Salut!
Je viens de lancer ComboFix : voilà ce qui en est ressorti...
(sinon, pas d'amélioration côté menu... :( )
ComboFix 08-10-24.02 - Evanno Emilie 2008-10-25 13:14:31.1 - NTFSx86
Microsoft® Windows Vista™ Edition Familiale Premium 6.0.6001.1.1252.1.1036.18.1291 [GMT 2:00]
Lancé depuis: C:UsersEvanno EmilieProgrammesComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:ProgramDataMicrosoftWindowsStart MenuProgramsWebMediaPlayer
C:ProgramDataMicrosoftWindowsStart MenuProgramsWebMediaPlayerConditions générales.lnk
C:ProgramDataMicrosoftWindowsStart MenuProgramsWebMediaPlayerConfidentialité.lnk
C:ProgramDataMicrosoftWindowsStart MenuProgramsWebMediaPlayerWebMediaPlayer.lnk
C:ProgramDataMicrosoftWindowsStart MenuProgramsWebMediaPlayerWebsite.lnk
C:UsersEvanno EmilieAppDataLocallxyqxkn_navup.dat
C:Windowspack.epk
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-25 au 2008-10-25 ))))))))))))))))))))))))))))))))))))
.
2008-10-24 22:49 . 2008-10-24 22:49 <REP> d-------- C:UsersEvanno EmilieAppDataRoamingMalwarebytes
2008-10-24 22:49 . 2008-10-24 22:49 <REP> d-------- C:ProgramDataMalwarebytes
2008-10-24 22:49 . 2008-10-24 22:49 <REP> d-------- C:Program FilesMalwarebytes' Anti-Malware
2008-10-24 22:49 . 2008-10-22 16:10 38,496 --a------ C:WindowsSystem32driversmbamswissarmy.sys
2008-10-24 22:49 . 2008-10-22 16:10 15,504 --a------ C:WindowsSystem32driversmbam.sys
2008-10-24 00:16 . 2008-10-24 18:20 <REP> d-------- C:Program FilesNavilog1
2008-10-20 19:21 . 1998-10-07 13:08 327,168 --a------ C:WindowsIsUn040c.exe
2008-10-15 19:59 . 2008-09-18 07:09 3,601,464 --a------ C:WindowsSystem32
tkrnlpa.exe
2008-10-15 19:59 . 2008-09-18 07:09 3,549,240 --a------ C:WindowsSystem32
toskrnl.exe
2008-10-15 19:59 . 2008-09-18 04:16 2,032,640 --a------ C:WindowsSystem32win32k.sys
2008-10-15 19:59 . 2008-10-02 05:49 827,392 --a------ C:WindowsSystem32wininet.dll
2008-10-15 19:59 . 2008-08-27 03:06 288,768 --a------ C:WindowsSystem32driverssrv.sys
2008-10-15 19:58 . 2008-10-02 03:32 1,383,424 --a------ C:WindowsSystem32mshtml.tlb
2008-10-03 13:15 . 2008-10-03 13:15 <REP> d----c--- C:WindowsSystem32DRVSTORE
2008-10-03 13:15 . 2008-04-17 13:12 107,368 --a------ C:WindowsSystem32GEARAspi.dll
2008-10-03 13:15 . 2008-04-17 13:12 15,464 --a------ C:WindowsSystem32driversGEARAspiWDM.sys
2008-10-03 13:14 . 2008-10-03 13:15 <REP> d-------- C:ProgramData{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 13:14 . 2008-10-03 13:15 <REP> d-------- C:Program FilesiTunes
2008-10-03 13:14 . 2008-10-03 13:14 <REP> d-------- C:Program FilesiPod
2008-10-03 13:12 . 2008-10-03 13:12 <REP> d-------- C:Program FilesQuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 20:40 45,056 ----a-w C:WindowsSystem32acovcnt.exe
2008-10-24 20:30 --------- d-----w C:ProgramDataGoogle Updater
2008-10-20 17:22 --------- d-----w C:Program FilesCommon FilesAdobe
2008-10-16 18:26 --------- d-----w C:Program FilesWindows Mail
2008-10-12 18:26 --------- d-----w C:UsersEvanno EmilieAppDataRoamingOFFICEOne7
2008-10-03 11:13 --------- d-----w C:Program FilesBonjour
