Menace : Win32:SkiMorph [Cryp]
Amandine
-
Amandine -
Amandine -
Bonjour,
Le résultat d'un scan Avast m'indique une menace de haute sévérité, état : Menace : Win32:SkiMorph [Cryp]. J'ai essayé de le mettre en quarantaine mais une erreur apparait: "Erreur: Le fichier spécifié est introuvable (2)"
Je ne sais pas si ce virus est vraiment dangereux; Que faire pour m'en débarrasser?
Merci de votre aide!
Le résultat d'un scan Avast m'indique une menace de haute sévérité, état : Menace : Win32:SkiMorph [Cryp]. J'ai essayé de le mettre en quarantaine mais une erreur apparait: "Erreur: Le fichier spécifié est introuvable (2)"
Je ne sais pas si ce virus est vraiment dangereux; Que faire pour m'en débarrasser?
Merci de votre aide!
8 réponses
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe]combofix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe]combofix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
Voilà le rapport :
ComboFix 10-05-16.02 - Amandine 17/05/2010 14:09:55.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3039.2424 [GMT 2:00]
Lancé depuis: c:\users\Amandine\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-17 au 2010-05-17 ))))))))))))))))))))))))))))))))))))
.
2010-05-17 12:32 . 2010-05-17 12:32 -------- d-----w- c:\users\Amandine\AppData\Local\temp
2010-05-17 12:32 . 2010-05-17 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-17 11:57 . 2010-05-17 11:57 -------- d-----w- C:\32788R22FWJFW
2010-05-17 09:30 . 2010-05-17 09:30 -------- d-----w- c:\program files\CCleaner
2010-05-12 08:52 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-05 11:38 . 2010-05-10 15:39 -------- d-----w- c:\users\Amandine\AppData\Roaming\vlc
2010-05-05 11:37 . 2010-05-05 11:37 -------- d-----w- c:\program files\VideoLAN
2010-05-02 09:43 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 09:43 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-02 09:43 . 2010-05-06 20:41 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-05-02 09:43 . 2010-05-06 20:41 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-05-02 09:43 . 2010-05-06 20:40 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-05-02 09:43 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-02 09:43 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-02 09:43 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-02 09:42 . 2010-03-19 19:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-05-02 09:42 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-02 09:42 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-02 09:10 . 2010-05-02 09:10 -------- d-----w- c:\programdata\Alwil Software
2010-04-28 05:40 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 05:40 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 05:40 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 21:09 . 2009-08-06 22:19 76164 ----a-w- c:\windows\system32\perfc001.dat
2010-05-14 21:09 . 2009-08-06 22:19 427018 ----a-w- c:\windows\system32\perfh001.dat
2010-05-14 21:09 . 2009-08-06 22:12 681356 ----a-w- c:\windows\system32\perfh013.dat
2010-05-14 21:09 . 2009-08-06 22:12 129608 ----a-w- c:\windows\system32\perfc013.dat
2010-05-14 21:09 . 2009-08-06 22:05 680010 ----a-w- c:\windows\system32\perfh010.dat
2010-05-14 21:09 . 2009-08-06 22:05 124006 ----a-w- c:\windows\system32\perfc010.dat
2010-05-14 21:09 . 2009-08-06 21:59 633536 ----a-w- c:\windows\system32\perfh007.dat
2010-05-14 21:09 . 2009-08-06 21:59 125928 ----a-w- c:\windows\system32\perfc007.dat
2010-05-14 21:09 . 2009-08-06 21:51 695004 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-14 21:09 . 2009-08-06 21:51 127684 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-14 13:11 . 2009-09-21 06:04 -------- d-----w- c:\users\Amandine\AppData\Roaming\LimeWire
2010-05-12 10:35 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 10:35 . 2009-01-23 04:00 -------- d-----w- c:\programdata\Microsoft Help
2010-05-06 08:36 . 2009-10-03 07:39 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-02 10:13 . 2010-02-17 16:37 1 ----a-w- c:\users\Amandine\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-02 09:13 . 2009-07-21 11:19 -------- d-----w- c:\program files\Alwil Software
2010-04-09 16:01 . 2009-07-23 15:12 -------- d-----w- c:\programdata\Messenger Plus!
