Pubs Intempestives et TR/Hijacker.Gen constamment par Avira (Resolu)

[JulienSurgères]

Ok je m'y colle de suite, dois-je retirer la prise ethernet du pc si je désactive l'antivirus ?

 

J'ai téléchargé BitComet il y'a quelques jours, ca peut venir de la ?

[JulienSurgères]

Alors, Combofix ne m'a pas proposer de télécharger et d'installer la console de réucpération .. , bref, voici le rapport :

 

ComboFix 10-04-20.04 - HP_Propriétaire 21/04/2010 19:12:02.1.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2558.2123 [GMT 2:00]

Lancé depuis: c:\documents and settings\HP_Propriétaire.PLAIREJULIEN\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Internet Explorer\SET66C.tmp

c:\program files\Internet Explorer\SET781.tmp

c:\program files\Internet Explorer\SET9AD.tmp

c:\recycler\NPROTECT

c:\recycler\S-1-5-21-2526899365-3307422438-3539672154-1008

D:\Autorun.inf

c:\windows\system32\imwmfra.dll . . . . impossible à supprimer

 

Une copie infectée de c:\windows\system32\drivers\rasacd.sys a été trouvée et désinfectée

Copie restaurée à partir de - Kitty had a snack

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_PEGVOXUE

-------\Legacy_SSHNAS

-------\Service_pegvoxue

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-21 au 2010-04-21 ))))))))))))))))))))))))))))))))))))

.

 

2010-04-21 12:56 . 2010-04-21 12:56 5136 ----a-w- c:\windows\system32\youma1.dll

2010-04-21 10:19 . 2010-04-21 10:19 -------- d-----w- C:\rsit

2010-04-21 09:32 . 2010-04-21 09:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2010-04-20 10:17 . 2010-04-20 10:17 -------- d-----w- C:\_OTM

2010-04-20 09:43 . 2010-04-20 09:54 -------- d-----w- C:\Ad-Remover

2010-04-20 04:16 . 2010-04-20 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-04-19 01:16 . 2010-04-19 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2010-04-19 01:16 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2010-04-19 01:15 . 2010-04-19 01:16 -------- d-----w- c:\program files\CDBurnerXP

2010-04-18 23:52 . 2008-04-13 09:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2010-04-18 23:52 . 2008-04-13 09:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2010-04-18 23:52 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-04-18 23:44 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-04-18 23:43 . 2009-12-30 09:30 91136 ----a-w- c:\windows\system32\nmwcdcls.dll

2010-04-18 23:22 . 2010-04-19 11:22 331840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-04-18 22:59 . 2010-04-18 22:59 -------- d-----w- c:\program files\Microsoft.NET

2010-04-18 22:57 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2010-04-18 22:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-04-18 22:57 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2010-04-18 22:57 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-04-18 22:57 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2010-04-18 22:40 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-04-18 22:40 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-04-18 22:39 . 2010-04-18 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-18 21:26 . 2010-04-21 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-04-18 20:45 . 2010-04-18 20:45 -------- d-----w- c:\windows\system32\XPSViewer

2010-04-18 20:44 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-04-18 20:44 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-04-18 20:44 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-04-18 20:44 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-04-18 20:44 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-04-18 20:44 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-04-18 20:44 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-04-18 20:44 . 2010-04-18 20:44 -------- d-----w- C:\46af8eac3fccc3d27c667b6552fd0e

2010-04-18 20:44 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-04-18 20:44 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-04-18 20:41 . 2010-04-18 20:41 -------- d-----w- C:\SystemRoot

2010-04-18 20:27 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalrt.dll

2010-04-18 20:27 . 2010-03-03 04:01 3641344 ----a-w- c:\windows\system32\aticaldd.dll

2010-04-18 20:27 . 2010-03-03 03:07 65024 ----a-w- c:\windows\system32\atimpc32.dll

2010-04-18 20:27 . 2010-03-03 04:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2010-04-18 20:27 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalcl.dll

2010-04-18 20:27 . 2010-03-03 03:44 14262272 ----a-w- c:\windows\system32\atioglxx.dll

2010-04-18 20:27 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-04-18 20:27 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe

2010-04-18 20:27 . 2010-04-19 11:19 -------- dc----w- c:\windows\system32\DRVSTORE

2010-04-18 19:53 . 2000-06-26 08:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll

2010-04-18 19:53 . 2010-04-18 19:53 -------- d-----w- c:\program files\Fichiers communs\Ahead

2010-04-18 19:53 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2010-04-18 19:46 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-04-18 17:41 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-04-18 17:41 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-04-18 17:36 . 2010-04-18 17:36 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-04-18 17:35 . 2010-04-18 17:35 -------- d-----w- c:\program files\Fichiers communs\xing shared

2010-04-18 15:48 . 2010-04-18 23:53 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-04-18 15:48 . 2010-04-18 15:48 -------- d-----w- c:\windows\system32\LogFiles

