Infecté par Win32:TratBHO [Résolu]

Réponse 1 / 7

Utilisateur anonyme

salut
telecharge la derniere verssion d'hjks et repost un raport

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

pour sure tu es vérrolé !!
surement par emule ou internet explorer..))

jenny131078 Messages postés 177 Statut Membre 2

Salut,
Merci pour ton aide. Emule n'est pas installé sur ce pc...
Voici le rapport avec la nouvelle version d'Highjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:04, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\65ef6a0ce10a9f2141fa97052b3d85fe\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row-rel/fr/side.html?channel=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row-rel/fr/side.html?channel=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=0080227
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {49539DB6-3078-46C4-869A-AF356BF7C783} - C:\WINDOWS\system32\geBuRKbY.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - C:\WINDOWS\system32\awtusssr.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [7c0d7ad0] rundll32.exe "C:\WINDOWS\system32\dkrkcoxk.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{759009DB-69A8-488A-A054-1E18C03A2D95}: NameServer = 10.1.1.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtusssr - awtusssr.dll (file missing)
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Réponse 2 / 7

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Salut,

Pour suivre.

FillPCA

Réponse 3 / 7

Utilisateur anonyme

salut Fillpca

Jenny telecharge et install combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

tu l'install et tu redémarre en mode san echec, tu lance combofix, tu axepte le contrat et tu lance le scan
ca dure assez longtemps des fois, le bureau peus aussi s'eteindre et ne pas réapararaitre,
dans ces cas la tu tape ctrl/alt/sup et en haut a droite executer (nouvel tache) et tu tape
explorer.exe
et entrée, le bureau doit réaparaitre
post le raport generé apres, il se trouvera dans C:\ComboFix.txt.

explication en détail ici
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

jenny131078 Messages postés 177 Statut Membre 2

Voici le rapport de combofix.

