Mon ordi va t il mourir???

Powaaa · le 28 février 2010

Voilà:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:25:16, on 28/02/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\ETIENNE\qoocean.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\Users\ETIENNE\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\ETIENNE\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [qoocean] C:\Users\ETIENNE\qoocean.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Startup: Outil de notification Live Search.lnk = C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Service Google Update (gupdate1c9e867306385d0) (gupdate1c9e867306385d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe

O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 12404 bytes

Falkra · le 28 février 2010

Il revient, apparemment, saufg si tu as oublié de lancer HJT avec les droits admin.

Télécharge GMER Rootkit Scanner du lien suivant :

http://www.gmer.net/#files

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau.

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes.

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

Sections
**Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

Powaaa · le 1 mars 2010

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-02-28 18:58:39

Windows 6.0.6001 Service Pack 1

Running: 5rc7i8vj.exe; Driver: C:\Users\ETIENNE\AppData\Local\Temp\kgloyaow.sys

---- System - GMER 1.0.15 ----

SSDT 8C3D32B4 ZwCreateThread

SSDT 8C3D32A0 ZwOpenProcess

SSDT 8C3D32A5 ZwOpenThread

SSDT 8C3D32AF ZwTerminateProcess

INT 0x51 ? 869BABF8

INT 0x52 ? 869BABF8

INT 0x62 ? 869BABF8

INT 0x72 ? 869BABF8

INT 0x82 ? 84E0ABF8

INT 0x92 ? 8447BBF8

INT 0xA2 ? 8447BBF8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069A6D6] \SystemRoot\System32\Drivers\spam.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8069A042] \SystemRoot\System32\Drivers\spam.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8069A800] \SystemRoot\System32\Drivers\spam.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8069A0C0] \SystemRoot\System32\Drivers\spam.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069A13E] \SystemRoot\System32\Drivers\spam.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A9E9C] \SystemRoot\System32\Drivers\spam.sys

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortNotification] CC358B04

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortWritePortUchar] 838C729F

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8C7270

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortStallExecution] 54771129

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortInitialize] B18D0502

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8

IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E0C1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84E081F8

Device \Driver\usbuhci \Device\USBPDO-0 867AB1F8

Device \Driver\usbuhci \Device\USBPDO-1 867AB1F8

Device \Driver\usbehci \Device\USBPDO-2 867D61F8

Device \Driver\usbuhci \Device\USBPDO-3 867AB1F8

Device \Driver\usbuhci \Device\USBPDO-4 867AB1F8

Device \Driver\usbuhci \Device\USBPDO-5 867AB1F8

Device \Driver\PCI_PNP8099 \Device\00000049 spam.sys

Device \Driver\usbehci \Device\USBPDO-6 867D61F8

Device \Driver\volmgr \Device\HarddiskVolume1 84E081F8

Device \Driver\volmgr \Device\HarddiskVolume2 84E081F8

Device \Driver\cdrom \Device\CdRom0 867DA1F8

Device \Driver\cdrom \Device\CdRom1 867DA1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E0B1F8

Device \Driver\iaStor \Device\Ide\iaStor0 [826CA6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort0 84E0B1F8

Device \Driver\atapi \Device\Ide\IdePort1 84E0B1F8

Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [826CA6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\netbt \Device\NetBT_Tcpip_{DE6F740D-85A3-4347-8C7D-C7DF8B7A215E} 86F09500

Device \Driver\netbt \Device\NetBT_Tcpip_{C4856829-4845-44F3-BD5D-1EE202807801} 86F09500

Device \Driver\netbt \Device\NetBt_Wins_Export 86F09500

Device \Driver\Smb \Device\NetbiosSmb 870041F8

Device \Driver\iScsiPrt \Device\RaidPort0 867F3500

Device \Driver\usbuhci \Device\USBFDO-0 867AB1F8

Device \Driver\usbuhci \Device\USBFDO-1 867AB1F8

Device \Driver\sptd \Device\24532118 spam.sys

Device \Driver\usbehci \Device\USBFDO-2 867D61F8

Device \Driver\usbuhci \Device\USBFDO-3 867AB1F8

Device \Driver\usbuhci \Device\USBFDO-4 867AB1F8

Device \Driver\usbuhci \Device\USBFDO-5 867AB1F8

Device \Driver\usbehci \Device\USBFDO-6 867D61F8

Device \Driver\awf6sfmg \Device\Scsi\awf6sfmg1Port4Path0Target0Lun0 867F61F8

Device \Driver\awf6sfmg \Device\Scsi\awf6sfmg1 867F61F8

Device \FileSystem\cdfs \Cdfs 867F21F8

---- Processes - GMER 1.0.15 ----

Library C:\Users\ETIENNE\qoocean.exe (*** hidden *** ) @ C:\Users\ETIENNE\qoocean.exe [3544] 0x00400000

