Portable infecté

Massa · le 4 mars 2010

Salut Falfkra,

J'étais en déplacement et n'ai pu faire les dernières actions Désolé.

Peux-tu me refaire la procédure ?

Par avance, merci.

Falkra · le 4 mars 2010

J'ai refait les liens du post précédent, tu peux y aller.

Massa · le 4 mars 2010

Voici le dernier rapport...

ComboFix 10-03-04.01 - Marie-pierre 04/03/2010 22:03:35.3.1 - FAT32x86

Lancé depuis: c:\documents and settings\Marie-pierre\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Marie-pierre\Bureau\CFscript.txt

FILE ::

"c:\windows\Tasks\At1.job"

"c:\windows\Tasks\At10.job"

"c:\windows\Tasks\At11.job"

"c:\windows\Tasks\At12.job"

"c:\windows\Tasks\At13.job"

"c:\windows\Tasks\At14.job"

"c:\windows\Tasks\At15.job"

"c:\windows\Tasks\At16.job"

"c:\windows\Tasks\At17.job"

"c:\windows\Tasks\At18.job"

"c:\windows\Tasks\At19.job"

"c:\windows\Tasks\At2.job"

"c:\windows\Tasks\At20.job"

"c:\windows\Tasks\At21.job"

"c:\windows\Tasks\At22.job"

"c:\windows\Tasks\At23.job"

"c:\windows\Tasks\At24.job"

"c:\windows\Tasks\At3.job"

"c:\windows\Tasks\At4.job"

"c:\windows\Tasks\At5.job"

"c:\windows\Tasks\At6.job"

"c:\windows\Tasks\At7.job"

"c:\windows\Tasks\At8.job"

"c:\windows\Tasks\At9.job"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Marie-pierre\rthdcpl.exe

c:\documents and settings\Marie-pierre\skytel.exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\windows\system32\ctfmon .exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TPZDJYYQ

-------\Service_tpzdjyyq

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 ))))))))))))))))))))))))))))))))))))

.

2010-02-28 10:34 . 2010-02-28 10:34 -------- d-----w- C:\FOUND.009

2010-02-28 04:37 . 2010-03-04 21:35 792064 ----a-w- c:\windows\system32\drivers\tpzdjyyq.sys

2010-02-28 03:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- C:\rsit

2010-02-27 18:11 . 2010-02-27 18:11 -------- d-----w- C:\FOUND.008

2010-02-27 17:31 . 2010-02-27 17:31 -------- d-----w- C:\FOUND.007

2010-02-27 17:08 . 2010-02-27 17:08 -------- d-----w- C:\FOUND.006

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\Marie-pierre\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 16:15 . 2010-02-27 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 16:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 15:41 . 2010-02-27 15:41 -------- d-----w- C:\FOUND.005

2010-02-27 15:01 . 2010-02-27 15:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-02-27 13:26 . 2010-02-27 13:26 -------- d-----w- C:\FOUND.004

2010-02-27 10:26 . 2010-02-27 10:26 -------- d-----w- C:\FOUND.003

2010-02-23 22:01 . 2010-02-23 22:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\fr

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\system32\bits

2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\windows\l2schemas

2010-02-23 20:58 . 2010-02-23 20:58 -------- d-----w- c:\windows\EHome

2010-02-23 19:50 . 2010-02-18 21:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-22 20:53 . 2010-02-22 20:54 -------- d-----w- c:\windows\BDOSCAN8

2010-02-22 20:50 . 2010-02-22 20:50 -------- d-sh--w- c:\documents and settings\Marie-pierre\PrivacIE

2010-02-22 20:46 . 2010-02-22 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-02-22 20:42 . 2010-02-22 20:42 -------- d-sh--w- c:\documents and settings\Marie-pierre\IETldCache

2010-02-22 20:37 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-02-22 20:37 . 2010-02-22 20:37 -------- d-----w- c:\windows\ie8updates

2010-02-22 20:36 . 2009-12-21 19:06 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-02-22 20:36 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-02-22 20:36 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-02-22 20:36 . 2009-12-21 19:06 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-02-22 20:36 . 2009-12-21 19:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-02-22 20:36 . 2009-12-21 19:06 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-22 20:34 . 2010-02-22 20:34 -------- d--h--w- c:\windows\ie8

2010-02-22 20:34 . 2010-02-22 20:34 -------- d-----w- c:\windows\system32\fr-FR

2010-02-22 18:47 . 2010-02-22 18:47 -------- d-----w- C:\FOUND.002

2010-02-21 22:20 . 2010-02-22 19:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-21 14:58 . 2010-02-21 14:58 -------- d-----w- C:\FOUND.001

2010-02-21 02:03 . 2010-02-21 02:03 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-21 01:42 . 2010-02-21 01:42 -------- d-----w- c:\program files\CCleaner

2010-02-21 01:31 . 2010-02-21 01:31 -------- d-----w- C:\FOUND.000

2010-02-21 01:18 . 2010-02-21 01:18 -------- d-----w- c:\program files\ESET

2010-02-20 22:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-20 22:57 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-02-20 22:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\program files\Avira

