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\CCERASER.DLL

2009-12-20 17:03 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVEX32A.DLL

2009-12-20 17:03 . 2009-08-27 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVEX15.SYS

2009-12-20 17:03 . 2009-08-27 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVENG.SYS

2009-12-20 17:03 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVENG32.DLL

2009-12-20 17:03 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\ERASER.SYS

2009-12-20 17:03 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\ECMSVR32.DLL

2009-12-20 17:03 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\EECTRL.SYS

2009-12-20 16:22 . 2009-12-20 16:44 -------- d-----w- c:\users\Camille\AppData\Roaming\MP-Manager

2009-12-20 16:22 . 2009-12-20 16:22 37345 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{2FD8A3D1-F72F-4EE9-9C67-C127E5AA38CD}\controlPanelIcon.exe

2009-12-20 16:22 . 2009-12-20 16:22 10134 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{2FD8A3D1-F72F-4EE9-9C67-C127E5AA38CD}\SystemFolder_msiexec.exe

2009-12-20 16:21 . 2009-12-20 16:21 -------- d-----w- c:\users\Camille\AppData\Roaming\MPMAN

2009-12-18 08:01 . 2009-12-18 08:01 17614320 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe

2009-12-18 08:01 . 2009-12-18 08:01 8405312 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe

2009-12-18 08:00 . 2009-12-18 08:00 149000 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe

2009-12-18 08:00 . 2009-12-18 08:00 10309448 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe

2009-12-18 08:00 . 2009-12-18 08:00 79368 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe

2009-12-18 07:59 . 2009-12-18 07:59 52288 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll

2009-12-18 07:59 . 2009-12-18 07:59 64000 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll

2009-12-18 07:59 . 2009-12-18 07:59 50688 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll

2009-12-18 07:59 . 2009-12-18 07:59 118784 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll

2009-12-17 17:06 . 2009-12-26 17:06 439816 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\setup.exe

2009-12-16 19:09 . 2009-12-16 19:09 -------- d-----w- c:\users\Camille\AppData\Roaming\Icones

2009-12-14 09:00 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\CCERASER.DLL

2009-12-12 11:18 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-12-12 11:18 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-12-12 11:18 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-12-10 10:54 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll

2009-12-10 10:54 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll

2009-12-10 10:53 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-12-10 10:53 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll

2009-11-28 21:45 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-11-28 21:45 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-11-28 21:43 . 2009-11-28 21:43 -------- d-----w- c:\program files\iPod

2009-11-28 21:43 . 2009-11-28 21:45 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-11-28 21:43 . 2009-11-28 21:45 -------- d-----w- c:\program files\iTunes

2009-11-28 21:39 . 2009-11-28 21:40 -------- d-----w- c:\program files\QuickTime

2009-11-28 21:32 . 2009-11-28 21:32 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-28 21:11 . 2009-11-28 21:11 -------- d-----w- c:\program files\Ashampoo

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-27 16:26 . 2008-04-26 10:52 -------- d-----w- c:\users\Camille\AppData\Roaming\IDM

2009-12-27 16:26 . 2008-04-26 10:52 -------- d-----w- c:\users\Camille\AppData\Roaming\DMCache

2009-12-27 16:02 . 2008-01-11 15:32 -------- d-----w- c:\program files\Unlocker

2009-12-27 16:02 . 2007-09-03 21:33 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-27 16:02 . 2008-04-26 10:52 -------- d-----w- c:\program files\Internet Download Manager

2009-12-27 16:02 . 2008-04-26 10:11 -------- d-----w- c:\program files\RocketDock

2009-12-27 16:02 . 2008-04-25 20:52 -------- d-----w- c:\program files\PowerISO

2009-12-27 15:14 . 2007-09-03 21:35 -------- d-----w- c:\program files\Eset

2009-12-27 13:53 . 2009-02-09 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-27 01:44 . 2007-09-22 10:18 -------- d-----w- c:\users\Camille\AppData\Roaming\dvdcss

2009-12-26 22:07 . 2008-04-24 14:00 -------- d-----w- c:\users\Camille\AppData\Roaming\CoreFTP

2009-12-26 20:16 . 2009-01-24 19:53 -------- d-----w- c:\programdata\Google Updater