ComboFix 08-04-18.3 - Benoît Bourloton 2008-04-20 18:15:18.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Benoît Bourloton\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtusssr.dll
C:\WINDOWS\system32\dkrkcoxk.dll
C:\WINDOWS\system32\geBuRKbY.dll
C:\WINDOWS\system32\kxockrkd.ini
C:\WINDOWS\system32\YbKRuBeg.ini
C:\WINDOWS\system32\YbKRuBeg.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 15:34 . 2008-04-20 15:34 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 07:02 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-20 07:02 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-20 07:02 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-20 06:59 . 2008-04-20 06:59 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-20 06:53 . 2008-04-20 14:02 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-20 06:53 . 2008-04-20 06:56 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-20 06:51 . 2008-04-20 15:36 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-19 16:12 . 2008-04-20 18:24 747,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-19 16:12 . 2008-04-20 18:09 9,764 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-19 16:06 . 2008-04-19 16:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-19 16:06 . 2008-04-19 16:09 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-19 16:05 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-19 16:05 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-19 16:05 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-19 16:04 . 2008-04-19 16:04 <REP> d-------- C:\Program Files\Zone Labs
2008-04-19 16:03 . 2008-04-20 18:08 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-18 23:22 . 2008-04-19 05:24 <REP> d-------- C:\Program Files\Cossacks - Back To War
2008-04-18 23:21 . 2002-09-05 16:21 4,296,704 -ra------ C:\WINDOWS\una2setup.exe
2008-04-18 23:21 . 2008-04-18 23:21 53,248 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-18 23:19 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-18 23:12 . 2008-04-18 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 23:12 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-18 23:11 . 2008-04-18 23:11 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 20:52 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-12 17:32 . 2008-04-12 17:32 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Program Files\Skype
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-12 11:14 . 2008-04-12 11:14 <REP> d-------- C:\Program Files\VideoLAN
2008-04-11 18:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-11 18:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-11 18:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-11 07:48 . 2008-04-11 07:48 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-11 07:45 . 2008-04-11 07:45 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-11 03:19 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-11 03:19 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-11 03:19 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-11 03:19 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-11 03:19 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-11 03:19 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-11 03:19 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-11 03:19 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-11 03:19 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-10 23:22 . 2008-04-10 23:22 <REP> d-------- C:\Program Files\DNA
2008-04-10 23:22 . 2008-04-10 23:22 <REP> d-------- C:\Program Files\BitTorrent
2008-04-10 21:40 . 2008-04-10 21:49 <REP> d-------- C:\Program Files\Windows Live
2008-04-10 21:40 . 2008-04-10 21:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-10 21:40 . 2008-04-10 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 19:55 . 2008-04-10 19:55 <REP> d-------- C:\Program Files\SAGEM
2008-04-10 19:52 . 2008-04-10 19:52 <REP> d-------- C:\Program Files\Securitoo
2008-03-25 16:30 . 2001-08-23 18:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-25 16:30 . 2001-08-23 18:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-25 16:30 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-25 16:30 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-25 16:29 . 2008-03-25 16:29 4,128 --a------ C:\INFCACHE.1
2008-03-21 18:37 . 2008-03-21 18:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Dell
2008-03-21 18:37 . 2008-03-21 18:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 05:05 --------- d-----w C:\Program Files\Google
2008-04-20 04:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-18 21:19 --------- d-----w C:\Program Files\Java
2008-04-10 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 16:20 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2008-03-18 16:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-18 16:07 --------- d-----w C:\Program Files\FileMaker
2008-03-18 15:07 --------- d-----w C:\Program Files\Viewpoint
2008-03-18 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-18 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-18 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-18 13:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 15:56 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 06:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ATI
2008-02-27 06:28 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek
2008-02-27 06:28 --------- d-----w C:\Program Files\DellSupport
2008-02-27 06:28 --------- d-----w C:\Program Files\Dell
2008-02-27 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2008-02-27 06:27 --------- d-----w C:\Program Files\Roxio
2008-02-27 06:27 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-02-27 06:27 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-27 06:27 --------- d-----w C:\Program Files\CyberLink
2008-02-27 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-27 06:26 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-02-27 06:26 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-02-27 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-27 06:24 --------- d-----w C:\Program Files\Wave Systems Corp
2008-02-27 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
2008-02-27 06:23 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Wave Systems Corp
2008-02-27 06:21 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-02-27 06:20 --------- d-----w C:\Program Files\Gemplus
2008-02-27 06:17 --------- d-----w C:\Program Files\NTRU Cryptosystems
2008-02-27 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
2008-02-27 06:11 --------- d-----w C:\Program Files\Toshiba
2008-02-27 06:11 --------- d-----w C:\Program Files\Broadcom
2008-02-27 06:10 --------- d-----w C:\Program Files\NetWaiting
2008-02-27 06:10 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-02-27 06:10 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-27 06:10 --------- d-----w C:\Program Files\ATI Technologies
2008-02-27 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-27 06:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-02-27 06:08 --------- d-----w C:\Program Files\Sigmatel
2008-02-27 06:08 --------- d-----w C:\Program Files\CONEXANT
2008-02-27 06:05 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-27 06:04 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-27 05:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-27 05:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-02-27 05:50 --------- d-----w C:\Program Files\DellTPad
2008-02-27 05:44 6,651 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_LAT_D531.mrk
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 14:09 460784]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-18 21:30 288576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 17:25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-23 20:27 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 19:24 405504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 18:55 1228800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 11:12 90112]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 06:17 2183168]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 11:55 92160]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 12:53 218424]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtusssr]
awtusssr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 17:20 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2006-10-20 19:23 118784 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-13 17:25 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Cossacks - Back To War\\DMCR.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 11:57]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TdmService;TdmService;C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 19:29]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-05 14:00]
R2 WavxDMgr;WavxDMgr;C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 11:55]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 14:32]
R3 WaveFDE;Wave System Power Monitor Device Driver;C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 11:18]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-08-31 19:39]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 WaveEnrollmentService;WaveEnrollmentService;"C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe" [2007-09-13 16:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f5e603e-0b1d-11dd-8b69-001e379a925a}]
\Shell\AutoRun\command - E:\EXPLORER.EXE
\Shell\explore\Command - E:\EXPLORER.EXE
\Shell\open\Command - E:\EXPLORER.EXE

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 18:23:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 18:27:10 - machine was rebooted [BenoŒt Bourloton]
ComboFix-quarantined-files.txt 2008-04-20 16:27:02

Pre-Run: 97,630,822,400 octets libres
Post-Run: 95,902,552,064 octets libres

251 --- E O F --- 2008-04-20 13:38:28

jenny131078 Messages postés 177 Statut Membre 2

Voici le rapport de combofix.