2010-02-20 22:57 . 2010-02-20 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-02-20 09:49 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-18 21:54 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-18 21:49 . 2010-02-18 21:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\program files\Lavasoft

2010-02-18 21:49 . 2010-02-18 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-02-18 21:39 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-18 17:45 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-02-18 17:45 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-02-18 17:45 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-02-18 17:45 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-02-18 17:45 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-02-18 17:45 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-02-18 17:45 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-02-18 17:44 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-02-18 17:44 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-02-18 17:44 . 2010-02-18 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-02-15 19:03 . 2010-02-15 19:03 -------- d-----r- c:\documents and settings\NetworkService\Favoris

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-04 21:38 . 2010-03-04 21:37 55296 ----a-w- c:\documents and settings\Marie-pierre\skytel.exe

2010-03-04 21:38 . 2010-03-04 21:37 55296 ----a-w- c:\documents and settings\Marie-pierre\rthdcpl.exe

2010-03-04 20:35 . 2004-08-05 04:00 17920 ----a-w- c:\windows\system32\tftp.exe

2010-02-28 04:34 . 2010-02-28 04:34 16 ----a-w- c:\documents and settings\LocalService\Application Data\pdytbs.dat

2010-02-27 13:02 . 2006-05-23 15:54 86612 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-27 13:02 . 2006-05-23 15:54 512410 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-27 12:59 . 2010-02-27 12:59 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\pdytbs.dat

2010-02-24 20:51 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a78.tmp

2010-02-24 20:50 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3ab7.tmp

2010-02-24 17:56 . 2006-12-01 19:10 90112 ----a-w- c:\windows\DUMP3a59.tmp

2010-02-23 21:09 . 2006-05-23 15:29 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-23 19:51 . 2010-02-18 21:53 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-23 19:50 . 2010-02-23 19:50 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-23 19:50 . 2010-02-18 21:53 150888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe

2010-02-23 19:50 . 2010-02-23 19:50 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-23 19:50 . 2010-02-18 21:53 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-23 19:50 . 2010-02-18 21:53 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-23 19:50 . 2010-02-18 21:53 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-23 19:50 . 2010-02-18 21:53 735008 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe

2010-02-23 19:50 . 2010-02-18 21:53 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-23 19:50 . 2010-02-18 21:53 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-22 20:45 . 2006-12-01 19:16 91952 ----a-w- c:\documents and settings\Marie-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-20 09:08 . 2007-03-10 21:21 110592 ----a-w- c:\documents and settings\Marie-pierre\Application Data\U3\temp\cleanup.exe

2010-02-20 09:08 . 2009-08-21 14:37 1962232 ----a-w- c:\documents and settings\Marie-pierre\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-02-20 08:35 . 2010-02-18 21:49 3802016 ----a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe

2010-02-20 08:35 . 2008-10-01 18:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.1.11\SetupAdmin.exe

2010-02-20 08:35 . 2008-07-04 12:35 54632 ----a-w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe

2010-02-20 08:35 . 2007-05-17 17:31 21489968 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre_web[1].exe

2010-02-20 08:35 . 2007-05-17 17:30 8704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe

2010-02-20 08:35 . 2007-05-17 17:30 15872 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe

2010-02-20 08:35 . 2007-05-17 17:30 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe

2010-02-18 21:53 . 2010-02-18 21:53 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-02-18 21:53 . 2010-02-18 21:53 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-02-18 21:53 . 2010-02-18 21:53 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-02-18 21:53 . 2010-02-18 21:53 562272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-18 21:53 . 2010-02-18 21:53 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-02-18 21:53 . 2010-02-18 21:53 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2009-12-31 16:50 . 2004-08-05 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:07 . 2006-01-09 19:02 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2004-08-05 04:00 347648 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-05 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-05 04:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:08 . 2004-08-05 04:00 2025984 ------w- c:\windows\system32\ntkrnlpa.exe

.

<pre>
c:\program files\Avira\AntiVir Desktop\avgnt .exe
c:\program files\Acer\Acer Arcade\pcmservice .exe
c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntimui .exe
c:\program files\Launch Manager\lmanager .exe
c:\program files\HP\Digital Imaging\bin\hpqsrmon .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\Java\jre1.5.0_03\bin\jusched .exe
c:\program files\SuperCopier2\supercopier2 .exe
c:\program files\iTunes\ituneshelper .exe
c:\windows\system32\IME\TINTLGNT\tintsetp .exe
c:\windows\ime\imjp8_1\imjpmig .exe
</pre>

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2010-03-04 55296]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2010-03-04 55296]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2010-03-04 55296]

"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2010-03-04 55296]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2010-03-04 55296]

"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2010-03-04 55296]

"RTHDCPL"="RTHDCPL.EXE" [N/A]

"SkyTel"="SkyTel.EXE" [N/A]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2010-03-04 55296]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2010-03-04 55296]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-04 55296]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2010-03-04 55296]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-04 55296]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2010-03-04 55296]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-04 55296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [x]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [x]

R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2010-02-20 705376]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288]

S1 aswSP;aswSP; [x]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-23 1229232]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - UBHELPER

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

2010-03-04 c:\windows\Tasks\At1.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At2.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At3.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At4.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At5.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At6.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At7.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At8.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At9.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At10.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At11.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At12.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At13.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At14.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At15.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At16.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At17.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At18.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At19.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At20.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At21.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At22.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At23.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\At24.job

- c:\program files\internet explorer\wmpscfgs.exe [2010-03-04 21:38]

2010-03-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-18 19:50]

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c21d5a10bc914a7e9314dc6980c18ff2

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c21d5a10bc914a7e9314dc6980c18ff2

TCP: {AC661682-0D11-4141-81A3-0BA777EB820F} = 192.168.1.1

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-04 22:39

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]

"ImagePath"="\??\c:\docume~1\MARIE-~1\LOCALS~1\Temp\mc21.tmp"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(628)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(184)

c:\program files\SuperCopier2\SC2Hook.dll

c:\acer\Empowering Technology\ePower\SysHook.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Heure de fin: 2010-03-04 23:55:43 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-04 22:54

ComboFix2.txt 2010-02-28 13:46

ComboFix3.txt 2010-02-28 04:49

Avant-CF: 26 393 509 888 octets libres

Après-CF: 26 723 352 576 octets libres

- - End Of File - - 9EA6922816BE0FCCFB8E3487A53C67A4

Falkra · le 5 mars 2010

L'antivirus est mort, ça et d'autres choses, mais on a avancé d'un cran, par contre il y en a tellement, que ça prend toujours du temps.

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

Télécharge le fichier CFscript.txt depuis ce site :
http://senduit.com/0c0c58
Place-le sur le bureau, près de l'icône de combofix.
Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Massa · le 5 mars 2010

Une question: si l'antivirus est mort, je n'en installe pas un nouveau ?

D'autre part, il y a toujours des fenêtres qui apparaissent quand je lance ComboFix et sans clic de ma part, ça reste bloqué. Est-e normal alors que je ne dois toucher à rien ?

Ci-dessous le rapport

ComboFix 10-03-04.05 - Marie-pierre 05/03/2010 13:45:45.4.1 - FAT32x86

Lancé depuis: c:\documents and settings\Marie-pierre\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Marie-pierre\Bureau\CFscript.txt

FILE ::

"c:\documents and settings\LocalService\Application Data\pdytbs.dat"

"c:\program files\Avira\AntiVir Desktop\avgnt .exe"

"c:\program files\internet explorer\wmpscfgs.exe"

"c:\windows\system32\config\systemprofile\Application Data\pdytbs.dat"

"c:\windows\system32\drivers\tpzdjyyq.sys"

"c:\windows\Tasks\At1.job"

"c:\windows\Tasks\At10.job"

"c:\windows\Tasks\At11.job"

"c:\windows\Tasks\At12.job"

"c:\windows\Tasks\At13.job"

"c:\windows\Tasks\At14.job"

"c:\windows\Tasks\At15.job"

"c:\windows\Tasks\At16.job"

"c:\windows\Tasks\At17.job"

"c:\windows\Tasks\At18.job"

"c:\windows\Tasks\At19.job"

"c:\windows\Tasks\At20.job"

"c:\windows\Tasks\At21.job"

"c:\windows\Tasks\At22.job"

"c:\windows\Tasks\At23.job"

"c:\windows\Tasks\At24.job"

"c:\windows\Tasks\At3.job"

"c:\windows\Tasks\At5.job"

"c:\windows\Tasks\At6.job"

"c:\windows\Tasks\At7.job"

"c:\windows\Tasks\At8.job"

"c:\windows\Tasks\At9.job"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\LocalService\Application Data\pdytbs.dat

c:\documents and settings\Marie-pierre\rthdcpl .exe

c:\documents and settings\Marie-pierre\rthdcpl.exe

c:\documents and settings\Marie-pierre\skytel .exe

c:\documents and settings\Marie-pierre\skytel.exe

c:\program files\Adobe\acrotray .exe

c:\program files\Avira\AntiVir Desktop\avgnt .exe

c:\program files\Internet Explorer\js.mui

c:\program files\Internet Explorer\wmpscfgs.exe

c:\windows\system32\config\systemprofile\Application Data\pdytbs.dat

c:\windows\system32\ctfmon .exe

c:\windows\system32\drivers\tpzdjyyq.sys

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASWFSBLK

-------\Legacy_ASWSP

-------\Service_aswFsBlk

-------\Service_aswSP

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-05 au 2010-03-05 ))))))))))))))))))))))))))))))))))))

.

2010-03-05 13:19 . 2010-03-05 13:19 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

2010-03-05 13:19 . 2010-03-05 13:20 55296 ----a-w- c:\documents and settings\All Users\Application Data\92747332\92747332.exe

2010-03-05 13:19 . 2010-03-05 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\92747332