Comment supprimer un cheval de troie??

kasumi -  
illusion1 Messages postés 62 Statut Membre -
Bonjour,

Ca va faire bientôt une semaine que j'ai un cheval de troie et pas moyen de le supprimer avec Ad aware, Spybot...
A chaque fois que j'ouvre une page web, avast me dit que j'ai un cheval de troie.

Quelqu'un peut m'aider car je sais vraiment plus quoi faire!!

Merci
Configuration: Windows Vista
Internet Explorer 7.0

64 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Un cheval de Troie persiste sur Windows Vista malgré des scans et des alertes Avast, et les tentatives de suppression avec Ad-Aware ou Spybot n'aboutissent pas, indiquant une infection résistante. Des outils spécialisés tels que Malwarebytes et ComboFix sont proposés pour détecter et supprimer le malware, tandis que des conseils portent sur la désactivation temporaire de protections Avast et sur l'analyse des entrées de démarrage. Des éléments évoquent l'examen des programmes au démarrage et des services résidents, et suggèrent la nécessité d'un nettoyage approfondi parfois en mode sans Échec pour éviter que des composants persistants réactivent l'infection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. illusion1
     
    Je dois télécharger Bitdefender c ca? Ahlala je m'y connais vraiment à rien en info...
    0
    1. Utilisateur anonyme
       
      Nan nan tu répètes 50 fois "bitdefender" à haute voix debout sur ton bureau à poil et la fenêtre ouverte, ensuite tu enroule ta souris avec des tranches de jambons, et ton cheval de troie va partir tout seul....

      Oui télécharge bitdefender, la version d'evaluation. Installe le, fait un scan approfondie (debrouille toi pour trouver comment faire un scan approfondie).
      -1
  2. illusion1 Messages postés 62 Statut Membre
     
    dsl vs avez pas le lien pr malwarebyte??
    0
  3. Utilisateur anonyme
     
    Telecharge malwarebytes

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  4. illusion1 Messages postés 62 Statut Membre
     
    Merci chiquitine pr ton aide, là jfais le scan.
    0
    1. didishnikov Messages postés 2067 Statut Membre 85
       
      désolé je t'avais laisser un lien mais posté au mauvais endroit , maintenant je laisse la main à chiquitine . Bonne continuation .
      0
      1. illusion1 Messages postés 62 Statut Membre > didishnikov Messages postés 2067 Statut Membre
         
        Non c pas grave, merci pour m'avoir aidé!^^
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. max
     
    Après achète kaspersky il est trop bien ^^ bon courage pour ton dada
    0
  7. illusion1 Messages postés 62 Statut Membre
     
    Ca y'est malwarebyte a bien détecté un trojan!!!
    0
  8. illusion1 Messages postés 62 Statut Membre
     
    Voici le rapport:

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1260
    Windows 6.0.6001 Service Pack 1

    12/10/2008 17:52:14
    mbam-log-2008-10-12 (17-52-14).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 162687
    Temps écoulé: 3 hour(s), 5 minute(s), 12 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\Thunder Network\WebThunder\ThunderLoader\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

    MERCI
    0
  9. Utilisateur anonyme
     
    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  10. Utilisateur anonyme
     
    Supprime webthunder, ne va pas faire 36 scans different!!
    0
  11. illusion1 Messages postés 62 Statut Membre
     
    Ouos tout à l'heure j'ai loupé une étape, j'ai pas fait attention à la NOTE:avant d'utiliser Combofix, ça fait que mon rapport oui je l'ai fait mais sans avoir désactiver provisoirement mon anti-virus et spyware...DESOLE!!

    Voici le 1er compte-rendu:

    ComboFix 08-10-11.04 - lailai 2008-10-12 18:20:55.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1037 [GMT 2:00]
    Lancé depuis: C:\Xunlei\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    G:\1rfw8hjr.com
    G:\ffojc.com
    G:\nqgcd.com
    G:\u9dyi.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
    2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
    2008-10-11 14:28 . 2008-10-12 18:38 81,984 --a------ C:\Windows\System32\bdod.bin
    2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
    2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
    2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
    2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
    2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
    2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
    2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
    2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
    2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
    2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
    2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
    2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
    2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
    2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
    2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
    2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
    2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
    2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
    2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
    2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
    2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
    2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
    2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
    2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
    2008-08-22 18:12 --------- d-----w C:\Program Files\Google
    2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
    2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
    2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
    2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
    2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
    2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
    2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
    2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
    2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
    2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
    "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
    "WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli ASWLNPkg