ComboFix 08-04-18.3 - Benoît Bourloton 2008-04-20 18:15:18.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Benoît Bourloton\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtusssr.dll
C:\WINDOWS\system32\dkrkcoxk.dll
C:\WINDOWS\system32\geBuRKbY.dll
C:\WINDOWS\system32\kxockrkd.ini
C:\WINDOWS\system32\YbKRuBeg.ini
C:\WINDOWS\system32\YbKRuBeg.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 15:34 . 2008-04-20 15:34 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 07:02 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-20 07:02 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-20 07:02 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-20 06:59 . 2008-04-20 06:59 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-20 06:53 . 2008-04-20 14:02 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-20 06:53 . 2008-04-20 06:56 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-20 06:51 . 2008-04-20 15:36 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-19 16:12 . 2008-04-20 18:24 747,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-19 16:12 . 2008-04-20 18:09 9,764 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-19 16:06 . 2008-04-19 16:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-19 16:06 . 2008-04-19 16:09 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-19 16:05 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-19 16:05 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-19 16:05 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-19 16:04 . 2008-04-19 16:04 <REP> d-------- C:\Program Files\Zone Labs
2008-04-19 16:03 . 2008-04-20 18:08 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-18 23:22 . 2008-04-19 05:24 <REP> d-------- C:\Program Files\Cossacks - Back To War
2008-04-18 23:21 . 2002-09-05 16:21 4,296,704 -ra------ C:\WINDOWS\una2setup.exe
2008-04-18 23:21 . 2008-04-18 23:21 53,248 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-18 23:19 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-18 23:12 . 2008-04-18 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 23:12 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-18 23:11 . 2008-04-18 23:11 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 20:52 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-12 17:32 . 2008-04-12 17:32 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Program Files\Skype
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-12 11:14 . 2008-04-12 11:14 <REP> d-------- C:\Program Files\VideoLAN
2008-04-11 18:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-11 18:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-11 18:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-11 07:48 . 2008-04-11 07:48 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-11 07:45 . 2008-04-11 07:45 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-11 03:19 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-11 03:19 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-11 03:19 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-11 03:19 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-11 03:19 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-11 03:19 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-11 03:19 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-11 03:19 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-11 03:19 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-10 23:22 . 2008-04-10 23:22 <REP> d-------- C:\Program Files\DNA
2008-04-10 23:22 . 2008-04-10 23:22 <REP> d-------- C:\Program Files\BitTorrent
2008-04-10 21:40 . 2008-04-10 21:49 <REP> d-------- C:\Program Files\Windows Live
2008-04-10 21:40 . 2008-04-10 21:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-10 21:40 . 2008-04-10 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 19:55 . 2008-04-10 19:55 <REP> d-------- C:\Program Files\SAGEM
2008-04-10 19:52 . 2008-04-10 19:52 <REP> d-------- C:\Program Files\Securitoo
2008-03-25 16:30 . 2001-08-23 18:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-25 16:30 . 2001-08-23 18:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-25 16:30 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-25 16:30 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-25 16:29 . 2008-03-25 16:29 4,128 --a------ C:\INFCACHE.1
2008-03-21 18:37 . 2008-03-21 18:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Dell
2008-03-21 18:37 . 2008-03-21 18:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 05:05 --------- d-----w C:\Program Files\Google
2008-04-20 04:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-18 21:19 --------- d-----w C:\Program Files\Java
2008-04-10 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 16:20 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2008-03-18 16:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-18 16:07 --------- d-----w C:\Program Files\FileMaker
2008-03-18 15:07 --------- d-----w C:\Program Files\Viewpoint
2008-03-18 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-18 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-18 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-18 13:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 15:56 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 06:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ATI
2008-02-27 06:28 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek
2008-02-27 06:28 --------- d-----w C:\Program Files\DellSupport
2008-02-27 06:28 --------- d-----w C:\Program Files\Dell
2008-02-27 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2008-02-27 06:27 --------- d-----w C:\Program Files\Roxio
2008-02-27 06:27 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-02-27 06:27 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-27 06:27 --------- d-----w C:\Program Files\CyberLink
2008-02-27 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-27 06:26 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-02-27 06:26 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-02-27 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-27 06:24 --------- d-----w C:\Program Files\Wave Systems Corp
2008-02-27 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
2008-02-27 06:23 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Wave Systems Corp
2008-02-27 06:21 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-02-27 06:20 --------- d-----w C:\Program Files\Gemplus
2008-02-27 06:17 --------- d-----w C:\Program Files\NTRU Cryptosystems
2008-02-27 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
2008-02-27 06:11 --------- d-----w C:\Program Files\Toshiba
2008-02-27 06:11 --------- d-----w C:\Program Files\Broadcom
2008-02-27 06:10 --------- d-----w C:\Program Files\NetWaiting
2008-02-27 06:10 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-02-27 06:10 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-27 06:10 --------- d-----w C:\Program Files\ATI Technologies
2008-02-27 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-27 06:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-02-27 06:08 --------- d-----w C:\Program Files\Sigmatel
2008-02-27 06:08 --------- d-----w C:\Program Files\CONEXANT
2008-02-27 06:05 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-27 06:04 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-27 05:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-27 05:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-02-27 05:50 --------- d-----w C:\Program Files\DellTPad
2008-02-27 05:44 6,651 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_LAT_D531.mrk
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 14:09 460784]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-18 21:30 288576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 17:25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-23 20:27 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 19:24 405504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 18:55 1228800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 11:12 90112]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 06:17 2183168]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 11:55 92160]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 12:53 218424]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtusssr]
awtusssr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 17:20 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2006-10-20 19:23 118784 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-13 17:25 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Cossacks - Back To War\\DMCR.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 11:57]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TdmService;TdmService;C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 19:29]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-05 14:00]
R2 WavxDMgr;WavxDMgr;C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 11:55]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 14:32]
R3 WaveFDE;Wave System Power Monitor Device Driver;C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 11:18]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-08-31 19:39]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 WaveEnrollmentService;WaveEnrollmentService;"C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe" [2007-09-13 16:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f5e603e-0b1d-11dd-8b69-001e379a925a}]
\Shell\AutoRun\command - E:\EXPLORER.EXE
\Shell\explore\Command - E:\EXPLORER.EXE
\Shell\open\Command - E:\EXPLORER.EXE