Process (*** hidden *** ) -2143474600

Process (*** hidden *** ) -2079930192

Process (*** hidden *** ) -2079928832

Process (*** hidden *** ) -2079923360

Process (*** hidden *** ) -2074374656

Process (*** hidden *** ) -2072877400

Process (*** hidden *** ) -2071414760

Process (*** hidden *** ) -2071315896

Process (*** hidden *** ) -2070696616

Process (*** hidden *** ) -2070499144

Process (*** hidden *** ) -2066693960

Process (*** hidden *** ) -2066600448

Process (*** hidden *** ) -2066556352

Process (*** hidden *** ) -2053808640

Process (*** hidden *** ) -2053575896

Process (*** hidden *** ) -2053272064

Process (*** hidden *** ) -2053266296

Process (*** hidden *** ) -2048391016

Process (*** hidden *** ) -2048262656

Process (*** hidden *** ) -2040402824

Process (*** hidden *** ) -2029582744

Process (*** hidden *** ) -2029582048

Process (*** hidden *** ) -2029291320

Process (*** hidden *** ) -2028865712

Process (*** hidden *** ) -2028491432

Process (*** hidden *** ) -2026601544

Process (*** hidden *** ) -2026073928

Process (*** hidden *** ) -2026016008

Process (*** hidden *** ) -2025934664

Process (*** hidden *** ) -2025848648

Process (*** hidden *** ) -2025817208

Process (*** hidden *** ) -2025789424

Process (*** hidden *** ) -2025788192

Process (*** hidden *** ) -2025695072

Process (*** hidden *** ) -2025594496

Process (*** hidden *** ) -2025590600

Process (*** hidden *** ) -2025533256

Process (*** hidden *** ) -2025498568

Process (*** hidden *** ) -2025395376

Process (*** hidden *** ) -2025160520

Process (*** hidden *** ) -2025056560

Process (*** hidden *** ) -2024174648

Process (*** hidden *** ) -2024161096

Process (*** hidden *** ) -2024087368

Process (*** hidden *** ) -2024083272

Process (*** hidden *** ) -2023170560

Process (*** hidden *** ) -2023117312

Process (*** hidden *** ) -2023057640

Process (*** hidden *** ) -2023049288

Process (*** hidden *** ) -2022988048

Process (*** hidden *** ) -2022947952

Process (*** hidden *** ) -2022915912

Process (*** hidden *** ) -2022717616

Process (*** hidden *** ) -2022225680

Process (*** hidden *** ) -2022035968

Process (*** hidden *** ) -2021932344

Process (*** hidden *** ) -2021905800

Process (*** hidden *** ) -2021901928

Process (*** hidden *** ) -2021805896

Process (*** hidden *** ) -2021595064

Process (*** hidden *** ) -2021594368

Process (*** hidden *** ) -2021423176

Process (*** hidden *** ) -2021417472

Process (*** hidden *** ) -2021111040

Process (*** hidden *** ) -2020998528

Process (*** hidden *** ) -2020994888

Process (*** hidden *** ) -2020700672

Process (*** hidden *** ) -2020308952

Process (*** hidden *** ) -2020265800

Process (*** hidden *** ) -2020121576

Process (*** hidden *** ) -2020024832

Process (*** hidden *** ) -2019649864

Process (*** hidden *** ) -2019619328

Process (*** hidden *** ) -2019553792

Process (*** hidden *** ) -2019535344

Process (*** hidden *** ) -2019490968

Process (*** hidden *** ) -2019406336

Process (*** hidden *** ) -2019242592

Process (*** hidden *** ) -2019217224

Process (*** hidden *** ) -2019204936

Process (*** hidden *** ) -2019017872

Process (*** hidden *** ) -2018899656

Process (*** hidden *** ) -2018848584

Process (*** hidden *** ) -2018834752

Process (*** hidden *** ) -2018811720

