Comment supprimer un cheval de troie??
kasumi
-
illusion1 Messages postés 62 Statut Membre -
illusion1 Messages postés 62 Statut Membre -
Bonjour,
Ca va faire bientôt une semaine que j'ai un cheval de troie et pas moyen de le supprimer avec Ad aware, Spybot...
A chaque fois que j'ouvre une page web, avast me dit que j'ai un cheval de troie.
Quelqu'un peut m'aider car je sais vraiment plus quoi faire!!
Merci
Ca va faire bientôt une semaine que j'ai un cheval de troie et pas moyen de le supprimer avec Ad aware, Spybot...
A chaque fois que j'ouvre une page web, avast me dit que j'ai un cheval de troie.
Quelqu'un peut m'aider car je sais vraiment plus quoi faire!!
Merci
A voir également:
- Comment supprimer un cheval de troie??
- Supprimer rond bleu whatsapp - Guide
- Comment supprimer une page sur word - Guide
- Impossible de supprimer un fichier - Guide
- Comment supprimer un compte gmail - Guide
- Comment recuperer un message supprimé sur whatsapp - Guide
64 réponses
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici le rapport:
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1260
Windows 6.0.6001 Service Pack 1
12/10/2008 17:52:14
mbam-log-2008-10-12 (17-52-14).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 162687
Temps écoulé: 3 hour(s), 5 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\Thunder Network\WebThunder\ThunderLoader\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
MERCI
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1260
Windows 6.0.6001 Service Pack 1
12/10/2008 17:52:14
mbam-log-2008-10-12 (17-52-14).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 162687
Temps écoulé: 3 hour(s), 5 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Program Files\Thunder Network\WebThunder\ThunderLoader\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
MERCI
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Ouos tout à l'heure j'ai loupé une étape, j'ai pas fait attention à la NOTE:avant d'utiliser Combofix, ça fait que mon rapport oui je l'ai fait mais sans avoir désactiver provisoirement mon anti-virus et spyware...DESOLE!!
Voici le 1er compte-rendu:
ComboFix 08-10-11.04 - lailai 2008-10-12 18:20:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1037 [GMT 2:00]
Lancé depuis: C:\Xunlei\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\1rfw8hjr.com
G:\ffojc.com
G:\nqgcd.com
G:\u9dyi.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
2008-10-11 14:28 . 2008-10-12 18:38 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
2008-08-22 18:12 --------- d-----w C:\Program Files\Google
2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
"WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
\shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
\shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
\shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
\shell\AutoRun\command - hsomklg.exe
\shell\explore\Command - hsomklg.exe
\shell\open\Command - hsomklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
\shell\explore\Command - F:\svchost.exe 0e
\shell\open\Command - F:\svchost.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\Program Files\Norton Internet Security\osCheck.exe
MSConfigStartUp-SMSERIAL - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = http://login.live.com/...
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 18:36:28
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{49C68E83-392B-4D7F-8ACB-AD382602148E}_e65 6212 bytes
C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{70E25D51-FC93-446E-A58F-28EEC25B243D}_e65 235076 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\PresentationSettings.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Heure de fin: 2008-10-12 18:45:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-12 16:45:01
Avant-CF: 42 529 116 160 octets libres
Après-CF: 42,010,697,728 octets libres
293 --- E O F --- 2008-10-11 04:32:43
Voici le 1er compte-rendu:
ComboFix 08-10-11.04 - lailai 2008-10-12 18:20:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1037 [GMT 2:00]
Lancé depuis: C:\Xunlei\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\1rfw8hjr.com
G:\ffojc.com
G:\nqgcd.com
G:\u9dyi.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
2008-10-11 14:28 . 2008-10-12 18:38 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
2008-08-22 18:12 --------- d-----w C:\Program Files\Google
2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
"WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
\shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
\shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
\shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
\shell\AutoRun\command - hsomklg.exe
\shell\explore\Command - hsomklg.exe
\shell\open\Command - hsomklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
\shell\explore\Command - F:\svchost.exe 0e
\shell\open\Command - F:\svchost.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\Program Files\Norton Internet Security\osCheck.exe
MSConfigStartUp-SMSERIAL - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = http://login.live.com/...