2009-12-25 17:00 . 2009-08-24 19:09 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-25 01:41 . 2006-11-02 15:48 741350 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-25 01:41 . 2006-11-02 15:48 147198 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-24 16:44 . 2007-09-03 22:34 -------- d-----w- c:\users\Camille\AppData\Roaming\Apple Computer

2009-12-23 18:32 . 2007-11-10 13:17 -------- d-----w- c:\program files\VST

2009-12-23 18:24 . 2008-10-06 11:43 -------- d-----w- c:\program files\Steinberg

2009-12-23 17:50 . 2009-07-20 19:00 -------- d-----w- c:\users\Camille\AppData\Roaming\Modartt

2009-12-21 17:03 . 2009-11-23 13:05 -------- d-----w- c:\program files\AV Vcs 5.0 DIAMOND

2009-12-21 10:17 . 2009-11-13 15:23 -------- d-----w- c:\users\Camille\AppData\Roaming\FreeFLVConverter

2009-12-20 12:10 . 2007-09-03 22:45 -------- d-----w- c:\program files\Google

2009-12-15 13:44 . 2009-04-24 12:59 1367 ----a-w- c:\users\Camille\errorlog.tmp

2009-12-11 10:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-12-11 10:05 . 2007-11-24 10:03 -------- d-----w- c:\programdata\Microsoft Help

2009-12-03 15:14 . 2009-02-09 11:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 15:13 . 2009-02-09 11:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-28 21:43 . 2007-10-31 13:07 -------- d-----w- c:\program files\Common Files\Apple

2009-11-28 21:40 . 2007-10-06 15:13 -------- d-----w- c:\program files\Bonjour

2009-11-25 11:32 . 2009-11-25 11:32 -------- d-----w- c:\program files\Windows Portable Devices

2009-11-25 11:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-22 17:26 . 2008-09-25 07:41 -------- d-----w- c:\users\Camille\AppData\Roaming\uTorrent

2009-11-21 17:29 . 2009-01-26 12:30 140264 ----a-w- c:\users\Administrateur.PC-de-Camille\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-17 18:01 . 2009-11-17 18:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-17 18:01 . 2009-11-17 18:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-16 10:05 . 2009-11-16 10:05 120240 ----a-w- c:\users\Camille\AppData\Roaming\IDM\idmmzcc02\components\idmmzcc.dll

2009-11-16 09:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2009-11-15 16:55 . 2009-11-15 16:55 -------- d-----w- c:\program files\Spectrasonics

2009-11-14 11:11 . 2009-08-17 19:32 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-11-13 23:38 . 2009-11-13 23:38 -------- d-----w- c:\program files\VPSS

2009-11-13 22:11 . 2009-11-13 22:11 -------- d-----w- c:\program files\HyCam2

2009-11-13 15:23 . 2009-11-13 15:23 -------- d-----w- c:\program files\Free FLV Converter

2009-11-13 15:04 . 2009-11-13 15:04 198064 ----a-w- c:\users\Camille\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

2009-11-11 13:50 . 2009-11-13 15:23 311296 ----a-w- c:\windows\system32\TubeFinder.exe

2009-11-10 15:00 . 2009-11-10 14:46 -------- d-----w- c:\program files\IDoser v4

2009-11-08 17:38 . 2007-09-03 22:46 -------- d-----w- c:\program files\Messenger Plus! Live

2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_4ae13d6c.exe

2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_2cd672ae.exe

2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_294823.exe

2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_18be6784.exe

2009-11-05 19:07 . 2008-12-28 13:08 -------- d-----w- c:\program files\Common Files\Steinberg

2009-11-05 19:07 . 2008-11-15 09:50 -------- d-----w- c:\program files\East West

2009-11-05 11:22 . 2007-09-24 17:07 -------- d-----w- c:\program files\Windows Live Safety Center

2009-11-02 19:42 . 2009-10-03 10:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-01 17:33 . 2008-08-19 10:28 -------- d-----w- c:\users\Camille\AppData\Roaming\Free Download Manager

2009-10-29 09:17 . 2009-11-26 09:28 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-19 08:50 . 2009-10-19 08:50 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-10-19 08:00 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ECMSVR32.DLL

2009-10-09 17:18 . 2007-09-03 20:30 140264 ----a-w- c:\users\Camille\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-08 21:08 . 2009-11-25 11:24 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-10-08 21:08 . 2009-11-25 11:24 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 21:07 . 2009-11-25 11:24 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-10-06 13:17 . 2009-10-06 13:17 603904 ----a-w- c:\windows\system32\TUProgSt.exe