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
    backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    --a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    --a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    --a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    -ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    --a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
    "{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
    "{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    Cognizance REG_MULTI_SZ ASBroker ASChannel

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
    \shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
    \shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
    \shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
    \shell\AutoRun\command - hsomklg.exe
    \shell\explore\Command - hsomklg.exe
    \shell\open\Command - hsomklg.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
    \shell\explore\Command - F:\svchost.exe 0e
    \shell\open\Command - F:\svchost.exe 0o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
    - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]

    2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

    2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-osCheck - c:\Program Files\Norton Internet Security\osCheck.exe
    MSConfigStartUp-SMSERIAL - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = http://login.live.com/...
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
    O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
    O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
    O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 18:36:28
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{49C68E83-392B-4D7F-8ACB-AD382602148E}_e65 6212 bytes
    C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{70E25D51-FC93-446E-A58F-28EEC25B243D}_e65 235076 bytes

    Scan terminé avec succès
    Fichiers cachés: 2

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\wisptis.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
    C:\Windows\System32\wisptis.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\System32\PresentationSettings.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-12 18:45:28 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-12 16:45:01

    Avant-CF: 42 529 116 160 octets libres
    Après-CF: 42,010,697,728 octets libres

    293 --- E O F --- 2008-10-11 04:32:43
    0
  12. illusion1 Messages postés 62 Statut Membre
     
    Ouos tout à l'heure j'ai loupé une étape, j'ai pas fait attention à la NOTE:avant d'utiliser Combofix, ça fait que mon rapport oui je l'ai fait mais sans avoir désactiver provisoirement mon anti-virus et spyware...DESOLE!!

    Voici le 1er compte-rendu:

    ComboFix 08-10-11.04 - lailai 2008-10-12 18:20:55.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1037 [GMT 2:00]
    Lancé depuis: C:\Xunlei\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    G:\1rfw8hjr.com
    G:\ffojc.com
    G:\nqgcd.com
    G:\u9dyi.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
    2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
    2008-10-11 14:28 . 2008-10-12 18:38 81,984 --a------ C:\Windows\System32\bdod.bin
    2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
    2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
    2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
    2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
    2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
    2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
    2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
    2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
    2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
    2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
    2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
    2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
    2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
    2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
    2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
    2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
    2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
    2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
    2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
    2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
    2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
    2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
    2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
    2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
    2008-08-22 18:12 --------- d-----w C:\Program Files\Google
    2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
    2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
    2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
    2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
    2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
    2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
    2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
    2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
    2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
    2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
    "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
    "WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli ASWLNPkg

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
    backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    --a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    --a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    --a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    -ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    --a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
    "{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
    "{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    Cognizance REG_MULTI_SZ ASBroker ASChannel

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
    \shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
    \shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
    \shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
    \shell\AutoRun\command - hsomklg.exe
    \shell\explore\Command - hsomklg.exe
    \shell\open\Command - hsomklg.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
    \shell\explore\Command - F:\svchost.exe 0e
    \shell\open\Command - F:\svchost.exe 0o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
    - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]

    2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

    2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-osCheck - c:\Program Files\Norton Internet Security\osCheck.exe
    MSConfigStartUp-SMSERIAL - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = http://login.live.com/...
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
    O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
    O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
    O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 18:36:28
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{49C68E83-392B-4D7F-8ACB-AD382602148E}_e65 6212 bytes
    C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{70E25D51-FC93-446E-A58F-28EEC25B243D}_e65 235076 bytes

    Scan terminé avec succès
    Fichiers cachés: 2

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\wisptis.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
    C:\Windows\System32\wisptis.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\System32\PresentationSettings.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-12 18:45:28 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-12 16:45:01

    Avant-CF: 42 529 116 160 octets libres
    Après-CF: 42,010,697,728 octets libres

    293 --- E O F --- 2008-10-11 04:32:43
    0
  13. illusion1 Messages postés 62 Statut Membre
     
