Fenetres internet qui s'ouvrent toutes seules
Fermé
cocoralie
-
6 sept. 2008 à 13:02
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 16 sept. 2008 à 14:21
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 16 sept. 2008 à 14:21
A voir également:
- Fenetres internet qui s'ouvrent toutes seules
- Pages internet qui s'ouvrent toutes seules android - Forum Virus / Sécurité
- Internet explorer 11 - Télécharger - Navigateurs
- J'ai des pages internet qui s'ouvrent toutes seules ✓ - Forum Virus / Sécurité
- Connecte sans internet ✓ - Forum WiFi
- Telecharger internet download manager - Télécharger - Téléchargement & Transfert
22 réponses
Bonsoir, désolé d'avoir tardé à répondre, la semaine a été très chargée ... Donc voila le rapport de combofix :
ComboFix 08-09-10.04 - coco 2008-09-11 20:38:25.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.322 [GMT 2:00]
Endroit: C:\Users\coco\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-10 10:06 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 10:06 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 10:05 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 10:05 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 10:05 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 10:05 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 10:05 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 10:05 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 10:05 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-06 14:58 . 2008-09-06 14:58 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-09-06 14:58 . 2008-09-06 14:58 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-09-06 14:29 . 2008-09-06 14:57 <REP> d-------- C:\Program Files\Navilog1
2008-09-06 14:10 . 2008-09-06 14:13 <REP> d-------- C:\Lop SD
2008-09-06 13:57 . 2008-09-06 13:57 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 13:38 . 2008-09-06 13:38 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-31 14:03 . 2008-08-31 14:03 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-27 19:06 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-27 19:06 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-27 19:06 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-27 19:06 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-27 19:05 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-27 19:05 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-27 19:05 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-27 19:05 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-27 19:05 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-18 21:33 . 2008-05-27 06:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-08-18 21:33 . 2008-05-27 07:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-08-18 21:33 . 2008-05-27 06:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-08-18 21:33 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
2008-08-16 18:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 19:32 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 19:32 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 19:32 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 19:32 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 19:32 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-12 16:04 . 2008-08-12 16:04 <REP> d-------- C:\Users\coco\AppData\Roaming\Malwarebytes
2008-08-12 16:04 . 2008-08-12 16:04 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-08-12 16:04 . 2008-08-12 16:04 <REP> d-------- C:\ProgramData\Malwarebytes
2008-08-12 16:04 . 2008-09-06 13:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 16:04 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-12 16:04 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 21:22 --------- d-----w C:\Users\coco\AppData\Roaming\dvdcss
2008-09-10 18:45 --------- d-----w C:\ProgramData\Google Updater
2008-09-10 15:31 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-07 08:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-06 11:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-06 11:32 --------- d-----w C:\Program Files\Windows Live
2008-09-06 11:30 --------- d-----w C:\ProgramData\WLInstaller
2008-08-20 18:57 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:18 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 16:20 --------- d-----w C:\Users\coco\AppData\Roaming\LG Electronics
2008-08-10 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 12:41 --------- d-----w C:\Program Files\LG Electronics
2008-08-10 12:40 --------- d-----w C:\Program Files\LG PC Suite 2
2008-08-10 12:38 --------- d-----w C:\Users\coco\AppData\Roaming\InstallShield
2008-08-04 21:10 --------- d-----w C:\ProgramData\Symantec
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-12 19:59 174 --sha-w C:\Program Files\desktop.ini
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Journal
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Defender
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Calendar
2008-07-12 19:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-12 19:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-12 17:50 --------- d---a-w C:\ProgramData\TEMP
2008-07-12 17:46 --------- d-----w C:\Program Files\Google