2009-10-06 13:17 . 2009-10-06 13:17 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-10-01 01:02 . 2009-11-25 11:25 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-10-01 01:02 . 2009-11-25 11:26 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02 . 2009-11-25 11:25 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-10-01 01:02 . 2009-11-25 11:25 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-10-01 01:02 . 2009-11-17 15:16 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01 . 2009-11-25 11:25 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-10-01 01:01 . 2009-11-25 11:25 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-10-01 01:01 . 2009-11-25 11:25 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-10-01 01:01 . 2009-11-25 11:25 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-10-01 01:01 . 2009-11-25 11:25 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-10-01 01:01 . 2009-11-25 11:25 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-10-01 01:01 . 2009-11-25 11:26 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-10-01 01:01 . 2009-11-25 11:25 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys

2009-10-01 01:01 . 2009-11-25 11:25 226816 ----a-w- c:\windows\system32\WpdMtp.dll

2009-10-01 01:01 . 2009-11-25 11:25 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll

2009-10-01 01:01 . 2009-11-25 11:25 33280 ----a-w- c:\windows\system32\WpdConns.dll

2009-09-29 12:45 . 2008-10-21 05:33 1 ----a-w- c:\users\Camille\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2008-08-26 19:27 . 2008-08-26 19:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2007-11-29 12:20 . 2007-11-29 12:20 88 --sha-r- c:\windows\System32\8FDDDADA67.sys

2007-11-29 15:42 . 2007-11-29 11:00 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2009-12-27_15.34.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-06-15 17:28 . 2009-12-27 16:27 81180 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-12-27 16:27 87274 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2007-09-04 10:11 . 2009-12-27 16:27 18200 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-769474302-834296891-2338562099-1000_UserData.bin

- 2007-09-03 20:27 . 2009-12-27 14:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2007-09-03 20:27 . 2009-12-27 15:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2007-09-03 20:27 . 2009-12-27 15:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2007-09-03 20:27 . 2009-12-27 14:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-10-14 10:47 . 2009-12-27 16:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-10-14 10:47 . 2009-12-27 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-10-14 10:47 . 2009-12-27 15:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-10-14 10:47 . 2009-12-27 16:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-10-14 10:47 . 2009-12-27 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-10-14 10:47 . 2009-12-27 16:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-09-20 18:06 . 2009-12-27 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2007-09-20 18:06 . 2009-12-27 14:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2007-09-20 18:06 . 2009-12-27 16:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2007-09-20 18:06 . 2009-12-27 14:45 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2007-09-20 18:06 . 2009-12-27 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2007-09-20 18:06 . 2009-12-27 14:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-27 15:20 . 2009-12-27 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-12-27 16:18 . 2009-12-27 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-12-27 16:18 . 2009-12-27 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-12-27 15:20 . 2009-12-27 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]

 

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]

[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]

[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-13 3171760]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"LMDVox"="c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe" [2007-12-18 456704]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-09-28 20480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-10 185896]

 

c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-9-28 450560]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"=ma_cmidn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Excentrix.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Excentrix.lnk

backup=c:\windows\pss\Excentrix.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]

path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk

backup=c:\windows\pss\OFFICE One Startup v7.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rapidown.lnk]

path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rapidown.lnk

backup=c:\windows\pss\Rapidown.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]

path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk

backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2007-10-30 18:07 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

2007-10-30 18:11 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

2008-05-20 15:27 2474031 ----a-w- c:\program files\Free Download Manager\fdm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

2005-10-31 22:00 307200 ------w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2003-12-22 06:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2003-08-04 15:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuschd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2007-09-28 15:34 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backweb-8876480.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 12:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 13:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 13:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

2008-05-15 16:25 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2008-05-10 11:26 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]

2007-09-20 07:23 132624 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-01-24 19:53 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2008-05-10 11:26 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]

2007-07-17 12:58 90112 ----a-w- c:\program files\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2007-10-30 18:06 2595616 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

2008-04-01 16:35 3587120 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]

2006-12-14 13:18 7558720 ----a-w- c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"WinampAgent"="c:\program files\Winamp\winampa.exe"

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):ab,95,2f,2b,83,38,ca,01

 

R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [06/10/2008 12:42 33792]

S2 gupdate1c99a591a621b8e;Service Google Update (gupdate1c99a591a621b8e);c:\program files\Google\Update\GoogleUpdate.exe [01/03/2009 11:33 133104]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [07/01/2009 17:15 1527900]