2008-10-03 11:12 --------- d-----w C:Program FilesCommon FilesApple
2008-09-25 17:09 124 ----a-w C:UsersEvanno EmilieAppDataRoamingwklnhst.dat
2008-09-21 15:29 --------- d-----w C:UsersEvanno EmilieAppDataRoamingdvdcss
2008-09-10 09:02 --------- d-----w C:Program FilesMicrosoft Works
2008-09-09 21:08 --------- d-----w C:Program FilesLimeWire
2008-09-07 08:52 --------- d-----w C:UsersEvanno EmilieAppDataRoamingLimeWire
2008-08-29 08:18 87,336 ----a-w C:WindowsSystem32dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:WindowsSystem32dnssd.dll
2008-08-02 03:26 36,864 ----a-w C:WindowsSystem32cdd.dll
2008-07-31 03:32 460,288 ----a-w C:WindowsAppPatchAcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:WindowsSystem32Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:WindowsAppPatchAcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:WindowsAppPatchAcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:WindowsSystem32GameUXLegacyGDFs.dll
2008-05-12 14:29 174 --sha-w C:Program Filesdesktop.ini
2008-01-18 10:10 32 ----a-w C:ProgramDataezsid.dat
2007-08-30 07:13 16,384 --sha-w C:WindowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
2007-08-30 07:13 32,768 --sha-w C:WindowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
2007-08-30 07:13 16,384 --sha-w C:WindowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-12-12 68856]
"StartCCC"="C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2006-11-10 90112]
"Sidebar"="C:Program FilesWindows Sidebarsidebar.exe" [2008-01-19 1233920]
"PMCRemote"="C:Program FilesPinnacleShared FilesProgramsRemoteRemoterm.exe" [2007-07-04 253000]
"MsnMsgr"="C:Program FilesWindows LiveMessengermsnmsgr.exe" [2007-10-18 5724184]
"EPSON Stylus DX7000F Series"="C:Windowssystem32spoolDRIVERSW32X863E_FATIBKE.EXE" [2006-05-22 139264]
"ehTray.exe"="C:WindowsehomeehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2008-07-19 78008]
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" [2007-09-13 185632]
"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2006-11-22 815104]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07injusched.exe" [2008-06-10 144784]
"SMSERIAL"="C:Program FilesMotorolaSMSERIALsm56hlpr.exe" [2006-11-22 630784]
"PowerForPhone"="C:Program FilesPowerForPhonePowerForPhone.exe" [2007-01-16 778240]
"ooquickpdfv7"="C:Windowssystem32oopmagentts.exe" [2007-07-25 69632]
"NeroFilterCheck"="C:Program FilesCommon FilesAheadLibNeroCheck.exe" [2006-01-12 155648]
"ATKMEDIA"="C:Program FilesASUSATK MediaDMEDIA.EXE" [2006-11-02 61440]
"ASUS Screen Saver Protector"="C:WindowsASScrPro.exe" [2007-04-25 33136]
"ASUS Camera ScreenSaver"="C:WindowsASScrProlog.exe" [2007-04-25 37232]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:Program FilesCommon FilesAppleMobile Device SupportinAppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:WindowsRtHDVCpl.exe]
C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Adobe Gamma Loader.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2008-10-20 110592]