2010-04-08 16:31 . 2009-07-23 11:13 -------- d-----w- c:\program files\Messenger Plus! Live
2010-04-05 21:03 . 2010-04-05 21:03 -------- d-----w- c:\program files\Google
2010-03-28 13:33 . 2010-03-28 13:33 -------- d-----w- c:\users\Amandine\AppData\Roaming\SmarThru4
2010-03-28 13:33 . 2010-03-28 13:30 -------- d-----w- c:\program files\SmarThru 4
2010-03-28 13:32 . 2010-03-28 13:32 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-03-28 13:32 . 2010-03-28 13:31 -------- d-----w- c:\program files\Readiris10
2010-03-28 13:31 . 2009-01-23 03:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 13:30 . 2009-01-23 03:04 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-28 13:27 . 2010-03-28 13:27 -------- d-----w- c:\program files\Samsung
2010-03-26 09:22 . 2010-03-26 09:22 -------- d-----w- c:\users\Amandine\AppData\Roaming\InstallShield
2010-03-26 09:22 . 2009-07-20 19:12 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-03-26 09:22 . 2009-07-20 19:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-03-26 09:22 . 2009-07-20 19:12 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-03-26 09:22 . 2009-07-20 19:12 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-03-26 09:22 . 2009-07-20 19:12 2661368 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-03-22 18:38 . 2010-03-22 18:38 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-03-08 21:33 . 2010-04-14 05:08 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07 . 2010-04-14 05:09 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 05:09 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 05:08 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 05:08 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 05:08 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-31 08:09 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-17 19:23 . 2009-11-05 20:05 89616 ----a-w- c:\users\Amandine\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-17 16:34 . 2009-09-04 07:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-07-17 842816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
c:\users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-11-18 09:57 966656 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-30 721904]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 21:19];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-05-06 119200]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contenu du dossier 'Tâches planifiées'
2010-05-15 c:\windows\Tasks\HPCeeScheduleForAmandine.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-23 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\users\Amandine\AppData\Roaming\Mozilla\Firefox\Profiles\nucydwqs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-dulcs - c:\users\amandine\appdata\local\dulcs.bat
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\DPPWDFLT.DLL
.
Heure de fin: 2010-05-17 14:35:48
ComboFix-quarantined-files.txt 2010-05-17 12:35
Avant-CF: 130 195 308 544 octets libres
Après-CF: 130 120 982 528 octets libres
- - End Of File - - 6DB814005E8D87A38B85D4CF7D29500E
ComboFix 10-05-16.02 - Amandine 17/05/2010 14:09:55.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3039.2424 [GMT 2:00]
Lancé depuis: c:\users\Amandine\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-17 au 2010-05-17 ))))))))))))))))))))))))))))))))))))
.
2010-05-17 12:32 . 2010-05-17 12:32 -------- d-----w- c:\users\Amandine\AppData\Local\temp
2010-05-17 12:32 . 2010-05-17 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-17 11:57 . 2010-05-17 11:57 -------- d-----w- C:\32788R22FWJFW
2010-05-17 09:30 . 2010-05-17 09:30 -------- d-----w- c:\program files\CCleaner
2010-05-12 08:52 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-05 11:38 . 2010-05-10 15:39 -------- d-----w- c:\users\Amandine\AppData\Roaming\vlc
2010-05-05 11:37 . 2010-05-05 11:37 -------- d-----w- c:\program files\VideoLAN
2010-05-02 09:43 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 09:43 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-02 09:43 . 2010-05-06 20:41 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-05-02 09:43 . 2010-05-06 20:41 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-05-02 09:43 . 2010-05-06 20:40 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-05-02 09:43 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-02 09:43 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-02 09:43 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-02 09:42 . 2010-03-19 19:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-05-02 09:42 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-02 09:42 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-02 09:10 . 2010-05-02 09:10 -------- d-----w- c:\programdata\Alwil Software
2010-04-28 05:40 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 05:40 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 05:40 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 21:09 . 2009-08-06 22:19 76164 ----a-w- c:\windows\system32\perfc001.dat
2010-05-14 21:09 . 2009-08-06 22:19 427018 ----a-w- c:\windows\system32\perfh001.dat
2010-05-14 21:09 . 2009-08-06 22:12 681356 ----a-w- c:\windows\system32\perfh013.dat
2010-05-14 21:09 . 2009-08-06 22:12 129608 ----a-w- c:\windows\system32\perfc013.dat
2010-05-14 21:09 . 2009-08-06 22:05 680010 ----a-w- c:\windows\system32\perfh010.dat
2010-05-14 21:09 . 2009-08-06 22:05 124006 ----a-w- c:\windows\system32\perfc010.dat
2010-05-14 21:09 . 2009-08-06 21:59 633536 ----a-w- c:\windows\system32\perfh007.dat
2010-05-14 21:09 . 2009-08-06 21:59 125928 ----a-w- c:\windows\system32\perfc007.dat
2010-05-14 21:09 . 2009-08-06 21:51 695004 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-14 21:09 . 2009-08-06 21:51 127684 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-14 13:11 . 2009-09-21 06:04 -------- d-----w- c:\users\Amandine\AppData\Roaming\LimeWire
2010-05-12 10:35 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 10:35 . 2009-01-23 04:00 -------- d-----w- c:\programdata\Microsoft Help
2010-05-06 08:36 . 2009-10-03 07:39 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-02 10:13 . 2010-02-17 16:37 1 ----a-w- c:\users\Amandine\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-02 09:13 . 2009-07-21 11:19 -------- d-----w- c:\program files\Alwil Software
2010-04-09 16:01 . 2009-07-23 15:12 -------- d-----w- c:\programdata\Messenger Plus!