S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/07/2008 10:05 21504]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26/08/2008 20:27 29744]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 21:22 34064]

S3 SynasUSB;SynasUSB;c:\windows\System32\drivers\synasUSB.sys [06/10/2008 12:41 18432]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [07/01/2009 17:16 544768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.wibeez.com/meteo

uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.cherche.us/keyword/

uInternet Settings,ProxyOverride = localhost;*.local

uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s

IE: &SHOUTcast Search - c:\programdata\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Download with Rapget - c:\users\Camille\AppData\Local\Temp\Rar$EX00.641\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Recherche avec cherche.us - c:\users\Camille\scriptjava.html

IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

Trusted Zone: chat-land.org

FF - ProfilePath - c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Wibeez

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr

FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: browser.sessionstore.resume_from_crash - false

.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

MSConfigStartUp-ooVoo - c:\program files\ooVoo\ooVoo.exe

MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe

MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

MSConfigStartUp-SpotterChat - c:\program files\SpotterChat\SpotterChat.exe

MSConfigStartUp-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe

MSConfigStartUp-UVS11 Preload - c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-27 17:25

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8486D1E8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x88e8ad24

\Driver\ACPI -> acpi.sys @ 0x88762d68

\Driver\atapi -> 0x8486d1e8

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{311ee8c0-0bcc-48b5-9021-5969b5f431f4}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000140

"Therad"=dword:00000005

"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,

4b,7b,ad,b1,01,72,2f,c8,ca,b2,f4,08,aa,b4,f7,6e,37,9b,a2,94,80,b0,05,d4,61,\

 

[HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{5292f2f2-dfb4-42b1-8dbc-85f02839122f}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000013c

"Therad"=dword:00000020

 

[HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):50,ba,e1,71,e0,1f,de,5e,7d,06,86,0f,b5,f6,88,f0,73,ea,05,07,1b,

7d,b3,83,d2,15,c1,1e,73,15,86,ba,57,0e,55,57,68,bf,15,ba,00,00,00,00,00,00,\

 

[HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):41,0a,db,3a,76,5f,90,85,13,7b,a8,bd,c0,98,cb,23,50,52,ae,69,62,

5c,c5,63,cd,e4,a9,09,51,25,37,38,e1,c9,d9,77,2f,e8,b1,65,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OOCC06.00.00.01WSSV"="1D25CF0FB4E34D6A8B7CB11C889B069BE51425A056617D72006E9007FEBC9E127BECC74CFEB