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2008-01-19 192000]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-09 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 17:02 563984 C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 17:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{297DE86C-FB69-45C2-86AF-D939F88EFFFA}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{98D4660C-2DC7-45C7-9E5E-FE6AE91F6C00}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{5172654F-E286-4B7B-A1A0-637D8F511197}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
"{F32E5AD1-3F86-4341-8921-D46AE7F46FAB}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
"{B9805CC4-1E9D-45D3-AAA4-3671460BEB7E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D000936A-D37A-4095-8F8A-36F041C6B85C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{F2AB630E-5BBA-4AD2-9CCF-C5ECBE63D289}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{4D4F2E2F-DFFA-43B9-99CD-FF7A06B1AE62}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{62D2A46B-5CA2-4EB7-9AF8-07BC784BAC69}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus
"UDP Query User{ACC48FC0-FF18-4ACD-84D9-15C457A606AC}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus
"{C3A4DE6B-0953-4D4D-A548-AF2EC97A3774}"= UDP:C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe:Blizzard Downloader
"{44285577-B134-4FB6-93BF-A236F7A89BCA}"= TCP:C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe:Blizzard Downloader
"{BCA4330E-92A2-42BD-8A29-FC4E709D8611}"= UDP:3724:Blizzard Downloader: 3724
"{BB6F4944-E8F0-424F-A605-6D88A98A49E2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6F4D342-48A4-4067-92F6-2279306016CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5b3658e-2255-11dc-ae60-806e6f6e6963}]
\shell\AutoRun\command - E:\AutoRunPro.exe /s
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\fl1bhwfg.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 20:42:17
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 21:04:32
ComboFix-quarantined-files.txt 2008-09-11 19:01:45
Pre-Run: 11,983,745,024 octets libres
Post-Run: 11,174,387,712 octets libres
204 --- E O F --- 2008-09-10 15:32:51
ComboFix 08-09-10.04 - coco 2008-09-11 20:38:25.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.322 [GMT 2:00]
Endroit: C:\Users\coco\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-10 10:06 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 10:06 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 10:05 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 10:05 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 10:05 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 10:05 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 10:05 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 10:05 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 10:05 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-06 14:58 . 2008-09-06 14:58 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-09-06 14:58 . 2008-09-06 14:58 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-09-06 14:29 . 2008-09-06 14:57 <REP> d-------- C:\Program Files\Navilog1
2008-09-06 14:10 . 2008-09-06 14:13 <REP> d-------- C:\Lop SD
2008-09-06 13:57 . 2008-09-06 13:57 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 13:38 . 2008-09-06 13:38 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-31 14:03 . 2008-08-31 14:03 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-27 19:06 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-27 19:06 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-27 19:06 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-27 19:06 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-27 19:05 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-27 19:05 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-27 19:05 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-27 19:05 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-27 19:05 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-18 21:33 . 2008-05-27 06:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-08-18 21:33 . 2008-05-27 07:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-08-18 21:33 . 2008-05-27 06:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-08-18 21:33 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
2008-08-16 18:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 19:32 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 19:32 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 19:32 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 19:32 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 19:32 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-12 16:04 . 2008-08-12 16:04 <REP> d-------- C:\Users\coco\AppData\Roaming\Malwarebytes
2008-08-12 16:04 . 2008-08-12 16:04 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-08-12 16:04 . 2008-08-12 16:04 <REP> d-------- C:\ProgramData\Malwarebytes
2008-08-12 16:04 . 2008-09-06 13:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 16:04 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-12 16:04 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 21:22 --------- d-----w C:\Users\coco\AppData\Roaming\dvdcss
2008-09-10 18:45 --------- d-----w C:\ProgramData\Google Updater
2008-09-10 15:31 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-07 08:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-06 11:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-06 11:32 --------- d-----w C:\Program Files\Windows Live
2008-09-06 11:30 --------- d-----w C:\ProgramData\WLInstaller
2008-08-20 18:57 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:18 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 16:20 --------- d-----w C:\Users\coco\AppData\Roaming\LG Electronics
2008-08-10 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 12:41 --------- d-----w C:\Program Files\LG Electronics
2008-08-10 12:40 --------- d-----w C:\Program Files\LG PC Suite 2
2008-08-10 12:38 --------- d-----w C:\Users\coco\AppData\Roaming\InstallShield
2008-08-04 21:10 --------- d-----w C:\ProgramData\Symantec
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-12 19:59 174 --sha-w C:\Program Files\desktop.ini
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Journal
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Defender
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-12 19:49 --------- d-----w C:\Program Files\Windows Calendar
2008-07-12 19:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-12 19:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-12 17:50 --------- d---a-w C:\ProgramData\TEMP
2008-07-12 17:46 --------- d-----w C:\Program Files\Google
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2008-01-19 192000]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-09 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 17:02 563984 C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 17:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{297DE86C-FB69-45C2-86AF-D939F88EFFFA}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{98D4660C-2DC7-45C7-9E5E-FE6AE91F6C00}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{5172654F-E286-4B7B-A1A0-637D8F511197}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector
"{F32E5AD1-3F86-4341-8921-D46AE7F46FAB}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV
"{B9805CC4-1E9D-45D3-AAA4-3671460BEB7E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D000936A-D37A-4095-8F8A-36F041C6B85C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{F2AB630E-5BBA-4AD2-9CCF-C5ECBE63D289}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{4D4F2E2F-DFFA-43B9-99CD-FF7A06B1AE62}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{62D2A46B-5CA2-4EB7-9AF8-07BC784BAC69}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus
"UDP Query User{ACC48FC0-FF18-4ACD-84D9-15C457A606AC}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus
"{C3A4DE6B-0953-4D4D-A548-AF2EC97A3774}"= UDP:C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe:Blizzard Downloader
"{44285577-B134-4FB6-93BF-A236F7A89BCA}"= TCP:C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe:Blizzard Downloader
"{BCA4330E-92A2-42BD-8A29-FC4E709D8611}"= UDP:3724:Blizzard Downloader: 3724
"{BB6F4944-E8F0-424F-A605-6D88A98A49E2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6F4D342-48A4-4067-92F6-2279306016CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5b3658e-2255-11dc-ae60-806e6f6e6963}]
\shell\AutoRun\command - E:\AutoRunPro.exe /s
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\fl1bhwfg.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 20:42:17
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 21:04:32
ComboFix-quarantined-files.txt 2008-09-11 19:01:45
Pre-Run: 11,983,745,024 octets libres
Post-Run: 11,174,387,712 octets libres
204 --- E O F --- 2008-09-10 15:32:51
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
16 sept. 2008 à 14:21
16 sept. 2008 à 14:21
Désolé pour le délai de réponse.
1) Avant de poursuivre, je voudrais que tu désinfectes tes supports amovibles stp (clés USB, disques durs externes...) :
Télécharge l'outil Flash_Disinfector (de sUBs) :
ici [www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe]
ou ici download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
Enregistre Flash_Disinfector.exe sur ton bureau.
Double clique sur Flash_Disinfector.exe pour l'exécuter.
Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra :
Connecte au pc toutes les clés USB, Disques durs externes et autres supports amovibles susceptibles d'avoir été infectés (sans les ouvrir).
Puis clique sur OK
Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!]
Appuie ensuite sur OK, pour faire réapparaître le bureau.
2) A part le fichier que Combofix a supprimé automatiquement, je ne vois pas d'infection sur ce rapport... AS-tu encore des problèmes ?
1) Avant de poursuivre, je voudrais que tu désinfectes tes supports amovibles stp (clés USB, disques durs externes...) :
Télécharge l'outil Flash_Disinfector (de sUBs) :
ici [www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe]
ou ici download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
Enregistre Flash_Disinfector.exe sur ton bureau.
Double clique sur Flash_Disinfector.exe pour l'exécuter.
Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra :
Connecte au pc toutes les clés USB, Disques durs externes et autres supports amovibles susceptibles d'avoir été infectés (sans les ouvrir).
Puis clique sur OK
Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!]
Appuie ensuite sur OK, pour faire réapparaître le bureau.
2) A part le fichier que Combofix a supprimé automatiquement, je ne vois pas d'infection sur ce rapport... AS-tu encore des problèmes ?