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 18:23:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 18:27:10 - machine was rebooted [BenoŒt Bourloton]
ComboFix-quarantined-files.txt 2008-04-20 16:27:02

Pre-Run: 97,630,822,400 octets libres
Post-Run: 95,902,552,064 octets libres

251 --- E O F --- 2008-04-20 13:38:28

jenny131078 Messages postés 177 Statut Membre 2

Voici le rapport de combofix.

ComboFix 08-04-18.3 - Benoît Bourloton 2008-04-20 18:15:18.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Benoît Bourloton\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtusssr.dll
C:\WINDOWS\system32\dkrkcoxk.dll
C:\WINDOWS\system32\geBuRKbY.dll
C:\WINDOWS\system32\kxockrkd.ini
C:\WINDOWS\system32\YbKRuBeg.ini
C:\WINDOWS\system32\YbKRuBeg.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 15:34 . 2008-04-20 15:34 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 07:02 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-20 07:02 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-20 07:02 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-20 06:59 . 2008-04-20 06:59 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-20 06:53 . 2008-04-20 14:02 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-20 06:53 . 2008-04-20 06:56 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-20 06:51 . 2008-04-20 15:36 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-19 16:12 . 2008-04-20 18:24 747,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-19 16:12 . 2008-04-20 18:09 9,764 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-19 16:06 . 2008-04-19 16:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-19 16:06 . 2008-04-19 16:09 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-19 16:05 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-19 16:05 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-19 16:05 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-19 16:05 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-19 16:04 . 2008-04-19 16:04 <REP> d-------- C:\Program Files\Zone Labs
2008-04-19 16:03 . 2008-04-20 18:08 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-18 23:22 . 2008-04-19 05:24 <REP> d-------- C:\Program Files\Cossacks - Back To War
2008-04-18 23:21 . 2002-09-05 16:21 4,296,704 -ra------ C:\WINDOWS\una2setup.exe
2008-04-18 23:21 . 2008-04-18 23:21 53,248 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-18 23:19 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-18 23:12 . 2008-04-18 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 23:12 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-18 23:11 . 2008-04-18 23:11 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 20:52 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-12 17:32 . 2008-04-12 17:32 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Program Files\Skype
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-12 17:29 . 2008-04-12 17:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-12 11:14 . 2008-04-12 11:14 <REP> d-------- C:\Program Files\VideoLAN
2008-04-11 18:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-11 18:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-11 18:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-11 07:48 . 2008-04-11 07:48 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-11 07:45 . 2008-04-11 07:45 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-11 03:19 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-11 03:19 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-11 03:19 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-11 03:19 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-11 03:19 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-11 03:19 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-11 03:19 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-11 03:19 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-11 03:19 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-10 23:22 . 2008-04-10 23:22 <REP> d-------- C:\Program Files\DNA
2008-04-10 23:22 . 2008-04-10 23:22 <REP> d-------- C:\Program Files\BitTorrent
2008-04-10 21:40 . 2008-04-10 21:49 <REP> d-------- C:\Program Files\Windows Live
2008-04-10 21:40 . 2008-04-10 21:46 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-10 21:40 . 2008-04-10 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 19:55 . 2008-04-10 19:55 <REP> d-------- C:\Program Files\SAGEM
2008-04-10 19:52 . 2008-04-10 19:52 <REP> d-------- C:\Program Files\Securitoo
2008-03-25 16:30 . 2001-08-23 18:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-25 16:30 . 2001-08-23 18:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-25 16:30 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-25 16:30 . 2001-08-17 23:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-25 16:29 . 2008-03-25 16:29 4,128 --a------ C:\INFCACHE.1
2008-03-21 18:37 . 2008-03-21 18:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Dell
2008-03-21 18:37 . 2008-03-21 18:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 05:05 --------- d-----w C:\Program Files\Google