C9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0

AC4980AC7933BA7FD869164D6794FEBC9E127BECC74CA9C6AECB7A5D140771E48F2185DD0D483561C

F8B5A6713A936835FDF3B7CB20B1AD12F28EAB9EFEA5349E721A0AE7D06A0C0AFD5B64D7538F05E48

CCAD6BD9F60323023DF9CE6A48DFF9EEDD27CDC8E1A766743F43FBEC40A3B3A732A6E76B6233BF784

97F6C880484522E5A330E1AF6997F37A18F66420423A03F664BA76DD828DA22B854282C9181B4A43B

F40252C41C4002FB404172AA194948DF529F9ACCAFA5061EE5596D4C6905C3CB2D85072C28DAD4F18

A8630BF04D2EE3A898BE0136BD79BADB41C18EFA2AB717934B27F758A0BA1C9BB765F3335E8D2B651

6C62E153AD514057CF2B9F6C9588D571EDB8C9630FCF6EB1109AD752B987B89B0276D532E786D3F51

A5ADF54B2D417E3D9633627A7B9EEDF1D30E5557815C7F357287026C792074EE20E19BDF81C969F60

63AF9F1930FDCE25A0770B5CF88FF4B335952316BB2032D5E09AE15F90534AAFD18B693074F29876A

10C971E22E04EA9900FED2041870563A194CB64DEED9C387B84F4383E49EB249B09EEFDF4AE450ADF

86A233D2CBC2BED41D5A07A32DE52E5F380883391E8D84AE33DABD4991326C7E0F30A3161B76E1B22

D434DF17A098CB429396783B6D4312A38F9256A4601AC7B9A59C9244DC20725220DBF4E64FB8EE0BE

F63D30F62B0814A53EFC192AB1E99704B4000A585CAFCD3D936A341D4737034281E447EC91ABA6706

B958943D807CA852C27485B0CA07E2407DD91788BCA6A626EBDC2C41B82CEEE1EC0E3399E2B3F4101

A2549530DFBE616B2F4772FA521BB1262D9153ED352E5C42D643D640C0D33BC2D997ED393BC96098F

62CA85A1A4F28659E970FC634995999AFB88D0C789ADA5AB8EDEB2DC111F238D08BDB0436721DBB7F

2B92F3B09C683BABC76FE7C3D9ED012EA8BCA448B6504C5FA073E7F7A4518FBF971D599F72F08EAD6

8364C5B0DA3C72F0E31CDE6128F28C61F7886FBBB6519D59B11ED3D0FBED41B073D44B9E0908FB2D5

BD68F9AFAFF32E2E19781C3FE1653CEA75BC0616019CDF8303701E3AAD8F34AE7CCAA14E90A9C3E42

665FC6B2FD370ABF4E4BCE0CA4D6A31AD858BAE57D2B2B729DE4161799B37D3978B01321D1CF37A5F

9A677D15A0AC5804CBC8884DB8B286A521021113EB3D7B064052B65DC3CB64A62550AEB8A31D36F19

EE146B5F2BC24F5214F37E99210D32F675ED186A9816D62DE85687639B7F90770251A9688DA0E4487

D9E670DB6AC3757B561113FDA30CCD375954F216FAC7F7C2A66BDCD39D35DB8B94DF7B678DACDE0BA

EB3E0C444AC46B2E2D03344E7B71C"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'lsass.exe'(976)

c:\windows\system32\relog_ap.dll

 

- - - - - - - > 'Explorer.exe'(5656)

c:\users\Camille\AppData\Local\Temp\IadHide4.dll

c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll

c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll

c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll

c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscape.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\PSIService.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

c:\windows\System32\TUProgSt.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Micro Application\Votre PC prend la parole\MDVox.exe

c:\program files\Internet Download Manager\IEMonitor.exe

.

**************************************************************************

.

Heure de fin: 2009-12-27 17:31:36 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-12-27 16:31

ComboFix2.txt 2009-12-27 15:38

 

Avant-CF: 29 522 874 368 octets libres

Après-CF: 29 421 948 928 octets libres

 

- - End Of File - - 67B986AC5EFE0B0E21C3ADE29C461F17

Modifié le 27 décembre 2009 par missplouf

[Falkra]

Nous n'avons pas fini, pas de panique. Certains anciens ficheirs ont été réparés aussi.

 

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau en cliquant sur ce lien :

 

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

 

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

• Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan
  
• A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
  
• Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
  
• Fais redémarrer ton PC
  

[missplouf]

ok, merci de ta présence, j'espère qu'après je pourrais me co pour lire tes instructions sinon ça va être galère ^^

 

à tout à lheure!

[missplouf]

J'ai retrouvé l'accès à tous les fichiers, c'est cool, et donc oui l'opération s'est bien déroulé

Voilà le rapport:

 

19:53:17:790 4960 TDSSKiller 2.1.1 Dec 20 2009 02:40:02

19:53:17:790 4960 ================================================================================

19:53:17:790 4960 SystemInfo:

 

19:53:17:790 4960 OS Version: 6.0.6002 ServicePack: 2.0

19:53:17:790 4960 Product type: Workstation

19:53:17:790 4960 ComputerName: PC-DE-CAMILLE

19:53:17:790 4960 UserName: Camille

19:53:17:790 4960 Windows directory: C:\Windows

19:53:17:790 4960 Processor architecture: Intel x86

19:53:17:790 4960 Number of processors: 2

19:53:17:790 4960 Page size: 0x1000

19:53:17:790 4960 Boot type: Normal boot

19:53:17:790 4960 ================================================================================

19:53:17:805 4960 ForceUnloadDriver: NtUnloadDriver error 2

19:53:17:805 4960 ForceUnloadDriver: NtUnloadDriver error 2

19:53:17:805 4960 ForceUnloadDriver: NtUnloadDriver error 2

19:53:17:805 4960 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0

19:53:17:805 4960 main: Driver KLMD successfully dropped

19:53:30:790 4960 main: Driver KLMD successfully loaded

19:53:30:790 4960

Scanning Registry ...