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 18:36:28
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{49C68E83-392B-4D7F-8ACB-AD382602148E}_e65 6212 bytes
C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{70E25D51-FC93-446E-A58F-28EEC25B243D}_e65 235076 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\PresentationSettings.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Heure de fin: 2008-10-12 18:45:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-12 16:45:01
Avant-CF: 42 529 116 160 octets libres
Après-CF: 42,010,697,728 octets libres
293 --- E O F --- 2008-10-11 04:32:43
Ouos tout à l'heure j'ai loupé une étape, j'ai pas fait attention à la NOTE:avant d'utiliser Combofix, ça fait que mon rapport oui je l'ai fait mais sans avoir désactiver provisoirement mon anti-virus et spyware...DESOLE!!
Voici le 1er compte-rendu:
ComboFix 08-10-11.04 - lailai 2008-10-12 18:20:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1037 [GMT 2:00]
Lancé depuis: C:\Xunlei\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\1rfw8hjr.com
G:\ffojc.com
G:\nqgcd.com
G:\u9dyi.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
2008-10-11 14:28 . 2008-10-12 18:38 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
2008-08-22 18:12 --------- d-----w C:\Program Files\Google
2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
"WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
\shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
\shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
\shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
\shell\AutoRun\command - hsomklg.exe
\shell\explore\Command - hsomklg.exe
\shell\open\Command - hsomklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
\shell\explore\Command - F:\svchost.exe 0e
\shell\open\Command - F:\svchost.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\Program Files\Norton Internet Security\osCheck.exe
MSConfigStartUp-SMSERIAL - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = http://login.live.com/...
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 18:36:28
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{49C68E83-392B-4D7F-8ACB-AD382602148E}_e65 6212 bytes
C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{70E25D51-FC93-446E-A58F-28EEC25B243D}_e65 235076 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\PresentationSettings.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Heure de fin: 2008-10-12 18:45:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-12 16:45:01
Avant-CF: 42 529 116 160 octets libres
Après-CF: 42,010,697,728 octets libres
293 --- E O F --- 2008-10-11 04:32:43
Voici le 1er compte-rendu:
ComboFix 08-10-11.04 - lailai 2008-10-12 18:20:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1037 [GMT 2:00]
Lancé depuis: C:\Xunlei\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\1rfw8hjr.com
G:\ffojc.com
G:\nqgcd.com
G:\u9dyi.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
2008-10-11 14:28 . 2008-10-12 18:38 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
2008-08-22 18:12 --------- d-----w C:\Program Files\Google
2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
"WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
\shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
\shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
\shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
\shell\AutoRun\command - hsomklg.exe
\shell\explore\Command - hsomklg.exe
\shell\open\Command - hsomklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
\shell\explore\Command - F:\svchost.exe 0e
\shell\open\Command - F:\svchost.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\Program Files\Norton Internet Security\osCheck.exe
MSConfigStartUp-SMSERIAL - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = http://login.live.com/...