2010-04-18 15:45 . 2010-04-18 23:43 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2010-04-18 15:45 . 2010-04-18 23:42 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2010-04-18 15:44 . 2010-04-18 23:42 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe

2010-04-18 15:44 . 2010-04-18 23:42 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-04-18 15:44 . 2010-04-18 23:42 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe

2010-04-18 15:44 . 2010-04-18 23:42 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe

2010-04-18 15:44 . 2010-04-18 15:44 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_11_update.exe

2010-04-18 11:17 . 2010-04-18 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft

2010-04-18 09:41 . 2010-02-25 06:17 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-04-18 09:41 . 2010-02-25 06:17 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-04-18 09:41 . 2010-02-25 06:17 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-04-18 09:41 . 2010-02-25 06:17 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-04-18 09:41 . 2010-02-25 06:17 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-04-18 09:40 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-04-18 09:22 . 2008-04-13 17:33 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2010-04-18 00:19 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-18 00:19 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-18 00:12 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-04-18 00:12 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-04-18 00:12 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-04-18 00:02 . 2004-05-21 01:00 20480 ----a-r- c:\windows\system32\V0080Srv.exe

2010-04-18 00:02 . 2004-06-10 01:00 126976 ----a-r- c:\windows\system32\V0080Vfw.dll

2010-04-18 00:02 . 2004-07-26 01:00 49152 ----a-r- c:\windows\system32\V0080Hwx.dll

2010-04-18 00:02 . 2004-07-19 01:00 36864 ----a-r- c:\windows\system32\V0080Pin.dll

2010-04-18 00:02 . 2004-06-29 01:55 106496 ----a-r- c:\windows\system32\V0080Sti.dll

2010-04-18 00:02 . 2003-10-03 01:05 65536 ----a-r- c:\windows\system32\CtCamMgr.dll

2010-04-18 00:02 . 2002-09-17 01:04 36864 ----a-r- c:\windows\system32\CtRegApp.dll

2010-04-18 00:02 . 2004-10-09 09:51 503507 ----a-r- c:\windows\system32\drivers\V0080Dev.sys

2010-04-18 00:02 . 2004-05-21 06:05 1125376 ----a-r- c:\windows\system32\drivers\V0080Evx.sys

2010-04-17 23:54 . 2010-04-17 23:54 -------- d-----w- c:\windows\system32\wbem\Repository

2010-04-17 23:16 . 2010-04-18 11:37 -------- d-----w- c:\windows\system32\fr-fr

2010-04-17 22:59 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys

2010-04-17 22:59 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\dllcache\bthport.sys

2010-04-17 22:58 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys

2010-04-17 22:55 . 2010-02-12 04:34 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll

2010-04-17 22:54 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2010-04-17 22:54 . 2010-02-17 12:07 2192000 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-04-17 22:54 . 2009-03-06 14:20 286720 ------w- c:\windows\system32\dllcache\pdh.dll

2010-04-17 22:54 . 2009-02-09 11:23 111104 ------w- c:\windows\system32\dllcache\services.exe

2010-04-17 22:54 . 2009-02-09 10:53 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2010-04-17 22:54 . 2009-02-09 10:53 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2010-04-17 22:54 . 2009-02-09 10:53 685568 ------w- c:\windows\system32\dllcache\advapi32.dll

2010-04-17 22:54 . 2009-06-25 08:26 736768 ------w- c:\windows\system32\dllcache\lsasrv.dll

2010-04-17 22:54 . 2009-02-09 10:53 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-04-17 22:54 . 2009-02-09 10:53 739840 ------w- c:\windows\system32\dllcache\ntdll.dll

2010-04-17 22:54 . 2010-02-16 19:06 2148352 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-04-17 22:54 . 2010-02-16 19:06 2026496 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-04-17 22:51 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-04-17 22:51 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2010-04-17 22:50 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll

2010-04-17 22:18 . 2004-08-11 03:22 3525 ----a-r- c:\windows\system32\drivers\CamH2111.bin

2010-04-17 22:18 . 2004-08-11 03:22 3525 ----a-r- c:\windows\system32\drivers\CamF2111.bin

2010-04-17 22:09 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-04-17 22:09 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-04-17 22:05 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-04-17 21:42 . 2009-08-25 09:18 354816 ------w- c:\windows\system32\dllcache\winhttp.dll

2010-04-17 21:40 . 2008-10-15 16:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-04-17 21:38 . 2009-12-24 07:00 177664 ------w- c:\windows\system32\dllcache\wintrust.dll

2010-04-17 21:37 . 2010-01-13 14:01 87040 ------w- c:\windows\system32\dllcache\cabview.dll

2010-04-17 21:33 . 2008-04-21 21:15 219136 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-04-17 21:25 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-04-17 20:34 . 2008-05-12 08:49 593920 ------w- c:\windows\system32\ati2sgag.exe