2010-04-08 16:31 . 2009-07-23 11:13 -------- d-----w- c:\program files\Messenger Plus! Live
2010-04-05 21:03 . 2010-04-05 21:03 -------- d-----w- c:\program files\Google
2010-03-28 13:33 . 2010-03-28 13:33 -------- d-----w- c:\users\Amandine\AppData\Roaming\SmarThru4
2010-03-28 13:33 . 2010-03-28 13:30 -------- d-----w- c:\program files\SmarThru 4
2010-03-28 13:32 . 2010-03-28 13:32 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-03-28 13:32 . 2010-03-28 13:31 -------- d-----w- c:\program files\Readiris10
2010-03-28 13:31 . 2009-01-23 03:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 13:30 . 2009-01-23 03:04 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-28 13:27 . 2010-03-28 13:27 -------- d-----w- c:\program files\Samsung
2010-03-26 09:22 . 2010-03-26 09:22 -------- d-----w- c:\users\Amandine\AppData\Roaming\InstallShield
2010-03-26 09:22 . 2009-07-20 19:12 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-03-26 09:22 . 2009-07-20 19:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-03-26 09:22 . 2009-07-20 19:12 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-03-26 09:22 . 2009-07-20 19:12 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-03-26 09:22 . 2009-07-20 19:12 2661368 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-03-22 18:38 . 2010-03-22 18:38 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-03-08 21:33 . 2010-04-14 05:08 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07 . 2010-04-14 05:09 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 05:09 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 05:08 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 05:08 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 05:08 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-31 08:09 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-17 19:23 . 2009-11-05 20:05 89616 ----a-w- c:\users\Amandine\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-17 16:34 . 2009-09-04 07:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-07-17 842816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
c:\users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-11-18 09:57 966656 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-30 721904]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 21:19];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-05-06 119200]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contenu du dossier 'Tâches planifiées'
2010-05-15 c:\windows\Tasks\HPCeeScheduleForAmandine.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-23 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\users\Amandine\AppData\Roaming\Mozilla\Firefox\Profiles\nucydwqs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-dulcs - c:\users\amandine\appdata\local\dulcs.bat
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\DPPWDFLT.DLL
.
Heure de fin: 2010-05-17 14:35:48
ComboFix-quarantined-files.txt 2010-05-17 12:35
Avant-CF: 130 195 308 544 octets libres
Après-CF: 130 120 982 528 octets libres
- - End Of File - - 6DB814005E8D87A38B85D4CF7D29500E
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J'ai fait un scan rapide, il repère toujours la même menace mais le message d'erreur a changé, quand j'essaye de mettre en quarantaine il dit : "Erreur : Accès refusé"
Ca doit être du navipromo... mais je pense qu'il soit actif.
Sur Combofix, y a des restes qui sont virés :
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-dulcs - c:\users\amandine\appdata\local\dulcs.bat
L'emplacement que tu donnes là est plutôt bizarre : https://forums.commentcamarche.net/forum/affich-17759822-menace-win32-skimorph-cryp#2
Il existe ce dossier C:\$WINDOWS.~Q\ ?
A mon avis, y a rien d'actif.
Sur Combofix, y a des restes qui sont virés :
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-dulcs - c:\users\amandine\appdata\local\dulcs.bat
L'emplacement que tu donnes là est plutôt bizarre : https://forums.commentcamarche.net/forum/affich-17759822-menace-win32-skimorph-cryp#2
Il existe ce dossier C:\$WINDOWS.~Q\ ?
A mon avis, y a rien d'actif.