19:53:30:805 4960 ScanServices: Searching service UACd.sys

19:53:30:805 4960 ScanServices: Open/Create key error 2

19:53:30:805 4960 ScanServices: Searching service TDSSserv.sys

19:53:30:805 4960 ScanServices: Open/Create key error 2

19:53:30:805 4960 ScanServices: Searching service gaopdxserv.sys

19:53:30:805 4960 ScanServices: Open/Create key error 2

19:53:30:805 4960 ScanServices: Searching service gxvxcserv.sys

19:53:30:805 4960 ScanServices: Open/Create key error 2

19:53:30:805 4960 ScanServices: Searching service MSIVXserv.sys

19:53:30:805 4960 ScanServices: Open/Create key error 2

19:53:30:805 4960 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntoskrnl.exe, base addr: 82844000

19:53:30:821 4960 UnhookRegistry: Kernel local addr: 1B50000

19:53:30:821 4960 UnhookRegistry: KeServiceDescriptorTable addr: 1C7C8C0

19:53:30:884 4960 UnhookRegistry: KiServiceTable addr: 1BBD910

19:53:30:884 4960 UnhookRegistry: NtEnumerateKey service number (local): 85

19:53:30:884 4960 UnhookRegistry: NtEnumerateKey local addr: 1D23366

19:53:30:884 4960 KLMD_OpenDevice: Trying to open KLMD device

19:53:30:884 4960 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey

19:53:30:884 4960 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey

19:53:30:884 4960 KLMD_ReadMem: Trying to ReadMemory 0x828999F5[0x4]

19:53:30:884 4960 UnhookRegistry: NtEnumerateKey service number (kernel): 85

19:53:30:884 4960 KLMD_ReadMem: Trying to ReadMemory 0x828B1B24[0x4]

19:53:30:884 4960 UnhookRegistry: NtEnumerateKey real addr: 82A17366

19:53:30:884 4960 UnhookRegistry: NtEnumerateKey calc addr: 82A17366

19:53:30:884 4960 UnhookRegistry: No SDT hooks found on NtEnumerateKey

19:53:30:884 4960 KLMD_ReadMem: Trying to ReadMemory 0x82A17366[0xA]

19:53:30:884 4960 UnhookRegistry: No splicing found on NtEnumerateKey

19:53:30:899 4960

Scanning Kernel memory ...

19:53:30:899 4960 KLMD_OpenDevice: Trying to open KLMD device

19:53:30:899 4960 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk

19:53:30:899 4960 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

19:53:30:899 4960 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85973E80

19:53:30:899 4960 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects

19:53:30:899 4960 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86EE8380

19:53:30:899 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86EE8380

19:53:30:899 4960 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86F05CB8

19:53:30:899 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F05CB8

19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86F05CB8[0x38]

19:53:30:899 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030

19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8]

19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208]

19:53:30:899 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

19:53:30:899 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7

19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400]

19:53:30:899 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0

19:53:30:899 4960 TDL3_FileDetect: Processing driver: USBSTOR

19:53:30:899 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

19:53:30:899 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

19:53:30:899 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

19:53:30:899 4960 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8659FAC8

19:53:30:899 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8659FAC8

19:53:30:899 4960 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8648ECB8

19:53:30:899 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8648ECB8

19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x8648ECB8[0x38]

19:53:30:899 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030

19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8]

19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208]

19:53:30:899 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

19:53:30:899 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8

19:53:30:899 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7

19:53:30:899 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400]

19:53:30:915 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0

19:53:30:915 4960 TDL3_FileDetect: Processing driver: USBSTOR

19:53:30:915 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

19:53:30:915 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

19:53:30:915 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

19:53:30:915 4960 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 865431D8

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865431D8

19:53:30:915 4960 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8656F030

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8656F030

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x8656F030[0x38]

19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8]

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208]

19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

19:53:30:915 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400]

19:53:30:915 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0

19:53:30:915 4960 TDL3_FileDetect: Processing driver: USBSTOR

19:53:30:915 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

19:53:30:915 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

19:53:30:915 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

19:53:30:915 4960 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 864144C8

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 864144C8

19:53:30:915 4960 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 86575030

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86575030

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86575030[0x38]

19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8]

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208]

19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

19:53:30:915 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400]

19:53:30:915 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0

19:53:30:915 4960 TDL3_FileDetect: Processing driver: USBSTOR

19:53:30:915 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

19:53:30:915 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

19:53:30:915 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

19:53:30:915 4960 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86536AC8

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86536AC8

19:53:30:915 4960 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86677030

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86677030

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86677030[0x38]