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 18:36:28
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{49C68E83-392B-4D7F-8ACB-AD382602148E}_e65 6212 bytes
C:\Users\lailai\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\{6D1087D7-61D2-495F-9293-5B7B1C3FCEAB}\{70E25D51-FC93-446E-A58F-28EEC25B243D}_e65 235076 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\PresentationSettings.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Heure de fin: 2008-10-12 18:45:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-12 16:45:01
Avant-CF: 42 529 116 160 octets libres
Après-CF: 42,010,697,728 octets libres
293 --- E O F --- 2008-10-11 04:32:43
Et le 2nd:
ComboFix 08-10-11.04 - lailai 2008-10-12 19:01:41.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1054 [GMT 2:00]
Lancé depuis: C:\Xunlei\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
2008-10-11 14:28 . 2008-10-12 19:08 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
2008-08-22 18:12 --------- d-----w C:\Program Files\Google
2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-12_18.43.11.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-12 16:31:19 2,219 ----a-w C:\Windows\bthservsdp.dat
+ 2008-10-12 17:08:06 2,219 ----a-w C:\Windows\bthservsdp.dat
- 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-12 16:34:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-12 16:34:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-12 16:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-12 17:10:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-12 16:33:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-12 17:10:32 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-12 16:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-12 17:10:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-12 16:35:24 13,008 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
+ 2008-10-12 17:12:10 13,174 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
- 2008-10-12 16:35:24 67,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-12 17:12:09 67,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
"WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
\shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
\shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
\shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
\shell\AutoRun\command - hsomklg.exe
\shell\explore\Command - hsomklg.exe
\shell\open\Command - hsomklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
\shell\explore\Command - F:\svchost.exe 0e
\shell\open\Command - F:\svchost.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = http://login.live.com/...
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 19:11:39
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-10-12 19:22:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-12 17:22:09
ComboFix2.txt 2008-10-12 16:45:30
Avant-CF: 42 049 949 696 octets libres
Après-CF: 42,000,719,872 octets libres
307 --- E O F --- 2008-10-11 04:32:43
ComboFix 08-10-11.04 - lailai 2008-10-12 19:01:41.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1054 [GMT 2:00]
Lancé depuis: C:\Xunlei\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
2008-10-11 14:28 . 2008-10-12 19:08 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
2008-08-22 18:12 --------- d-----w C:\Program Files\Google
2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-12_18.43.11.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-12 16:31:19 2,219 ----a-w C:\Windows\bthservsdp.dat
+ 2008-10-12 17:08:06 2,219 ----a-w C:\Windows\bthservsdp.dat
- 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-12 16:34:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-12 16:34:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-12 16:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-12 17:10:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-12 16:33:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-12 17:10:32 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-12 16:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-12 17:10:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-12 16:35:24 13,008 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
+ 2008-10-12 17:12:10 13,174 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
- 2008-10-12 16:35:24 67,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-12 17:12:09 67,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
"WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
\shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
\shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
\shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
\shell\AutoRun\command - hsomklg.exe
\shell\explore\Command - hsomklg.exe
\shell\open\Command - hsomklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
\shell\explore\Command - F:\svchost.exe 0e
\shell\open\Command - F:\svchost.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = http://login.live.com/...
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 19:11:39
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-10-12 19:22:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-12 17:22:09
ComboFix2.txt 2008-10-12 16:45:30
Avant-CF: 42 049 949 696 octets libres
Après-CF: 42,000,719,872 octets libres
307 --- E O F --- 2008-10-11 04:32:43
Et le 2nd:
ComboFix 08-10-11.04 - lailai 2008-10-12 19:01:41.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1054 [GMT 2:00]
Lancé depuis: C:\Xunlei\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
2008-10-11 14:28 . 2008-10-12 19:08 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
2008-08-22 18:12 --------- d-----w C:\Program Files\Google
2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-12_18.43.11.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-12 16:31:19 2,219 ----a-w C:\Windows\bthservsdp.dat
+ 2008-10-12 17:08:06 2,219 ----a-w C:\Windows\bthservsdp.dat
- 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-12 16:34:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-12 16:34:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-12 16:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-12 17:10:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-12 16:33:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-12 17:10:32 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-12 16:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-12 17:10:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-12 16:35:24 13,008 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
+ 2008-10-12 17:12:10 13,174 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
- 2008-10-12 16:35:24 67,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-12 17:12:09 67,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
"WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
\shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
\shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
\shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
\shell\AutoRun\command - hsomklg.exe
\shell\explore\Command - hsomklg.exe
\shell\open\Command - hsomklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
\shell\explore\Command - F:\svchost.exe 0e
\shell\open\Command - F:\svchost.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = http://login.live.com/...
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 19:11:39
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-10-12 19:22:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-12 17:22:09
ComboFix2.txt 2008-10-12 16:45:30
Avant-CF: 42 049 949 696 octets libres
Après-CF: 42,000,719,872 octets libres
307 --- E O F --- 2008-10-11 04:32:43
ComboFix 08-10-11.04 - lailai 2008-10-12 19:01:41.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1054 [GMT 2:00]
Lancé depuis: C:\Xunlei\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 ))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\lailai\AppData\Roaming\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-12 14:40 . 2008-10-12 14:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:40 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 14:40 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Users\All Users\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\ProgramData\Avira
2008-10-12 11:05 . 2008-10-12 11:05 <REP> d-------- C:\Program Files\Avira
2008-10-11 16:27 . 2008-10-11 16:27 <REP> d-------- C:\Users\lailai\AppData\Roaming\Bitdefender
2008-10-11 14:28 . 2008-10-12 19:08 81,984 --a------ C:\Windows\System32\bdod.bin
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\Users\All Users\BitDefender
2008-10-11 14:22 . 2008-10-11 14:23 <REP> d-------- C:\ProgramData\BitDefender
2008-10-11 14:22 . 2008-10-11 14:22 <REP> d-------- C:\Program Files\Softwin
2008-10-11 14:19 . 2008-10-11 14:23 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Users\lailai\Bluetooth Software
2008-10-09 13:44 . 2008-10-09 13:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-09 13:42 . 2008-10-09 13:42 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-09 10:20 . 2008-10-09 10:20 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-10-09 10:07 . 2008-10-09 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-08 15:59 . 2008-10-08 16:02 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-10-08 15:45 . 2008-10-12 11:09 <REP> d-a------ C:\ProgramData\TEMP
2008-10-08 15:45 . 2008-10-08 16:31 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-08 17:31 <REP> d-------- C:\Spybot - Search & Destroy
2008-10-08 13:43 . 2008-10-11 13:10 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-08 08:43 . 2008-10-08 08:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-08 08:43 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-07 19:02 . 2008-10-07 19:02 <REP> d-------- C:\Users\lailai\AppData\Roaming\PeerNetworking
2008-10-05 08:55 . 2008-10-05 08:55 <REP> d-------- C:\Program Files\Windows Live
2008-10-05 08:55 . 2008-10-05 08:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\Users\All Users\WLInstaller
2008-10-05 08:54 . 2008-10-05 08:54 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-15 13:20 . 2008-05-27 07:17 11,776 --a------ C:\Windows\System32\msshooks.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-12 13:13 --------- d-----w C:\ProgramData\Symantec
2008-10-12 07:01 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 11:55 --------- d-----w C:\Users\lailai\AppData\Roaming\dvdcss
2008-09-25 02:51 35,416 ----a-w C:\Users\lailai\AppData\Roaming\nvModes.dat
2008-09-11 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-11 15:15 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 14:50 --------- d-----w C:\Users\lailai\AppData\Roaming\OpenOffice.org2
2008-08-25 12:26 --------- d-----w C:\Users\lailai\AppData\Roaming\Apple Computer
2008-08-22 18:12 --------- d-----w C:\Program Files\Google
2008-08-22 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 17:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 16:47 --------- d-----w C:\Program Files\iTunes
2008-08-22 16:47 --------- d-----w C:\Program Files\iPod
2008-08-22 16:45 --------- d-----w C:\Program Files\Bonjour
2008-08-22 16:44 --------- d-----w C:\Program Files\QuickTime
2008-08-22 16:29 --------- d-----w C:\Program Files\Safari
2008-08-22 16:25 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 20:07 --------- d-----w C:\Program Files\Red Kawa
2008-08-20 20:07 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-03 22:18 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-30 14:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-30 14:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-18 15:55 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-12_18.43.11.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-12 16:31:19 2,219 ----a-w C:\Windows\bthservsdp.dat
+ 2008-10-12 17:08:06 2,219 ----a-w C:\Windows\bthservsdp.dat
- 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-12 16:32:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-12 17:09:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-12 16:34:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-12 16:34:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-12 17:11:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-12 16:33:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-12 17:10:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-12 16:33:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-12 17:10:32 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-12 16:33:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-12 17:10:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-12 16:35:24 13,008 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
+ 2008-10-12 17:12:10 13,174 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573697694-752940356-2136645435-1000_UserData.bin
- 2008-10-12 16:35:24 67,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-12 17:12:09 67,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-28 77824]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 185896]
"WebThunder"="C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" [2008-01-16 656800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-17 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-17 7753728]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-17 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 14:28 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2007-04-02 16:48 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30CFE9E5-30C6-4BBC-A2CC-80C860CCD93E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DD5A8E49-9ECE-46C7-8DEA-F9F5EA7B239C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{22E8FE39-E84F-49D3-A6FE-B3BC6EF187F6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{795F9370-9944-44CC-AC84-D9ADDF830151}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D9D10FD0-2AE3-4290-B07F-14DFB63CCD31}"= Disabled:UDP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{D961E47C-B4C7-45D1-9950-3E2611E79CE3}"= Disabled:TCP:C:\Program Files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{2824514B-C4F4-43C4-A60D-830141FF2F0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9B9706ED-E755-4363-AF1B-F8D2306FDB5F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{CCD2A7C7-1C7C-4DF7-BEFE-FD7A537419FF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{112A2190-1063-4158-A6BE-8FA763093B83}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 78128]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 16560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abdb868-2705-11dd-9278-001a6b422d31}]
\shell\AutoRun\command - WScript.exe caixiaomei.vbs "AutoRun"
\shell\AutoRun1\command - WScript.exe caixiaomei.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}]
\shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}]
\shell\AutoRun\command - hsomklg.exe
\shell\explore\Command - hsomklg.exe
\shell\open\Command - hsomklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}]
\shell\explore\Command - F:\svchost.exe 0e
\shell\open\Command - F:\svchost.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56931-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56940-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c56942-4691-11dc-8544-001a6b422d31}]
\shell\Auto\command - OSO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\Windows\Tasks\HPCeeScheduleForlailai.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 17:08]
2008-10-12 C:\Windows\Tasks\User_Feed_Synchronization-{BEB004AE-EE7D-4BFB-876A-9AB2241263AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-10-12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = http://login.live.com/...
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 -: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
O9 -: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 19:11:39
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-10-12 19:22:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-12 17:22:09
ComboFix2.txt 2008-10-12 16:45:30
Avant-CF: 42 049 949 696 octets libres
Après-CF: 42,000,719,872 octets libres
307 --- E O F --- 2008-10-11 04:32:43
Encore une question, c'est normal qu'à chaque fois que je vais sur un site il est indiqué:
"La connexion que vous allez utiliser n'est pas sécurisée. D'autres utilisateurs du Web peuvent dorénavant accéder aux informations que vous envoyer." ??
"La connexion que vous allez utiliser n'est pas sécurisée. D'autres utilisateurs du Web peuvent dorénavant accéder aux informations que vous envoyer." ??
Telecharge UsbFix sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
Bonjour,
Je n'ai pas réussi à faire la dernière étape avec Usbfix.
Quand je l'installe, il y a pas d'endroit qui me dit qu'on peut lfaire une installation par défaut, ca ma le fait directement.
Ensuite j'ai fait comme tu m'as dit, mais à la fin quand l'ordinateur se rallume, déjà au démarrage y'a une sorte de rectangle noir qui apparaît, et après pour le gestionnaire des tâches de Windows, j'ai fait comme tu m'as dit, c'est à dire Fichier>Nouvelle Tâche>Je tape "explorer.exe">je valide....Il m'indique"en cours d'exécution", mais le problème c'est q j'ai laissé toute la soirée et à mon réveil, son état est resté pareil...Bizarre du coup je n'ai pas eu de rapport.
Ah oui, aussi, lorsque je lance Usbfix, il me dit accès refusé, ensuite redémarre mon ordinateur automatiquement.