Process (*** hidden *** ) -2018692936

Process (*** hidden *** ) -2018570968

Process (*** hidden *** ) -1218448168

Process (*** hidden *** ) -1216612760

Process (*** hidden *** ) -1215695744

Process (*** hidden *** ) -1212286848

Process (*** hidden *** ) -1204814504

Process (*** hidden *** ) -1200489912

Process (*** hidden *** ) -1187775144

Process (*** hidden *** ) -1187644072

Process (*** hidden *** ) -1187515744

Process (*** hidden *** ) -1186596192

Process (*** hidden *** ) -1186595496

Process (*** hidden *** ) -1182139048

Process (*** hidden *** ) -1181092968

Process (*** hidden *** ) -1180960184

Process (*** hidden *** ) -1180700488

Process (*** hidden *** ) -1180304824

Process (*** hidden *** ) -1180304040

Process (*** hidden *** ) -1180044032

Process (*** hidden *** ) -1179779752

Process (*** hidden *** ) -1179648680

Process (*** hidden *** ) -1179518560

Process (*** hidden *** ) -1179387472

Process (*** hidden *** ) -1179127624

Process (*** hidden *** ) -1165889352

Process (*** hidden *** ) -1133511504

Process (*** hidden *** ) -1133250544

Process (*** hidden *** ) -1132987664

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ...

---- EOF - GMER 1.0.15 ----

Falkra · le 1 mars 2010

Ha ok, c'est plus gros comme gibier.

Tu vas utiliser Combofix. Ce logiciel n'est à utiliser que prescrit et piloté par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

Assure toi que tous les programmes sont fermés avant de commencer.
Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
Double-clique combofix.exe afin de l'exécuter.
Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
Le bureau disparaît, c'est normal, et il va revenir.
Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
Lorsque l'analyse sera terminée, un rapport apparaîtra.
Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Tu peux voir ces opérations dans le guide officiel (seul autorisé) :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

Powaaa · le 4 mars 2010

ComboFix 10-03-02.08 - ETIENNE 03/03/2010 13:21:25.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.873 [GMT -7:00]

Lancé depuis: c:\users\ETIENNE\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-37189480-250429832-724886619-500

c:\users\ETIENNE\heuwo.exe

c:\users\ETIENNE\hiadae.exe

c:\users\ETIENNE\joooc.exe

c:\users\ETIENNE\koasaq.exe

c:\users\ETIENNE\naauviw.exe

c:\users\ETIENNE\swjoub.exe

c:\users\ETIENNE\tajax.exe

c:\users\ETIENNE\yeegap.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-03 au 2010-03-03 ))))))))))))))))))))))))))))))))))))

.

2010-03-03 20:34 . 2010-03-03 20:34 -------- d-----w- c:\users\ETIENNE\AppData\Local\temp

2010-03-03 20:34 . 2010-03-03 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-28 15:02 . 2010-02-28 15:02 -------- d-----w- C:\_OTM

2010-02-27 19:43 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Malwarebytes

2010-02-27 17:12 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\programdata\Malwarebytes

2010-02-27 17:12 . 2010-02-27 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 17:12 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 19:51 . 2010-02-27 19:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-26 19:51 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\programdata\Avira