19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8]

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208]

19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

19:53:30:915 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8

19:53:30:915 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7

19:53:30:915 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400]

19:53:30:915 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0

19:53:30:915 4960 TDL3_FileDetect: Processing driver: USBSTOR

19:53:30:915 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

19:53:30:915 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

19:53:30:915 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

19:53:30:915 4960 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 85A76098

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A76098

19:53:30:915 4960 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 852D0A70

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 852D0A70

19:53:30:915 4960 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 852D1368

19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 852D1368

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x852D1368[0x38]

19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT addr: 852B93C0

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x852B93C0[0xA8]

19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x852B9370[0x208]

19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

19:53:30:915 4960 DetectCureTDL3: IrpHandler (0) addr: 8486D1E8

19:53:30:930 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (2) addr: 8486D1E8

19:53:30:930 4960 DetectCureTDL3: IrpHandler (3) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (4) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (14) addr: 8486D1E8

19:53:30:930 4960 DetectCureTDL3: IrpHandler (15) addr: 8486D1E8

19:53:30:930 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (22) addr: 8486D1E8

19:53:30:930 4960 DetectCureTDL3: IrpHandler (23) addr: 8486D1E8

19:53:30:930 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7

19:53:30:930 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7

19:53:30:930 4960 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

19:53:30:930 4960 KLMD_ReadMem: DeviceIoControl error 1

19:53:30:930 4960 TDL3_StartIoHookDetect: Unable to get StartIo handler code

19:53:30:930 4960 TDL3_FileDetect: Processing driver: atapi

19:53:30:930 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk

19:53:30:930 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys

19:53:30:930 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys

19:53:30:930 4960

Completed

 

Results:

19:53:30:930 4960 Infected objects in memory: 0

19:53:30:930 4960 Cured objects in memory: 0

19:53:30:930 4960 Infected objects on disk: 0

19:53:30:930 4960 Objects on disk cured on reboot: 0

19:53:30:930 4960 Objects on disk deleted on reboot: 0

19:53:30:930 4960 Registry nodes deleted on reboot: 0

19:53:30:930 4960

Modifié le 27 décembre 2009 par missplouf

[Falkra]

Poste un nouveau rapport HIjackThis stp, je voudrais voir le proxy.

[missplouf]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:50:36, on 28/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Download Manager\idman.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backweb-8876480.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Adobe\Audition 1.5\Audition.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Users\Camille\Documents\Downloads\Programs\hijackthis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Download with Rapget - C:\Users\Camille\AppData\Local\Temp\Rar$EX00.641\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Camille\scriptjava.html

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O15 - Trusted Zone: *.chat-land.org

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll

O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll

O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Service Google Update (gupdate1c99a591a621b8e) (gupdate1c99a591a621b8e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

 

--

End of file - 15367 bytes

[Falkra]

Malwarebytes n'était pas à jour, vois s'il se met à jour, et fais une recherche rapide stp (avec le rapport).

[missplouf]

En effet il a viré 7 autres infections de ce même programme:

 

Malwarebytes' Anti-Malware 1.42

Version de la base de données: 3443

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

 

28/12/2009 15:31:58

mbam-log-2009-12-28 (15-31-58).txt

 

Type de recherche: Examen rapide

Eléments examinés: 132959

Temps écoulé: 6 minute(s), 42 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 6

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Users\Administrateur.PC-de-Camille\Desktop\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

C:\Users\Audrey\Desktop\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

C:\Users\Administrateur.PC-de-Camille\Desktop\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

C:\Users\Audrey\Desktop\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

C:\Users\Administrateur.PC-de-Camille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

C:\Users\Audrey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Modifié le 28 décembre 2009 par missplouf

[Falkra]

Voilà. Pense à toujours mettre à jour MBAM avant de faire un scan, il y a très souvent plusieurs mises à jour par jour, donc c'est une bonne habitude à prendre, de manière générale, que de mettre à jour avant un scan, quel que soit le programme.

Là ce sont les restes et raccourcis qui sont supprimés, ce n'est pas du contenu actif et dangereux, mais c'est plus propre sans.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

 

Tu peux aussi alléger le démarrage en faisant sauter ces lignes, mais ce n'est pas obligatoire, et ça ne fait pas de miracles.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

 

 

Comment se comporte la machine ?