2010-04-17 20:34 . 2010-03-03 03:40 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-04-17 20:33 . 2010-03-03 03:24 887724 ----a-w- c:\windows\system32\ativva6x.dat

2010-04-17 20:33 . 2010-03-03 03:24 3 ----a-w- c:\windows\system32\ativva5x.dat

2010-04-17 20:33 . 2008-05-12 15:22 3107788 ----a-r- c:\windows\system32\ativvaxx.dat

2010-04-17 20:33 . 2010-02-25 19:55 201875 ----a-w- c:\windows\system32\atiicdxx.dat

2010-04-17 20:30 . 2004-08-05 18:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-04-17 20:28 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-21 17:19 . 2004-08-05 12:00 109568 ----a-w- c:\windows\system32\pxmebap.dll

2010-04-21 17:19 . 2004-08-05 12:00 109568 ----a-w- c:\windows\system32\imwmfra.dll

2010-04-21 16:54 . 2008-10-05 02:04 -------- d-----w- c:\program files\BitComet

2010-04-21 13:12 . 2006-12-12 00:35 -------- d-----w- c:\program files\Yahoo!

2010-04-19 12:20 . 2004-11-23 21:26 76074 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-19 12:20 . 2004-11-23 21:26 470186 ----a-w- c:\windows\system32\perfh00C.dat

2010-04-19 10:49 . 2010-04-19 10:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2010-04-19 10:12 . 2010-04-19 10:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2010-04-19 10:12 . 2010-04-19 10:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2010-04-19 00:43 . 2009-09-10 02:16 -------- d-----w- c:\program files\Fichiers communs\Nero

2010-04-19 00:43 . 2009-09-10 02:16 -------- d-----w- c:\program files\Nero

2010-04-18 23:52 . 2010-04-18 23:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2010-04-18 23:52 . 2010-04-18 23:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-04-18 23:46 . 2009-12-17 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache

2010-04-18 23:43 . 2009-12-17 17:21 -------- d-----w- c:\program files\PC Connectivity Solution

2010-04-18 23:14 . 2009-09-10 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2010-04-18 22:40 . 2010-03-21 21:41 -------- d-----w- c:\program files\iTunes

2010-04-18 22:38 . 2009-10-08 00:17 -------- d-----w- c:\program files\QuickTime

2010-04-18 21:26 . 2009-07-10 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-04-18 20:32 . 2009-07-10 14:28 -------- d-----w- c:\program files\ma-config.com

2010-04-18 20:32 . 2009-07-10 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2010-04-18 20:10 . 2005-01-02 23:12 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-18 19:55 . 2007-03-24 13:25 -------- d-----w- c:\program files\Ahead

2010-04-18 17:36 . 2010-03-10 14:54 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-04-18 17:36 . 2010-03-10 14:54 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-04-18 17:36 . 2005-01-02 23:10 -------- d-----w- c:\program files\Fichiers communs\Real

2010-04-18 15:43 . 2005-01-02 23:14 -------- d-----w- c:\program files\Fichiers communs\Adobe

2010-04-18 10:03 . 2007-09-18 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2010-04-18 09:30 . 2007-02-02 14:04 -------- d-----w- c:\program files\SymNetDrv

2010-04-18 08:58 . 2005-01-02 23:30 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2010-04-18 08:58 . 2005-01-02 23:29 -------- d-----w- c:\program files\Symantec

2010-04-18 00:24 . 2008-06-30 12:36 -------- d-----w- c:\program files\CCleaner

2010-04-18 00:17 . 2005-01-02 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-04-17 23:19 . 2004-11-23 21:20 82359 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-17 22:16 . 2006-12-11 22:08 -------- d-----w- c:\program files\Creative

2010-04-17 22:15 . 2005-01-02 23:23 -------- d-----w- c:\program files\PC-Doctor 5 for Windows

2010-04-17 21:01 . 2005-01-02 23:04 113669 ----a-w- c:\windows\hpoins07.dat

2010-04-17 20:29 . 2010-04-17 20:28 1791 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EP207AA-ABF T3349FR_YC_0Pavi_QCZB551_E61FRheBLU1_48_IAMETHYST-M_SMSI_V1.0_B3.36_T051021_WXH2_L40C_M2559_J250_7AMD_8Athlon 64_91.99_#060130_N10EC8139_Z_G10029505.MRK

2010-04-09 23:38 . 2006-12-16 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2010-04-08 15:00 . 2010-03-25 15:58 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-04-08 15:00 . 2010-03-25 15:58 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-04-08 15:00 . 2010-03-25 15:58 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-04-08 15:00 . 2010-03-25 15:58 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-04-08 15:00 . 2010-03-25 15:58 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2010-04-08 15:00 . 2010-03-25 15:58 432032 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-04-08 15:00 . 2010-03-25 15:58 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-04-08 15:00 . 2010-03-25 15:58 329560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-04-02 01:18 . 2007-10-01 23:25 -------- d-----w- c:\program files\Micro Application

2010-03-26 04:47 . 2009-07-10 20:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp

2010-03-25 15:58 . 2010-03-25 15:58 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-03-25 15:58 . 2010-03-25 15:58 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-03-25 15:58 . 2010-03-25 15:58 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-03-25 15:58 . 2010-03-25 15:58 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-03-25 15:58 . 2010-03-25 15:58 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2010-03-21 23:13 . 2010-03-21 23:13 -------- d-----w- c:\program files\VS Revo Group

2010-03-21 23:05 . 2010-03-21 22:51 -------- d-----w- c:\program files\Uniblue

2010-03-21 21:42 . 2010-03-21 21:42 -------- d-----w- c:\program files\iPod

2010-03-21 21:42 . 2008-04-18 14:11 -------- d-----w- c:\program files\Fichiers communs\Apple

2010-03-21 21:30 . 2010-03-21 21:30 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-03-21 19:14 . 2010-03-21 19:14 -------- d-----w- c:\program files\Axon Data

2010-03-21 16:32 . 2009-01-14 00:41 -------- d-----w- c:\program files\DivX

2010-03-10 17:52 . 2010-03-10 15:35 -------- d-----w- c:\program files\VSO

2010-03-10 17:41 . 2010-03-10 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Vso

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-03-10 06:16 . 2004-08-05 18:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-04 14:01 . 2003-03-19 03:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL

2010-03-04 14:01 . 2003-03-19 02:14 503808 ----a-w- c:\windows\system32\MSVCP71.DLL

2010-03-04 14:01 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL

2010-03-03 04:21 . 2008-05-12 16:30 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2010-03-03 03:40 . 2008-05-12 15:32 3616096 ----a-w- c:\windows\system32\ati3duag.dll

2010-03-03 03:39 . 2008-05-12 15:54 301056 ----a-w- c:\windows\system32\ati2dvag.dll

2010-03-03 03:24 . 2008-05-12 15:45 208896 ----a-w- c:\windows\system32\atipdlxx.dll

2010-03-03 03:24 . 2008-05-12 15:22 2232320 ----a-w- c:\windows\system32\ativvaxx.dll

2010-03-03 03:24 . 2008-05-12 15:45 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2010-03-03 03:24 . 2008-05-12 15:45 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2010-03-03 03:24 . 2008-05-12 15:45 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2010-03-03 03:23 . 2008-05-12 15:44 159744 ----a-w- c:\windows\system32\ati2evxx.dll

2010-03-03 03:22 . 2008-05-12 15:43 602112 ----a-w- c:\windows\system32\ati2evxx.exe

2010-03-03 03:21 . 2008-05-12 15:41 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2010-03-03 03:16 . 2008-05-12 15:05 565248 ----a-w- c:\windows\system32\atikvmag.dll

2010-03-03 03:15 . 2008-05-12 15:03 184320 ----a-w- c:\windows\system32\atiadlxx.dll

2010-03-03 03:14 . 2008-05-12 15:03 17408 ----a-w- c:\windows\system32\atitvo32.dll

2010-03-03 03:14 . 2008-05-12 15:02 393216 ----a-w- c:\windows\system32\atiok3x2.dll

2010-03-03 03:09 . 2008-05-12 14:57 638976 ----a-w- c:\windows\system32\ati2cqag.dll

2010-03-03 03:07 . 2008-05-12 15:03 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-03-03 03:07 . 2008-05-12 15:09 65024 ----a-w- c:\windows\system32\amdpcom32.dll

2010-02-25 06:17 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-05 18:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 12:07 . 2004-08-05 18:00 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2004-08-05 18:00 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-02-12 04:34 . 2004-08-05 18:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-05 18:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2006-05-01 08:58 . 2006-11-22 19:02 22 -csha-w- c:\windows\SMINST\HPCD.SYS

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58CE6DE1-2E56-4111-B797-A22294D113BD}]

2010-04-21 17:19 109568 ----a-w- c:\windows\system32\imwmfra.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]

@="{58CE6DE1-2E56-4111-B797-A22294D113BD}"

[HKEY_CLASSES_ROOT\CLSID\{58CE6DE1-2E56-4111-B797-A22294D113BD}]

2010-04-21 17:19 109568 ----a-w- c:\windows\system32\imwmfra.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"Home Theater SchSvr"="c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-10-20 106496]

"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-10-20 262144]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-04-18 202256]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

c:\documents and settings\Administrateur.JULIENPLAIRE\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\youma1]

2010-04-21 12:56 5136 ----a-w- c:\windows\system32\youma1.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\PC-Doctor 5 for Windows\\pcdrsysinfovideocapture.p5x"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11252:TCP"= 11252:TCP:BitComet 11252 TCP

"11252:UDP"= 11252:UDP:BitComet 11252 UDP

 

R0 hezcirvp;hezcirvp;c:\windows\system32\drivers\hezcirvp.sys --> c:\windows\system32\drivers\hezcirvp.sys [?]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/04/2010 12:58 108289]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2005 00:58 2799488]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

.

Contenu du dossier 'Tâches planifiées'

 

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 14:59]

 

2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

 

2010-04-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2384509092-2364030936-318741953-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

 

2010-04-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2384509092-2364030936-318741953-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

 

2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{1E7C5FF2-9B90-4B9F-AB97-3ECEB1DC4830}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

 

2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{7ADAF25A-B25A-4959-BCDE-59BE602BA941}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Settings,ProxyOverride = *.local

IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-PCDrProfiler - (no file)

AddRemove-HijackThis - c:\documents and settings\HP_Propriétaire.PLAIREJULIEN\Bureau\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-21 19:22

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(560)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\windows\system32\youma1.dll

 

- - - - - - - > 'explorer.exe'(1028)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\ALCXMNTR.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Heure de fin: 2010-04-21 19:28:27 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-04-21 17:28

 

Avant-CF: 175 673 577 472 octets libres

Après-CF: 175 579 467 776 octets libres

 

- - End Of File - - 2C1BD5EF2375DDE20FE5D94467CB0702

[Falkra]

Ta machine a une bestiole très coriace dernière génération.

On va s'en occuper, ce sont des manips complexes, mais on l'aura.

ComboFix a déjà supprimé des nuisibles, mais on va continuer avec un script sur-mesure, et envoyer des fichiers infectieux nouveaux au créateur de Combofix.

 

Rend toi sur cette page afin de télécharger le fichier CFScript.txt sur le Bureau :

http://senduit.com/610e29

Note 1 : Le script proposé est spécifique au cas de cet utilisateur : vous ne devez en aucun cas l'utiliser sur votre pc!

Patiente quelques secondes : le téléchargement va se lancer automatiquement.

 

• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture :
  
  
• Patiente le temps du scan. Le Bureau va disparaitre à plusieurs reprises : c'est normal !
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Quand Combofix finit de travailler, il affiche ceci :
  
  
• Cliquer sur OK va faire débuter l'envoi automatique du fichier zip, pour améliorer les futures détections.
  
  
• Une fois le scan achevé, le PC va certainement redémarrer: un rapport va s'afficher, poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici : C:\ComboFix.txt
  

 

Note 2 : un fichier qui se trouve sur le pc va être expédié au créateur de ComboFix pour analyse.

Dans le cas où le site de téléchargement se trouve hors ligne, tu verras ce message :

Il te suffira seulement de faire un double-clic sur le fichier CF-Submit.htm qui se trouve dans le répertoire C:\ pour envoyer le fichier.

Le rapport de ComboFix ne s'affichera qu'après la fin de l'envoi.

[JulienSurgères]

Ok je m'y colle, par contre j'ai fais des changements durant la nuit de drivers pour ma carte graphique, est ce que je dois refaire une analyse ? De toute façon, j'éssaie quand même

[Falkra]

Ce n'est pas vraiment le moment de tripatouiller ta carte graphique ou les pilotes de Windows, tu as plus urgent à faire, et ça met la pagaille dans les points de restauration système.

 

Passe le script stp.

[JulienSurgères]

Alors, j'ai bien fais glissé le fichier sur Combo.fix, ca m'a demandé de couper mon antivirus, ce que j'ai fait, ca m'a demander de mettre à jour Combo.fix, ce que j'ai fait, ensuite par sécurité j'ai préféré débrancher mon cable ethernet, le PC a redémarré presque tout de suite après m'avoir apparemment supprimé deux fichiers (forcément MSN s'est lancé et Avira remis en route) alors qu'on est censé ne lancer aucun programme. Il n'y a pas eu d'envoi automatique d'un fichier quelconque. En tout cas voici le rapport :

 

ComboFix 10-04-21.01 - HP_Propriétaire 22/04/2010 8:56.2.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2558.1922 [GMT 2:00]

Lancé depuis: c:\documents and settings\HP_Propriétaire.PLAIREJULIEN\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire.PLAIREJULIEN\Bureau\CFscript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

file zipped: c:\windows\system32\drivers\hezcirvp.sys

file zipped: c:\windows\system32\youma1.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\hezcirvp.sys

c:\windows\system32\youma1.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_HEZCIRVP

-------\Service_hezcirvp

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-22 au 2010-04-22 ))))))))))))))))))))))))))))))))))))

.

 

2010-04-22 06:55 . 2010-04-22 07:07 -------- d-----w- \ComboFix

2010-04-22 03:05 . 2010-04-22 07:05 166976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-04-22 02:09 . 2010-04-22 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2010-04-22 01:40 . 2010-04-22 03:53 -------- d-----w- c:\program files\ATI

2010-04-21 20:35 . 2010-04-21 20:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-04-21 19:49 . 2010-04-21 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-04-21 19:49 . 2010-04-21 20:08 -------- d-----w- c:\program files\McAfee Security Scan

2010-04-21 19:48 . 2010-04-21 19:48 -------- d-----w- c:\program files\NOS

2010-04-21 17:04 . 2010-04-22 07:07 -------- d---a-w- \Qoobox

2010-04-21 10:19 . 2010-04-21 10:19 -------- d-----w- C:\rsit

2010-04-21 10:19 . 2010-04-21 10:19 -------- d-----w- \rsit

2010-04-21 09:32 . 2010-04-21 09:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2010-04-20 10:17 . 2010-04-20 10:17 -------- d-----w- C:\_OTM

2010-04-20 10:17 . 2010-04-20 10:17 -------- d-----w- \_OTM

2010-04-20 09:43 . 2010-04-20 09:54 -------- d-----w- C:\Ad-Remover

2010-04-20 09:43 . 2010-04-20 09:54 -------- d-----w- \Ad-Remover

2010-04-20 04:16 . 2010-04-20 04:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-04-19 01:16 . 2010-04-19 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2010-04-19 01:15 . 2010-04-19 01:16 -------- d-----w- c:\program files\CDBurnerXP

2010-04-18 22:59 . 2010-04-18 22:59 -------- d-----w- c:\program files\Microsoft.NET

2010-04-18 22:39 . 2010-04-18 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-18 21:26 . 2010-04-21 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-04-18 20:44 . 2010-04-18 20:44 -------- d-----w- C:\46af8eac3fccc3d27c667b6552fd0e

2010-04-18 20:44 . 2010-04-18 20:44 -------- d-----w- \46af8eac3fccc3d27c667b6552fd0e

2010-04-18 20:41 . 2010-04-18 20:41 -------- d-----w- C:\SystemRoot

2010-04-18 20:41 . 2010-04-18 20:41 -------- d-----w- \SystemRoot

2010-04-18 19:53 . 2010-04-18 19:53 -------- d-----w- c:\program files\Fichiers communs\Ahead

2010-04-18 17:35 . 2010-04-18 17:35 -------- d-----w- c:\program files\Fichiers communs\xing shared

2010-04-18 11:17 . 2010-04-18 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft

2010-04-17 20:46 . 2010-04-17 20:51 -------- d-sha-r- \cmdcons

2010-04-17 20:12 . 2005-01-02 23:16 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS

2010-04-17 16:37 . 2010-04-17 16:43 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies

2010-04-17 10:56 . 2010-04-18 22:37 -------- d-----w- c:\program files\Apple Software Update

2010-04-17 10:56 . 2010-04-17 10:56 -------- d-----w- c:\program files\ANNO 1602 Version Gold

2010-04-17 09:57 . 2010-04-17 09:57 -------- d-----w- C:\found.000

2010-04-17 09:57 . 2010-04-17 09:57 -------- d-----w- \found.000

2010-04-17 04:42 . 2010-04-17 04:42 0 ----a-w- c:\windows\ativpsrm.bin

2010-04-17 04:40 . 2010-04-22 02:41 -------- d-----w- c:\program files\ATI Technologies

2010-04-17 04:35 . 2010-04-17 04:35 -------- d-----w- C:\ATI

2010-04-17 04:35 . 2010-04-17 04:35 -------- d-----w- \ATI

2010-04-17 03:32 . 2010-04-17 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz

2010-04-16 03:05 . 2010-04-16 03:10 -------- d-----w- C:\BitComet

2010-04-16 03:05 . 2010-04-16 03:10 -------- d-----w- \BitComet

2010-04-15 23:41 . 2010-04-18 22:37 -------- d-----w- c:\program files\Bonjour

2010-04-09 15:58 . 2010-04-09 15:58 -------- d-----w- c:\program files\Microsoft Reader

2010-04-09 15:58 . 2003-06-05 15:15 57436 ----a-w- c:\windows\DASShp.dll

2010-04-09 15:36 . 2010-04-21 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-04-09 01:32 . 2010-04-09 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-04-09 01:26 . 2010-04-09 16:03 -------- d-----w- c:\program files\Fichiers communs\L&H

2010-04-08 20:54 . 2010-04-08 20:54 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2010-04-08 04:23 . 2010-04-08 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickMediaConverter

2010-04-08 04:22 . 2010-04-08 04:23 -------- d-----w- c:\program files\QuickMediaConverter

2010-04-02 10:58 . 2010-04-02 10:58 -------- d-----w- c:\program files\Avira

2010-04-02 10:58 . 2010-04-02 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-04-02 10:32 . 2010-04-18 09:46 -------- dc-h--w- c:\windows\ie8

2010-04-02 08:27 . 2010-04-02 10:32 -------- dc----w- c:\windows\ie8(2)

2010-04-02 01:18 . 2010-04-02 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application

2010-03-26 19:14 . 2010-03-26 19:14 -------- d-sh--w- c:\documents and settings\Administrateur.JULIENPLAIRE\IETldCache

2010-03-26 03:14 . 2010-03-26 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt

2010-03-26 00:55 . 2010-04-21 10:21 -------- d-----w- c:\program files\Trend Micro

2010-03-26 00:55 . 2010-03-26 00:55 -------- d-----w- c:\documents and settings\LocalService\Bureau

2010-03-25 15:47 . 2010-03-26 00:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-03-25 15:46 . 2010-03-25 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-03-25 15:46 . 2010-03-25 15:48 -------- d-----w- c:\program files\Lavasoft

2010-03-24 22:54 . 2010-04-18 00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-24 22:54 . 2010-03-24 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-24 21:47 . 2010-03-24 21:47 -------- d-----w- c:\documents and settings\Administrateur\PrivacIE

2010-03-24 21:47 . 2010-03-24 21:47 -------- d-----w- c:\documents and settings\Administrateur\IETldCache

2010-03-24 21:46 . 2005-01-02 22:46 135 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat

2010-03-24 21:46 . 2010-03-24 22:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft

2010-03-24 21:46 . 2010-03-24 22:25 -------- d-----w- c:\documents and settings\Administrateur\Modèles

2010-03-24 21:46 . 2010-03-24 22:25 -------- d-----w- c:\documents and settings\Administrateur\Favoris

2010-03-24 21:46 . 2005-01-02 23:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Intervideo

2010-03-23 20:03 . 2010-03-23 20:03 -------- d-----w- c:\windows\Logs

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-22 06:53 . 2008-10-05 02:04 -------- d-----w- c:\program files\BitComet

2010-04-22 01:46 . 2005-01-02 23:12 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-21 23:35 . 2010-04-18 15:45 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2010-04-21 23:35 . 2010-04-18 15:45 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2010-04-21 23:35 . 2010-04-18 15:44 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-04-21 23:35 . 2010-04-18 15:44 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe

2010-04-21 23:35 . 2010-04-18 15:44 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe

2010-04-21 23:35 . 2010-04-18 15:44 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe

2010-04-21 13:12 . 2006-12-12 00:35 -------- d-----w- c:\program files\Yahoo!

2010-04-19 00:43 . 2009-09-10 02:16 -------- d-----w- c:\program files\Fichiers communs\Nero

2010-04-19 00:43 . 2009-09-10 02:16 -------- d-----w- c:\program files\Nero

2010-04-18 23:46 . 2009-12-17 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache

2010-04-18 23:43 . 2009-12-17 17:21 -------- d-----w- c:\program files\PC Connectivity Solution

2010-04-18 23:14 . 2009-09-10 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2010-04-18 22:40 . 2010-03-21 21:41 -------- d-----w- c:\program files\iTunes

2010-04-18 22:38 . 2009-10-08 00:17 -------- d-----w- c:\program files\QuickTime

2010-04-18 21:26 . 2009-07-10 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-04-18 20:32 . 2009-07-10 14:28 -------- d-----w- c:\program files\ma-config.com

2010-04-18 20:32 . 2009-07-10 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2010-04-18 19:55 . 2007-03-24 13:25 -------- d-----w- c:\program files\Ahead

2010-04-18 17:36 . 2010-04-18 17:36 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-04-18 17:36 . 2010-03-10 14:54 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-04-18 17:36 . 2010-03-10 14:54 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-04-18 17:36 . 2005-01-02 23:10 -------- d-----w- c:\program files\Fichiers communs\Real

2010-04-18 15:44 . 2010-04-18 15:44 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_11_update.exe

2010-04-18 15:43 . 2005-01-02 23:14 -------- d-----w- c:\program files\Fichiers communs\Adobe

2010-04-18 10:03 . 2007-09-18 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2010-04-18 09:30 . 2007-02-02 14:04 -------- d-----w- c:\program files\SymNetDrv

2010-04-18 08:58 . 2005-01-02 23:30 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2010-04-18 08:58 . 2005-01-02 23:29 -------- d-----w- c:\program files\Symantec

2010-04-18 00:24 . 2008-06-30 12:36 -------- d-----w- c:\program files\CCleaner

2010-04-18 00:17 . 2005-01-02 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-04-17 22:16 . 2006-12-11 22:08 -------- d-----w- c:\program files\Creative

2010-04-17 22:15 . 2005-01-02 23:23 -------- d-----w- c:\program files\PC-Doctor 5 for Windows

2010-04-17 21:01 . 2005-01-02 23:04 113669 ----a-w- c:\windows\hpoins07.dat

2010-04-09 23:38 . 2006-12-16 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles

2010-04-08 15:00 . 2010-03-25 15:58 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-04-08 15:00 . 2010-03-25 15:58 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-04-08 15:00 . 2010-03-25 15:58 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-04-08 15:00 . 2010-03-25 15:58 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-04-08 15:00 . 2010-04-08 15:00 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll

2010-04-08 15:00 . 2010-03-25 15:58 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2010-04-08 15:00 . 2010-03-25 15:58 432032 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-04-08 15:00 . 2010-03-25 15:58 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-04-08 15:00 . 2010-03-25 15:58 329560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-04-08 15:00 . 2010-03-25 15:57 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-04-08 15:00 . 2010-03-25 15:57 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-04-08 14:59 . 2010-03-25 15:57 849744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-04-08 14:59 . 2010-03-25 15:57 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-04-08 14:59 . 2010-03-25 15:57 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-04-08 14:59 . 2010-03-25 15:57 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-04-08 14:59 . 2010-03-25 15:57 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-04-02 01:18 . 2007-10-01 23:25 -------- d-----w- c:\program files\Micro Application

2010-03-29 22:13 . 2010-03-29 22:13 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-26 04:47 . 2009-07-10 20:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp

2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

2010-03-25 15:58 . 2010-03-25 15:58 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-03-25 15:58 . 2010-03-25 15:58 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll

2010-03-25 15:58 . 2010-03-25 15:58 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2010-03-25 15:58 . 2010-03-25 15:58 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2010-03-25 15:58 . 2010-03-25 15:58 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2010-03-21 23:13 . 2010-03-21 23:13 -------- d-----w- c:\program files\VS Revo Group

2010-03-21 23:05 . 2010-03-21 22:51 -------- d-----w- c:\program files\Uniblue

2010-03-21 21:42 . 2010-03-21 21:42 -------- d-----w- c:\program files\iPod

2010-03-21 21:42 . 2008-04-18 14:11 -------- d-----w- c:\program files\Fichiers communs\Apple

2010-03-21 21:30 . 2010-03-21 21:30 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-03-21 19:14 . 2010-03-21 19:14 -------- d-----w- c:\program files\Axon Data

2010-03-21 16:32 . 2009-01-14 00:41 -------- d-----w- c:\program files\DivX

2010-03-10 17:52 . 2010-03-10 15:35 -------- d-----w- c:\program files\VSO

2010-03-10 17:41 . 2010-03-10 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Vso

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-03-10 14:54 . 2010-03-10 14:54 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-02-05 09:04 . 2010-03-25 15:47 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe

2006-05-01 08:58 . 2006-11-22 19:02 22 -csha-w- c:\windows\SMINST\HPCD.SYS

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"Home Theater SchSvr"="c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-10-20 106496]

"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-10-20 262144]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-04-18 202256]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]

"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

c:\documents and settings\Administrateur.JULIENPLAIRE\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-3 27136]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\PC-Doctor 5 for Windows\\pcdrsysinfovideocapture.p5x"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11252:TCP"= 11252:TCP:BitComet 11252 TCP

"11252:UDP"= 11252:UDP:BitComet 11252 UDP

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/04/2010 12:58 108289]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2005 00:58 2799488]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 14:49 227232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.fr/

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-22 09:07

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\smss.exe

c:\windows\system32\csrss.exe

c:\windows\system32\winlogon.exe

c:\windows\system32\services.exe

c:\windows\system32\lsass.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe

c:\windows\System32\svchost.exe

c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\svchost.exe

c:\windows\system32\spoolsv.exe

c:\windows\system32\svchost.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\svchost.exe

c:\windows\System32\alg.exe

c:\windows\ALCXMNTR.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Fichiers communs\Nokia\NoA\nokiaaserver.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\windows\system32\wbem\wmiprvse.exe

.

**************************************************************************

.

Heure de fin: 2010-04-22 09:14:19 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-04-22 07:14

ComboFix2.txt 2010-04-21 17:28

 

Avant-CF: 171 711 332 352 octets libres

Après-CF: 172 156 071 936 octets libres

 

- - End Of File - - 97D3E5BD2D6213F37B490C5ABF9EEA4A

 

 

Merci de m'aider en tout cas .. de plus c'est très clair

[JulienSurgères]

Je vais devoir m'absenter jusqu'a 13h, dès que je reviens et si tu es toujours disponible, je me ferai un plaisir d'erradiquer ces mer.. définitivement.

 

N'hésites pas à me laisser tes instructions, je le ferai en revenant et merci pour tes recherches, ton travail.

[Falkra]

Utilise le fichier CF-Submit.htm qui se trouve dans le répertoire C:\ : il n'y a pas eu d'envoi automatique car tu as coupé la connexion (ce n'était pourtant pas demandé...).

Je regarde le rapport, ça m'a l'air bon tout ça.

[JulienSurgères]

re : J'ai beau aller dans C:\ , je ne trouve pas ce fichier ... j'ai lancer la recherhe avec l'outil "rechercher", aucun résultat .. Ca m'embête un peu ..

[Falkra]

OK, pas de panique. Regarde dans c:\Qoobox\Quarantine\ tu dois avoir un fichier zip dont le nom commence par "[4]-Submit_2010-04"

Localise-le stp, tu vas me l'envoyer (je te dirai comment) et je ferai suivre, à ce moment là.

 

Le script a fait son boulot de toute façon et ta machine va mieux, mais il faut qu'on fasse avancer les détections, ces fichiers sont importants.