2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\program files\Avira

2010-02-26 19:24 . 2010-02-27 18:04 -------- d-----w- c:\programdata\gomuzidi

2010-02-26 19:24 . 2010-02-26 19:24 -------- d-----w- c:\programdata\nadusajo

2010-02-25 16:39 . 2010-02-27 12:35 -------- d-----w- c:\programdata\tasurepa

2010-02-25 16:39 . 2010-02-25 16:39 -------- d-----w- c:\programdata\pekiboba

2010-02-25 15:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\nuruhola

2010-02-25 15:34 . 2010-02-25 15:34 -------- d-----w- c:\programdata\zazaliwu

2010-02-24 17:55 . 2010-02-24 17:55 -------- d-----w- c:\programdata\sulumetu

2010-02-24 17:55 . 2010-02-24 17:55 -------- d-----w- c:\programdata\zofitemi

2010-02-23 16:10 . 2010-02-27 12:35 -------- d-----w- c:\programdata\najihate

2010-02-23 16:10 . 2010-02-23 16:10 -------- d-----w- c:\programdata\wuvajepe

2010-02-22 16:34 . 2010-03-03 14:49 -------- d-----w- c:\programdata\doguvuvo

2010-02-22 16:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\wanisupa

2010-02-22 16:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\sapoviri

2010-02-22 16:34 . 2010-02-22 16:34 -------- d-----w- c:\programdata\nihujoti

2010-02-21 18:32 . 2010-02-27 12:34 -------- d-----w- c:\programdata\fimohinu

2010-02-21 18:32 . 2010-02-22 17:39 -------- d-----w- c:\programdata\gukowema

2010-02-21 18:32 . 2010-02-27 12:35 -------- d-----w- c:\programdata\yohilite

2010-02-21 16:19 . 2010-02-27 12:35 -------- d-----w- c:\programdata\pohubeli

2010-02-21 16:19 . 2010-02-21 16:19 -------- d-----w- c:\programdata\bohumoye

2010-02-21 16:13 . 2010-02-27 12:35 -------- d-----w- c:\programdata\mamotapi

2010-02-21 16:13 . 2010-02-27 12:35 -------- d-----w- c:\programdata\jopafuyi

2010-02-21 16:13 . 2010-02-27 12:34 -------- d-----w- c:\programdata\hinuhilu

2010-02-18 20:25 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll

2010-02-18 20:25 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys

2010-02-18 20:22 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll

2010-02-18 20:22 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll

2010-02-18 20:22 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-02-18 20:22 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll

2010-02-18 20:22 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys

2010-02-18 20:22 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll

2010-02-18 20:22 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe

2010-02-18 20:22 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe

2010-02-18 20:22 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll

2010-02-18 20:22 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll

2010-02-18 15:14 . 2010-02-18 15:14 -------- d-----w- C:\PerfLogs

2010-02-11 07:56 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-02-11 07:28 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-11 07:28 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-11 07:28 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-02-11 07:28 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2010-02-11 07:28 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll

2010-02-11 07:28 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-02-11 07:28 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-02-11 07:28 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-02-11 07:27 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll

2010-02-11 07:27 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll

2010-02-11 07:27 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll

2010-02-11 07:27 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll

2010-02-11 07:27 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-11 07:27 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-03 18:12 . 2008-04-05 10:01 -------- d-----w- c:\program files\Lx_cats

2010-02-27 18:06 . 2008-08-12 14:46 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\LimeWire

2010-02-24 18:00 . 2006-03-12 23:37 678968 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-24 18:00 . 2006-03-12 23:37 128004 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-24 16:16 . 2009-10-04 08:55 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2010-02-18 15:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-02-18 15:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-02-18 15:12 . 2006-03-12 15:25 -------- d-----w- c:\programdata\NVIDIA

2010-02-18 14:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2010-02-18 14:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2010-02-14 15:33 . 2006-03-12 15:42 -------- d-----w- c:\programdata\Microsoft Help

2010-02-01 16:43 . 2010-02-01 16:43 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE3BB.tmp.exe

2010-01-23 04:44 . 2008-10-17 20:21 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-16 17:33 . 2009-08-22 16:23 -------- d-----w- c:\programdata\Messenger Plus!

2010-01-16 17:24 . 2010-01-16 17:24 -------- d-----w- c:\program files\Ask Search Assistant

2010-01-16 17:24 . 2009-08-22 16:14 -------- d-----w- c:\program files\Messenger Plus! Live

2010-01-13 14:39 . 2008-08-12 14:25 -------- d-----w- c:\program files\LimeWire

2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\programdata\PC Suite

2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\PC Suite

2010-01-08 16:36 . 2010-01-08 16:34 734208 ----a-w- c:\users\ETIENNE\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe

2010-01-08 16:33 . 2010-01-08 16:32 -------- d-----w- c:\program files\DIFX

2010-01-08 16:32 . 2006-03-12 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-08 16:32 . 2010-01-08 16:25 -------- d-----w- c:\program files\Samsung

2010-01-08 16:31 . 2010-01-08 16:27 -------- d-----w- c:\program files\PC Connectivity Solution

2010-01-08 16:29 . 2010-01-08 16:29 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Samsung

2010-01-08 16:28 . 2010-01-08 16:28 -------- d-----w- c:\program files\MarkAny

2010-01-02 06:38 . 2010-01-25 04:29 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-25 04:29 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 06:32 . 2010-01-25 04:29 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 04:57 . 2010-01-25 04:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-25 13:39 . 2009-12-25 13:39 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-04 09:50 . 2009-12-04 09:50 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB41A.tmp.exe