Que dois-faire?
MERCI
Je n'ai pas réussi à faire la dernière étape avec Usbfix.
Quand je l'installe, il y a pas d'endroit qui me dit qu'on peut lfaire une installation par défaut, ca ma le fait directement.
Ensuite j'ai fait comme tu m'as dit, mais à la fin quand l'ordinateur se rallume, déjà au démarrage y'a une sorte de rectangle noir qui apparaît, et après pour le gestionnaire des tâches de Windows, j'ai fait comme tu m'as dit, c'est à dire Fichier>Nouvelle Tâche>Je tape "explorer.exe">je valide....Il m'indique"en cours d'exécution", mais le problème c'est q j'ai laissé toute la soirée et à mon réveil, son état est resté pareil...Bizarre du coup je n'ai pas eu de rapport.
Ah oui, aussi, lorsque je lance Usbfix, il me dit accès refusé, ensuite redémarre mon ordinateur automatiquement.
Que dois-faire?
MERCI
FAIS un clic droit sur le racoourci usbfix
choisi executer en tant qu administrateur
et lance l outil
choisi executer en tant qu administrateur
et lance l outil
MERCI!
Voici le rapport:
-------------- UsbFix V1.001 ---------------
* User : lailai - PC-DE-LAILAI
* Outils mis a jours le 12/10/2008 par Chiquitine29
* Recherche effectuée à 15:03:51 le 13/10/2008
* Windows Vista - Internet Explorer 7.0.6001.18000
--------------- [ Processus actifs ] ----------------
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur amovible
--------------- [ Registre / Startup ] ----------------
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
QPService REG_SZ "C:\Program Files\HP\QuickPlay\QPService.exe"
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HP Health Check Scheduler REG_SZ C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
WAWifiMessage REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
CognizanceTS REG_SZ rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Sidebar REG_SZ C:\Program Files\windows sidebar\sidebar.exe /autoRun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0abdb868-2705-11dd-9278-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0abdb868-2705-11dd-9278-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56931-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56931-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56940-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56940-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56942-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56942-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Echec de la supression !! - C:\
Echec de la supression !! - D:\
Supprimé ! - G:\mnl6on3.com
Supprimé ! - G:\RECYCLED\INFO.exe
Echec de la supression !! - G:\
--------------- ! Fin du rapport ! ----------------
Voici le rapport:
-------------- UsbFix V1.001 ---------------
* User : lailai - PC-DE-LAILAI
* Outils mis a jours le 12/10/2008 par Chiquitine29
* Recherche effectuée à 15:03:51 le 13/10/2008
* Windows Vista - Internet Explorer 7.0.6001.18000
--------------- [ Processus actifs ] ----------------
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur amovible
--------------- [ Registre / Startup ] ----------------
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
QPService REG_SZ "C:\Program Files\HP\QuickPlay\QPService.exe"
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HP Health Check Scheduler REG_SZ C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
WAWifiMessage REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
CognizanceTS REG_SZ rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Sidebar REG_SZ C:\Program Files\windows sidebar\sidebar.exe /autoRun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0abdb868-2705-11dd-9278-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0abdb868-2705-11dd-9278-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a1db5b-7293-11dd-8bec-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f10c0e7-5715-11dc-976c-001a6b422d31}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\explore\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\open\Command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b9d11eb-adda-11dc-a895-001a6b422d31}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56931-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56931-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56940-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56940-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56942-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1573697694-752940356-2136645435-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c56942-4691-11dc-8544-001a6b422d31}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Echec de la supression !! - C:\
Echec de la supression !! - D:\
Supprimé ! - G:\mnl6on3.com
Supprimé ! - G:\RECYCLED\INFO.exe
Echec de la supression !! - G:\
--------------- ! Fin du rapport ! ----------------
Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
http://images.malwareremoval.com/random/RSIT.exe
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Oui télécharge bitdefender, la version d'evaluation. Installe le, fait un scan approfondie (debrouille toi pour trouver comment faire un scan approfondie).