    Et le 2nd:

    ComboFix 08-10-11.04 - lailai 2008-10-12 19:01:41.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1054 [GMT 2:00]
    Lancé depuis: C:\Xunlei\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
    2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
    2008-10-11 14:28 . 2008-10-12 19:08 81,984 --a------ C:\Windows\System32\bdod.bin
    2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
    2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
    2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
    2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
    2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
    2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
    2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
    2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
    2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
    2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
    2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
    2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
    2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
    2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
    2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
    2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
    2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
    2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
    2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
    2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
    2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
    2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
    2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
    2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
    2008-08-22 18:12 --------- d-----w C:\Program Files\Google
    2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
    2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
    2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
    2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
    2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
    2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
    2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
    2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
    2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
    2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-12_18.43.11.13 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-10-12 16:31:19 2,219 ----a-w C:\Windows\bthservsdp.dat
    + 2008-10-12 17:08:06 2,219 ----a-w C:\Windows\bthservsdp.dat
    - 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-10-12 16:34:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-10-12 16:34:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-10-12 16:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-10-12 17:10:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-10-12 16:33:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-10-12 17:10:32 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-10-12 16:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-10-12 17:10:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-10-12 16:35:24 13,008 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
    + 2008-10-12 17:12:10 13,174 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
    - 2008-10-12 16:35:24 67,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-10-12 17:12:09 67,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
    "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
    "WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli ASWLNPkg

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
    backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    --a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    --a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    --a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    -ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    --a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
    "{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
    "{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    Cognizance REG_MULTI_SZ ASBroker ASChannel

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
    \shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
    \shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
    \shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
    \shell\AutoRun\command - hsomklg.exe
    \shell\explore\Command - hsomklg.exe
    \shell\open\Command - hsomklg.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
    \shell\explore\Command - F:\svchost.exe 0e
    \shell\open\Command - F:\svchost.exe 0o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
    - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]

    2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

    2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = http://login.live.com/...
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
    O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
    O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
    O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 19:11:39
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\wisptis.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\System32\wisptis.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-12 19:22:41 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-12 17:22:09
    ComboFix2.txt 2008-10-12 16:45:30

    Avant-CF: 42 049 949 696 octets libres
    Après-CF: 42,000,719,872 octets libres

    307 --- E O F --- 2008-10-11 04:32:43
    0
  14. illusion1 Messages postés 62 Statut Membre
     
    Et le 2nd:

    ComboFix 08-10-11.04 - lailai 2008-10-12 19:01:41.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1054 [GMT 2:00]
    Lancé depuis: C:\Xunlei\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
    2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
    2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
    2008-10-11 14:28 . 2008-10-12 19:08 81,984 --a------ C:\Windows\System32\bdod.bin
    2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
    2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
    2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
    2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
    2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
    2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
    2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
    2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
    2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
    2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
    2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
    2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
    2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
    2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
    2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
    2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
    2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
    2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
    2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
    2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
    2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
    2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
    2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
    2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
    2008-08-22 18:12 --------- d-----w C:\Program Files\Google
    2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
    2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
    2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
    2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
    2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
    2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
    2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
    2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
    2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
    2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
    2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
    2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
    2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
    2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
    2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
    2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
    2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-12_18.43.11.13 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-10-12 16:31:19 2,219 ----a-w C:\Windows\bthservsdp.dat
    + 2008-10-12 17:08:06 2,219 ----a-w C:\Windows\bthservsdp.dat
    - 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-10-12 16:34:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-10-12 16:34:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-10-12 16:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-10-12 17:10:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-10-12 16:33:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-10-12 17:10:32 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-10-12 16:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-10-12 17:10:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-10-12 16:35:24 13,008 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
    + 2008-10-12 17:12:10 13,174 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
    - 2008-10-12 16:35:24 67,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-10-12 17:12:09 67,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
    "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
    "WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli ASWLNPkg

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
    backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    --a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    --a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    --a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    -ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    --a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
    "{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
    "{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
    R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    Cognizance REG_MULTI_SZ ASBroker ASChannel

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
    \shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
    \shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
    \shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
    \shell\AutoRun\command - hsomklg.exe
    \shell\explore\Command - hsomklg.exe
    \shell\open\Command - hsomklg.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
    \shell\explore\Command - F:\svchost.exe 0e
    \shell\open\Command - F:\svchost.exe 0o

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
    \shell\Auto\command - OSO.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
    - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]

    2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

    2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = http://login.live.com/...
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
    O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
    O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
    O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 19:11:39
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\wisptis.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\System32\wisptis.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-12 19:22:41 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-12 17:22:09
    ComboFix2.txt 2008-10-12 16:45:30

    Avant-CF: 42 049 949 696 octets libres
    Après-CF: 42,000,719,872 octets libres

    307 --- E O F --- 2008-10-11 04:32:43
    0
  15. illusion1 Messages postés 62 Statut Membre
     
    Encore une question, c'est normal qu'à chaque fois que je vais sur un site il est indiqué:

    "La connexion que vous allez utiliser n'est pas sécurisée. D'autres utilisateurs du Web peuvent dorénavant accéder aux informations que vous envoyer." ??
    0
  16. Utilisateur anonyme
     
    Telecharge UsbFix sur ton bureau

    --> Lance l installation avec les parametres par default

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Double clic sur le raccourci UsbFix sur ton bureau

    --> Le pc va redémarer

    -->Apres redémarrage post le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
    Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

    0
  17. illusion1 Messages postés 62 Statut Membre
     
    Bonjour,

    Je n'ai pas réussi à faire la dernière étape avec Usbfix.

    Quand je l'installe, il y a pas d'endroit qui me dit qu'on peut lfaire une installation par défaut, ca ma le fait directement.

    Ensuite j'ai fait comme tu m'as dit, mais à la fin quand l'ordinateur se rallume, déjà au démarrage y'a une sorte de rectangle noir qui apparaît, et après pour le gestionnaire des tâches de Windows, j'ai fait comme tu m'as dit, c'est à dire Fichier>Nouvelle Tâche>Je tape "explorer.exe">je valide....Il m'indique"en cours d'exécution", mais le problème c'est q j'ai laissé toute la soirée et à mon réveil, son état est resté pareil...Bizarre du coup je n'ai pas eu de rapport.

    Ah oui, aussi, lorsque je lance Usbfix, il me dit accès refusé, ensuite redémarre mon ordinateur automatiquement.

    Que dois-faire?

    MERCI
    0
  18. Utilisateur anonyme
     
    FAIS un clic droit sur le racoourci usbfix

    choisi executer en tant qu administrateur

    et lance l outil
    0
  19. illusion1 Messages postés 62 Statut Membre
     
    MERCI!
    Voici le rapport:

    -------------- UsbFix V1.001 ---------------

    * User : lailai - PC-DE-LAILAI
    * Outils mis a jours le 12/10/2008 par Chiquitine29
    * Recherche effectuée à 15:03:51 le 13/10/2008
    * Windows Vista - Internet Explorer 7.0.6001.18000

    --------------- [ Processus actifs ] ----------------

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe
    D: - Lecteur fixe
    G: - Lecteur amovible

    --------------- [ Registre / Startup ] ----------------

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    RtHDVCpl REG_SZ RtHDVCpl.exe
    QPService REG_SZ "C:\Program Files\HP\QuickPlay\QPService.exe"
    HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    HP Health Check Scheduler REG_SZ C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    WAWifiMessage REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    CognizanceTS REG_SZ rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
    TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
    MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    Sidebar REG_SZ C:\Program Files\windows sidebar\sidebar.exe /autoRun
    WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0abdb868-2705-11dd-9278-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0abdb868-2705-11dd-9278-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\explore\Command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\open\Command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\explore\Command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\open\Command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56931-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56931-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56940-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56940-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56942-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
    Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56942-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Echec de la supression !! - C:\
    Echec de la supression !! - D:\
    Supprimé ! - G:\mnl6on3.com
    Supprimé ! - G:\RECYCLED\INFO.exe
    Echec de la supression !! - G:\

    --------------- ! Fin du rapport ! ----------------
    0
  20. Utilisateur anonyme
     
    Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
    http://images.malwareremoval.com/random/RSIT.exe
    Double-clique sur RSIT.exe afin de lancer RSIT.
    Clique Continue à l'écran Disclaimer.
    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  • 1
  • 2
  • 3
  • 4