2009-12-04 07:35 . 2009-03-05 16:10 1 ----a-w- c:\users\ETIENNE\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-02-06 12:37 . 2010-02-06 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2010-03-03 15:08 . 2006-03-12 15:30 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2010-03-03 15:08 . 2006-03-12 15:30 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2010-03-03 15:08 . 2006-03-12 15:30 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2010-03-03 15:08 . 2006-03-12 15:30 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2010-03-03 15:08 . 2006-03-12 15:30 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2006-03-12 23:42 . 2006-03-12 23:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Google Update"="c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-18 133104]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 861744]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-06 30192]

"MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]

"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760]

"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\ETIENNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-4-29 155648]

Outil de notification Live Search.lnk - c:\users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-1 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/02/2010 12:51 108289]

R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [08/01/2010 09:29 233472]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [25/04/2007 22:21 99248]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [08/01/2010 09:29 36608]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [12/03/2006 16:33 281088]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [06/05/2009 23:46 721904]

S2 gupdate1c9e867306385d0;Service Google Update (gupdate1c9e867306385d0);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 11:30 133104]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/11/2009 14:17 54632]

S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/03/2006 08:36 30192]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK

.

Contenu du dossier 'Tâches planifiées'

2010-03-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-03-12 15:13]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002Core.job

- c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002UA.job

- c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33]

2008-05-16 c:\windows\Tasks\HDReg.job

- c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{7CCA24AB-1E15-44A7-B220-2BBF2EB9B2A5}.job

- c:\windows\system32\msfeedssync.exe [2010-01-25 04:56]

.

------- Examen supplémentaire -------

.

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

FF - ProfilePath - c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - component: c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BitTorrent DNA - c:\users\ETIENNE\Program Files\DNA\btdna.exe

HKCU-Run-qoocean - c:\users\ETIENNE\qoocean.exe

HKLM-Run-NPSStartup - (no file)

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

AddRemove-HijackThis - c:\users\ETIENNE\AppData\Local\Temp\Rar$EX01.962\HijackThis.exe

AddRemove-BitTorrent DNA - c:\users\ETIENNE\Program Files\DNA\btdna.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-03 13:34

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP000000333AA29D36FE2DAEA0 524288 bytes executable

Scan terminé avec succès

Fichiers cachés: 1

**************************************************************************

.

Heure de fin: 2010-03-03 13:38:10

ComboFix-quarantined-files.txt 2010-03-03 20:38

Avant-CF: 15 827 746 816 octets libres

Après-CF: 16 344 387 584 octets libres

- - End Of File - - CB66B6FB74B85D004E07B9C97D4A1AB1

Falkra · le 4 mars 2010

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

Télécharge le fichier CFscript.txt depuis ce site :
http://senduit.com/f59f6c
Place-le sur le bureau, près de l'icône de combofix.
Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Powaaa · le 5 mars 2010

ComboFix 10-03-02.08 - ETIENNE 04/03/2010 13:40:35.2.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.1300 [GMT -7:00]

Lancé depuis: c:\users\ETIENNE\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\ETIENNE\Desktop\CFscript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\bohumoye

c:\programdata\bohumoye\bohumoye.dll

c:\programdata\doguvuvo

c:\programdata\fimohinu

c:\programdata\gomuzidi

c:\programdata\gukowema

c:\programdata\hinuhilu

c:\programdata\jopafuyi

c:\programdata\mamotapi

c:\programdata\nadusajo

c:\programdata\nadusajo\nadusajo.dll

c:\programdata\najihate

c:\programdata\nihujoti

c:\programdata\nihujoti\nihujoti.dll

c:\programdata\nuruhola

c:\programdata\pekiboba

c:\programdata\pekiboba\pekiboba.dll

c:\programdata\pohubeli

c:\programdata\sapoviri

c:\programdata\sulumetu

c:\programdata\sulumetu\sulumetu.dll

c:\programdata\tasurepa

c:\programdata\wanisupa

c:\programdata\wuvajepe

c:\programdata\wuvajepe\wuvajepe.dll

c:\programdata\yohilite

c:\programdata\zazaliwu

c:\programdata\zazaliwu\zazaliwu.dll

c:\programdata\zofitemi

c:\programdata\zofitemi\zofitemi.dll

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 ))))))))))))))))))))))))))))))))))))

.

2010-03-04 20:51 . 2010-03-04 20:51 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-03-04 20:51 . 2010-03-04 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-04 12:35 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-03 20:38 . 2010-03-04 20:55 -------- d-----w- c:\users\ETIENNE\AppData\Local\temp

2010-03-03 20:36 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-03-03 20:36 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe