infecte par agent tdss rapport pointe Fermé

Question

Bonjour, voila pouvez vous m aider on m a demander de faire un scan avec le logiciel anti malware malwarebytes
je vous poste mon rapport merci de m'aider 

 Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2726
Windows 6.0.6001 Service Pack 1

01/09/2009 22:04:56
mbam-log-2009-09-01 (22-04-51).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 267109
Temps écoulé: 53 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmcxrjdkip (Rootkit.TDSS) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmfhxdndjh (Rootkit.TDSS) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\System32\kbiwkmeyixuwmk.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\System32\kbiwkmknxymxic.dat (Rootkit.TDSS) -> No action taken.

Narco!4 · Answer

Bonjour
Télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

nico62 · Answer

merci de m aider je vous poste le rapport demandé

Rapport GenProc 2.617 [1] - 01/09/2009 à 22:18:23 
@ Windows Vista Service Pack 1 - Mode normal

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:49, on 01/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\cmd.exe
C:\GenProc\outil
ico_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fmz.qiwa.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

nico62 · Answer

merci de m aider je vous poste le rapport demandé

Rapport GenProc 2.617 [1] - 01/09/2009 à 22:18:23 
@ Windows Vista Service Pack 1 - Mode normal

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:49, on 01/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\cmd.exe
C:\GenProc\outil
ico_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fmz.qiwa.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

Narco!4 · Answer

[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

nico62 · Answer

je vous colle le rapport
ComboFix 09-09-01.04 - nico 01/09/2009 22:43.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.33.1036.18.3069.2024 [GMT 2:00]
Running from: c:\users
ico\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3266793670-3546034856-3136528560-500
c:\windows\Installer\17dc8.msi

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KBIWKMCXRJDKIP
-------\Legacy_KBIWKMFHXDNDJH
-------\Service_kbiwkmcxrjdkip
-------\Service_kbiwkmfhxdndjh


(((((((((((((((((((((((((   Files Created from 2009-08-01 to 2009-09-01  )))))))))))))))))))))))))))))))
.

2009-09-01 20:53 . 2009-09-01 20:53	--------	d-----w-	c:\users\Default\AppData\Local	emp
2009-09-01 20:18 . 2009-09-01 20:18	--------	d-----w-	C:\GenProc
2009-08-30 22:54 . 2009-08-30 22:54	--------	d-----w-	c:\users
ico\AppData\Roaming\Malwarebytes
2009-08-30 22:54 . 2009-08-03 11:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 22:54 . 2009-08-30 22:54	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-08-30 22:54 . 2009-08-30 22:54	--------	d-----w-	c:\programdata\Malwarebytes
2009-08-30 22:54 . 2009-08-03 11:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-30 22:23 . 2009-08-30 22:23	--------	d-----w-	C:\_OTM
2009-08-30 17:08 . 2008-06-05 16:18	5737	----a-w-	c:\users
ico\AppData\Local\gnc.exe
2009-08-30 16:40 . 2009-08-30 17:08	--------	d-----w-	c:\program files\Navilog1
2009-08-30 13:51 . 2009-06-15 15:24	175104	----a-w-	c:\windows\system32\wdigest.dll
2009-08-30 13:51 . 2009-06-15 15:21	499712	----a-w-	c:\windows\system32\kerberos.dll
2009-08-30 13:51 . 2009-06-15 15:22	213504	----a-w-	c:\windows\system32\msv1_0.dll
2009-08-30 13:51 . 2009-06-15 15:23	1256448	----a-w-	c:\windows\system32\lsasrv.dll
2009-08-30 13:51 . 2009-06-15 15:24	270848	----a-w-	c:\windows\system32\schannel.dll
2009-08-30 13:50 . 2009-06-15 18:20	439896	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2009-08-30 13:50 . 2009-06-15 15:24	72704	----a-w-	c:\windows\system32\secur32.dll
2009-08-30 13:50 . 2009-06-15 12:57	9728	----a-w-	c:\windows\system32\lsass.exe
2009-08-30 11:26 . 2009-08-30 15:46	--------	d-----w-	c:\program files	rend micro
2009-08-30 11:26 . 2009-08-30 11:26	--------	d-----w-	C:sit
2009-08-29 23:23 . 2009-08-29 23:23	--------	d-----w-	c:\users
ico\AppData\Roaming\PCToolsFirewallPlus
2009-08-29 23:04 . 2009-03-06 14:45	130424	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-08-29 23:04 . 2008-12-18 10:16	73840	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-29 23:04 . 2008-12-11 06:38	159600	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2009-08-29 23:01 . 2009-08-29 23:04	--------	d-----w-	c:\program files\Common Files\PC Tools
2009-08-29 23:01 . 2008-09-22 09:29	97408	----a-w-	c:\windows\system32\drivers\pctfw.sys
2009-08-29 23:01 . 2009-01-21 07:38	95640	----a-w-	c:\windows\system32\drivers\pctplfw.sys
2009-08-29 23:01 . 2009-08-30 01:20	--------	d-----w-	c:\program files\PC Tools Firewall Plus
2009-08-29 22:44 . 2009-08-29 22:44	--------	d-----w-	c:\users
ico\AppData\Roaming\JonDo
2009-08-29 22:42 . 2009-08-30 01:14	--------	d-----w-	c:\program files\jap anonymat
2009-08-29 20:36 . 2009-08-29 20:36	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2009-08-29 20:07 . 2009-08-29 20:07	--------	d-----w-	c:\program files\Microsoft
2009-08-29 17:52 . 2009-08-29 22:03	--------	d-----w-	c:\programdata\Norton
2009-08-29 17:52 . 2009-08-29 17:52	--------	d-----w-	c:\programdata\NortonInstaller
2009-08-29 16:40 . 2009-06-22 10:22	2048	----a-w-	c:\windows\system32	zres.dll
2009-08-29 16:28 . 2008-06-20 01:14	105016	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-29 16:28 . 2008-06-20 01:14	97800	----a-w-	c:\windows\system32\infocardapi.dll
2009-08-29 16:28 . 2008-06-20 01:14	43544	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2009-08-29 16:28 . 2008-06-20 01:14	11264	----a-w-	c:\windows\system32\icardres.dll
2009-08-29 16:28 . 2008-06-20 01:14	622080	----a-w-	c:\windows\system32\icardagt.exe
2009-08-29 16:28 . 2008-06-20 01:14	781344	----a-w-	c:\windows\system32\PresentationNative_v0300.dll
2009-08-29 16:28 . 2008-06-20 01:14	326160	----a-w-	c:\windows\system32\PresentationHost.exe
2009-08-29 16:21 . 2008-07-27 18:03	96760	----a-w-	c:\windows\system32\dfshim.dll
2009-08-29 16:21 . 2008-07-27 18:03	282112	----a-w-	c:\windows\system32\mscoree.dll
2009-08-29 16:21 . 2008-07-27 18:03	41984	----a-w-	c:\windows\system32
etfxperf.dll
2009-08-29 16:21 . 2008-07-27 18:03	158720	----a-w-	c:\windows\system32\mscorier.dll
2009-08-29 16:21 . 2008-07-27 18:03	83968	----a-w-	c:\windows\system32\mscories.dll
2009-08-29 16:19 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-08-29 16:19 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-08-27 22:09 . 2009-08-27 22:09	--------	d-----w-	c:\program files\mplayer
2009-08-27 22:08 . 2009-08-27 22:08	--------	d-----w-	c:\program files\ivc_flv_players
2009-08-27 20:27 . 2009-08-27 21:32	--------	d-----w-	c:\users
ico\AppData\Roaming\Python-Eggs
2009-08-27 20:26 . 2009-08-27 21:52	--------	d-----w-	c:\users
ico\.moovida
2009-08-27 20:25 . 2009-08-27 20:25	--------	d-----w-	c:\users
ico\AppData\Local\aedgency
2009-08-27 20:25 . 2009-08-27 20:25	--------	d-----w-	c:\program files\Deenero
2009-08-27 20:22 . 2009-08-27 20:25	--------	d-----w-	c:\program files\Moovida
2009-08-21 10:02 . 2009-08-21 10:02	--------	d-----w-	c:\programdata\eMule
2009-08-21 10:02 . 2009-08-21 10:02	--------	d-----w-	c:\users
ico\AppData\Local\eMule
2009-08-21 10:02 . 2009-08-21 10:02	--------	d-----w-	c:\program files\emule
2009-08-20 15:50 . 2009-08-27 21:36	--------	d-----w-	c:\users
ico\AppData\Roaming\DivX
2009-08-19 21:58 . 2009-08-28 17:12	--------	d--h--w-	C:\$AVG8.VAULT$
2009-08-19 21:13 . 2009-08-19 21:13	--------	d-----w-	c:\program files\Common Files\DivX Shared(32)
2009-08-18 21:01 . 2009-08-18 21:01	--------	d-----w-	c:\program files\Sunbelt Software
2009-08-18 20:40 . 2009-08-18 20:40	--------	d-----w-	c:\programdata\MailFrontier
2009-08-18 20:34 . 2009-08-18 20:50	--------	d-----w-	c:\windows\Internet Logs
2009-08-18 18:53 . 2009-08-18 18:53	--------	d-----w-	c:\users
ico\AppData\Local\AVG Security Toolbar
2009-08-18 18:50 . 2009-08-18 18:50	--------	d-----w-	c:\program files\AVG
2009-08-18 18:50 . 2009-08-18 18:50	--------	d-----w-	c:\programdata\avg8
2009-08-18 16:58 . 2009-08-18 16:58	--------	d-----w-	c:\programdata\CheckPoint
2009-08-17 19:35 . 2009-08-17 19:35	--------	d-----w-	c:\users
ico\AppData\Roaming\Talkback
2009-08-17 13:56 . 2009-08-17 13:56	--------	d-----w-	c:\program files\FLV Player
2009-08-15 23:12 . 2009-08-15 23:12	--------	d-----w-	c:\program files\veoh video
2009-08-14 23:49 . 2009-08-30 22:42	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-08-14 23:49 . 2009-08-30 01:06	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-08-14 23:42 . 2009-08-28 17:55	--------	d-----w-	C:evo uninstaller
2009-08-14 09:53 . 2009-08-14 09:53	--------	d-----w-	C:\Nouveau dossier
2009-08-14 09:52 . 2009-08-28 17:54	--------	d-----w-	c:\program files\c cleaner
2009-08-12 22:43 . 2009-04-21 11:55	2033152	----a-w-	c:\windows\system32\win32k.sys
2009-08-12 22:43 . 2009-06-15 15:24	156672	----a-w-	c:\windows\system32	2embed.dll
2009-08-12 22:43 . 2009-06-15 15:20	72704	----a-w-	c:\windows\system32\fontsub.dll
2009-08-12 22:43 . 2009-06-15 15:20	10240	----a-w-	c:\windows\system32\dciman32.dll
2009-08-12 22:43 . 2009-06-15 12:52	289792	----a-w-	c:\windows\system32\atmfd.dll
2009-08-12 22:43 . 2009-07-17 14:35	71680	----a-w-	c:\windows\system32\atl.dll
2009-08-12 22:41 . 2009-04-23 12:43	784896	----a-w-	c:\windows\system32pcrt4.dll
2009-08-11 00:09 . 2009-08-11 00:11	--------	d-----w-	c:\users
ico\AppData\Local\Google
2009-08-11 00:09 . 2009-08-19 21:16	--------	d-----w-	c:\program files\Google

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 20:54 . 2008-06-13 02:03	12	----a-w-	c:\windows\bthservsdp.dat
2009-09-01 20:48 . 2008-06-13 11:48	669566	----a-w-	c:\windows\system32\perfh00C.dat
2009-09-01 20:48 . 2008-06-13 11:48	123556	----a-w-	c:\windows\system32\perfc00C.dat
2009-08-30 16:20 . 2008-08-29 20:38	74872	----a-w-	c:\users
ico\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-30 16:15 . 2008-06-13 03:39	--------	d-----w-	c:\programdata\Microsoft Help
2009-08-30 01:15 . 2008-06-13 03:59	--------	d-----w-	c:\programdata\AOL
2009-08-29 22:02 . 2008-06-13 02:20	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2009-08-29 20:07 . 2009-04-03 15:22	--------	d-----w-	c:\program files\Windows Live
2009-08-29 17:54 . 2008-06-13 02:20	--------	d-----w-	c:\programdata\Symantec
2009-08-28 17:59 . 2008-06-13 03:58	--------	d-----w-	c:\program files\EasyBits For Kids
2009-08-28 17:55 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2009-08-28 17:55 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2009-08-28 17:55 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2009-08-28 17:55 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2009-08-28 17:55 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2009-08-28 17:55 . 2008-06-13 03:43	--------	d-----w-	c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-08-28 17:55 . 2008-10-08 09:11	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-08-28 17:55 . 2008-06-13 03:17	--------	d-----w-	c:\program files\Microsoft Works
2009-08-28 17:55 . 2009-08-01 16:27	--------	d-----w-	c:\program files\Microsoft Money 2005
2009-08-28 17:55 . 2008-08-29 22:03	--------	d-----w-	c:\program files\Microsoft AutoRoute
2009-08-28 17:54 . 2009-07-30 23:47	--------	d-----w-	c:\program files\Free Music Zilla
2009-08-28 17:54 . 2008-08-29 20:01	--------	d-----w-	c:\program files\IDT
2009-08-28 17:54 . 2008-06-13 03:00	--------	d-----w-	c:\program files\HP Games
2009-08-28 17:54 . 2008-06-13 03:43	--------	d-----w-	c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-08-17 16:10 . 2009-05-25 16:31	1279456	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-05-25 16:32	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-25 16:32	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-05-25 16:31	53328	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-05-25 16:32	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-25 16:32	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-05-25 16:32	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-08-13 08:47 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-08-11 23:24 . 2009-07-28 13:48	--------	d-----w-	c:\users
ico\AppData\Roaming\FMZilla
2009-07-30 21:31 . 2008-09-15 09:05	--------	d-----w-	c:\users
ico\AppData\Roaming\CyberLink
2009-07-28 14:06 . 2009-07-28 14:03	--------	d-----w-	c:\users
ico\AppData\Roaming\FLV Extract
2009-07-27 19:23 . 2009-04-01 21:32	106	----a-w-	c:\users
ico\AppData\Roaming\wklnhst.dat
2009-07-26 14:44 . 2009-07-26 14:44	48448	----a-w-	c:\windows\system32\sirenacm.dll
2009-07-23 10:26 . 2009-07-23 10:26	--------	d-----w-	c:\program files\Inventel
2009-07-18 16:06 . 2009-08-12 22:42	827904	----a-w-	c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-12 22:42	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-12 22:42	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-14 13:00 . 2009-08-12 22:42	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 22:42	4096	----a-w-	c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 22:42	7680	----a-w-	c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 22:42	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2009-06-10 12:12 . 2009-08-12 22:42	160256	----a-w-	c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-12 22:42	91136	----a-w-	c:\windows\system32\avifil32.dll
2009-06-04 12:34 . 2009-08-12 22:42	2066432	----a-w-	c:\windows\system32\mstscax.dll
2008-09-19 20:58 . 2008-09-19 20:58	38	----a-w-	c:\program files\LSLWIN.INI
2007-05-21 13:44 . 2009-08-27 22:09	2376	----a-w-	c:\program files\LICENCE_Internet_Video_Converter.txt
2007-03-06 14:40 . 2007-03-06 14:40	572	----a-w-	c:\program files\LICENCE_ffmpeg.txt
2007-02-07 22:03 . 2007-02-07 22:03	3504	----a-w-	c:\program files\CHANGELOG_flvtool2.txt
2007-02-07 21:29 . 2007-02-07 21:29	355	----a-w-	c:\program files\README_flvtool2.txt
2006-12-08 15:42 . 2006-12-08 15:42	83216	----a-w-	c:\program files\ivc_by_anh_nguyen.bmp
2006-10-10 21:46 . 2006-10-10 21:46	1465	----a-w-	c:\program files\LICENSE_flvtool2.txt
2008-08-22 23:13 . 2008-08-25 09:32	22	--sha-w-	c:\windows\SMINST\HPCD.SYS
2008-06-13 11:53 . 2008-06-13 11:53	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{298681CC-146E-4D0F-9739-4AC7FE000A44}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{15290068-E38D-4FDF-892A-2074A8C55BBB}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5287C8DB-59FD-49C6-8D73-818120AB7A06}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7B36BEC0-4D7E-4CE9-B4F7-90A79959D9C1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4DEF0161-2F2D-48F3-BFC8-3DF6B56C89C0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F050DF70-EA33-48D8-87BF-2913B3F4AEFB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C5A30A86-7A6A-4C63-81C8-692514475B4D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6F411E93-F377-4983-B459-D91A02EA58C6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{12CA6EDE-82AB-4C50-B3F7-EB1CF6027865}c:\program files\free music zilla\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{E0E6CCAB-4BC2-4A72-BB78-A9810425BF28}c:\program files\free music zilla\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"{A4E95338-EF56-4BFC-A905-4045FE52CB1D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player 
"{ED2C009A-E36D-40F0-B441-DE13CB6F838D}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\Program Files\Free Music Zilla\FMZilla.exe"= c:\program files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/05/2009 18:32 114768]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [30/08/2009 01:04 159600]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe [29/08/2008 22:01 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/05/2009 18:32 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/05/2009 18:31 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 16:24 24880]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [30/08/2009 01:04 73840]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [13/06/2008 06:04 341328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [15/08/2009 01:49 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [13/06/2008 04:47 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 15:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [11/04/2008 19:55 84240]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [30/08/2009 01:01 95640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{B6C59394-ACC0-4D2C-8000-F47AF9875193}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fmz.qiwa.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 22:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\users
ico\AppData\Roaming\Microsoft\Windows\Cookies
ico@c.live[1].txt
c:\users
ico\AppData\Roaming\Microsoft\Windows\Cookies
ico@windowsmarketplace[1].txt 118 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2009-09-01 23:04 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-01 21:04

Pre-Run: 148 760 834 048 octets libres
Post-Run: 148 347 977 728 octets libres

311	--- E O F ---	2009-09-01 19:13

Narco!4 · Answer

Poste ce rapport https://www.micro-astuce.com/securite/NanoScan-Panda.php

nico62 · Answer

une question. je suis infecte ou pas ? merci de me repondre
cordialement

Narco!4 · Answer

Poste ce rapport https://www.micro-astuce.com/securite/NanoScan-Panda.php

noctambule28 · Answer

Doublon ( triplon)
https://forums.commentcamarche.net/forum/affich-14150461-infecte-par-tdss-et-agent-fbx

Infecte par agent tdss rapport pointe

9 réponses

Discussions similaires