2008-04-20 04:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-18 21:19 --------- d-----w C:\Program Files\Java
2008-04-10 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 16:20 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2008-03-18 16:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-18 16:07 --------- d-----w C:\Program Files\FileMaker
2008-03-18 15:07 --------- d-----w C:\Program Files\Viewpoint
2008-03-18 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-18 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-18 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-18 13:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 15:56 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 06:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ATI
2008-02-27 06:28 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek
2008-02-27 06:28 --------- d-----w C:\Program Files\DellSupport
2008-02-27 06:28 --------- d-----w C:\Program Files\Dell
2008-02-27 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2008-02-27 06:27 --------- d-----w C:\Program Files\Roxio
2008-02-27 06:27 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-02-27 06:27 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-27 06:27 --------- d-----w C:\Program Files\CyberLink
2008-02-27 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-27 06:26 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-02-27 06:26 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-02-27 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-27 06:24 --------- d-----w C:\Program Files\Wave Systems Corp
2008-02-27 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
2008-02-27 06:23 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Wave Systems Corp
2008-02-27 06:21 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-02-27 06:20 --------- d-----w C:\Program Files\Gemplus
2008-02-27 06:17 --------- d-----w C:\Program Files\NTRU Cryptosystems
2008-02-27 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
2008-02-27 06:11 --------- d-----w C:\Program Files\Toshiba
2008-02-27 06:11 --------- d-----w C:\Program Files\Broadcom
2008-02-27 06:10 --------- d-----w C:\Program Files\NetWaiting
2008-02-27 06:10 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-02-27 06:10 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-27 06:10 --------- d-----w C:\Program Files\ATI Technologies
2008-02-27 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-27 06:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-02-27 06:08 --------- d-----w C:\Program Files\Sigmatel
2008-02-27 06:08 --------- d-----w C:\Program Files\CONEXANT
2008-02-27 06:05 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-27 06:04 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-27 05:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-27 05:50 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-02-27 05:50 --------- d-----w C:\Program Files\DellTPad
2008-02-27 05:44 6,651 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_LAT_D531.mrk
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 14:09 460784]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-18 21:30 288576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 17:25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-23 20:27 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 19:24 405504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 18:55 1228800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 11:12 90112]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 06:17 2183168]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 11:55 92160]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 12:53 218424]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtusssr]
awtusssr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 17:20 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2006-10-20 19:23 118784 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-13 17:25 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Cossacks - Back To War\\DMCR.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2007-09-07 11:57]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 TdmService;TdmService;C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 19:29]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-05 14:00]
R2 WavxDMgr;WavxDMgr;C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 11:55]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 14:32]
R3 WaveFDE;Wave System Power Monitor Device Driver;C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 11:18]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-08-31 19:39]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 WaveEnrollmentService;WaveEnrollmentService;"C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe" [2007-09-13 16:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f5e603e-0b1d-11dd-8b69-001e379a925a}]
\Shell\AutoRun\command - E:\EXPLORER.EXE
\Shell\explore\Command - E:\EXPLORER.EXE
\Shell\open\Command - E:\EXPLORER.EXE

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 18:23:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 18:27:10 - machine was rebooted [BenoŒt Bourloton]
ComboFix-quarantined-files.txt 2008-04-20 16:27:02

Pre-Run: 97,630,822,400 octets libres
Post-Run: 95,902,552,064 octets libres

251 --- E O F --- 2008-04-20 13:38:28

Réponse 4 / 7

Utilisateur anonyme

ok ca a été inditenfié
repost un raport hyjackthis stp

jenny131078 Messages postés 177 Statut Membre 2

Ok merci beaucoup pour ta réactivité en tous cas !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:10, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=0080227
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{759009DB-69A8-488A-A054-1E18C03A2D95}: NameServer = 10.1.1.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtusssr - awtusssr.dll (file missing)
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Réponse 5 / 7

Utilisateur anonyme

pas de soucis, la verrole a l'air partit !
il te faudrais recréer un nouveau point de restauration tout neuf pour etre sure qu ca ne revienne pas
dans menu demarrer/poste de travail/afficher les informatons system/restauration du system
tu coches desactiver la réstauration system puis ok et tu redémarre,
une fois redémarré tu redéchoche pour réactiver la réstauration de ton system
n'utilise pas internet explorer, il vaut mieux utiliser firefox

install ccleaner et fait un néttoyage avec
http://www.cleanersoft.net/fr/

telecharge spywareblaster et spywareguard, ca t'évitera de te faire trop pourrire internet explorer
http://www.brightfort.com/spywareblaster.html
http://www.brightfort.com/spywareguard.html

install aussi malwarebytes, et fait des scan avec
http://www.malwarebytes.org/mbam.php

normalement apres ca devrais etre pas mal

jenny131078 Messages postés 177 Statut Membre 2

ok, j'ai effectué tout ce que tu m'as demandé.
J'avais déjà installé Ccleaner et AVG antispyware quand Avast a détecté le trojan.
J'ai également installé Firefox pour éviter tout problème à l'avenir.
Merci beaucoup pour ton aide.
Bonne soirée

Utilisateur anonyme > jenny131078 Messages postés 177 Statut Membre

attention, avg n'empeche pas les detournemant de page internet explorer
spywareguard et spywareblaster eux oui )
en tout cas bon courage et bon web, résolu, a la prochaine !

jenny131078 Messages postés 177 Statut Membre 2 > Utilisateur anonyme

ci-dessous rapport Malwarebytes' Anti-Malware 1.11
Version de la base de données: 663

Type de recherche: Examen complet (C:\|)
Eléments examinés: 83004
Temps écoulé: 21 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\geBuRKbY.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

A priori tout est nettoyé.
Merci et à la prochaine ;)

Utilisateur anonyme > jenny131078 Messages postés 177 Statut Membre

oui, il en a trouvé et les a éradiqué, ni hjks ni avg ne les avais vu..
@+

Réponse 6 / 7

Utilisateur anonyme

zut doublon du méssage moi aussi

Réponse 7 / 7

jenny131078 Messages postés 177 Statut Membre 2

...

Infecté par Win32:TratBHO

7 réponses

Votre réponse

Discussions similaires

Newsletters