OFFICE One Startup v7.lnk - C:Program FilesOFFICE One v7OFFICE One Startup v7oostartupv7.exe [2007-07-25 713728]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"{804799A2-BAFC-4EB9-86BA-D9EB82950A96}"= C:Program FilesWindows LiveMessengerlivecall.exe:Windows Live Messenger (Phone)
"{96BAC17E-3980-4E19-8358-15B4FF3627E8}"= C:Program FilesWindows LiveMessengerlivecall.exe:Windows Live Messenger (Phone)
"{949A859A-5BC2-419A-A346-90C603087197}"= C:Program FilesWindows LiveMessengerlivecall.exe:Windows Live Messenger (Phone)
"{1652388C-7F96-40EB-8EBC-223D8AD3B67E}"= UDP:C:Program FilesLimeWireLimeWire.exe:LimeWire
"{64948144-7960-46CB-AB42-78BE8C555444}"= TCP:C:Program FilesLimeWireLimeWire.exe:LimeWire
"{CF5981AB-90CB-4789-96D8-00AA5F634E2C}"= C:Program FilesWindows LiveMessengerlivecall.exe:Windows Live Messenger (Phone)
"{197BA698-C20B-4124-B0E6-4F1D65B270BB}"= C:Program FilesWindows LiveMessengerlivecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6DF1ADC2-C23B-454B-AA78-A6FDBB7D717F}C:\program files\skype\phone\skype.exe"= UDP:C:program filesskypephoneskype.exe:Skype. Take a deep breath
"UDP Query User{681CC470-0558-46E5-B3A8-DA649D69BCF2}C:\program files\skype\phone\skype.exe"= TCP:C:program filesskypephoneskype.exe:Skype. Take a deep breath
"TCP Query User{B11218CF-28FB-4164-92E2-97F6CED10D8A}C:\users\evanno emilie\programme\emule\emule.exe"= UDP:C:usersevanno emilieprogrammeemuleemule.exe:emule.exe
"UDP Query User{6B765A5C-32DB-48F3-8380-4A1E8392250C}C:\users\evanno emilie\programme\emule\emule.exe"= TCP:C:usersevanno emilieprogrammeemuleemule.exe:emule.exe
"{D8B75661-DC41-4623-AACA-17E516A83A12}"= UDP:C:UsersEvanno EmilieProgrammeLimeWireLimeWire.exe:LimeWire
"{67CCE23C-0A98-4EC8-BDB4-FA84E35AA719}"= TCP:C:UsersEvanno EmilieProgrammeLimeWireLimeWire.exe:LimeWire
"{65D3027B-4F6D-4D05-9FF3-77EFFE1446D4}"= C:Program FilesWindows LiveMessengerlivecall.exe:Windows Live Messenger (Phone)
"{86253E47-471D-4637-8A85-47125822B3D9}"= UDP:C:UsersEvanno EmilieProgrammesLimeWireLimeWire.exe:LimeWire
"{F1E2C27C-BC8B-436D-9828-1958270078BC}"= TCP:C:UsersEvanno EmilieProgrammesLimeWireLimeWire.exe:LimeWire
"{C5CA3495-A7CF-41ED-AD36-78084D926F5B}"= UDP:C:UsersEvanno EmilieDesktoplimewireLimeWire.exe:LimeWire
"{117CEAC3-4188-410A-A8BD-157257829294}"= TCP:C:UsersEvanno EmilieDesktoplimewireLimeWire.exe:LimeWire
"{3C56B365-2228-42EA-BF73-A0E5DE12AE52}"= UDP:C:Program FilesBonjourmDNSResponder.exe:Bonjour
"{086E899E-7EDA-4DA9-9436-BA2DECD8346E}"= TCP:C:Program FilesBonjourmDNSResponder.exe:Bonjour
"{E7D68E55-08A5-493F-A682-D948185E4DEE}"= UDP:C:Program FilesiTunesiTunes.exe:iTunes
"{157FDED0-FE83-4013-BCA5-53D1A48DFAE9}"= TCP:C:Program FilesiTunesiTunes.exe:iTunes
[HKLM~servicessharedaccessparametersfirewallpolicyPublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;C:Windowssystem32driversaswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:Windowssystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:Windowssystem32DRIVERSaswMonFlt.sys [2008-07-19 51280]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:WindowsSystem32StkCSrv.exe [2006-12-11 24576]
R3 itecir;ITECIR Infrared Receiver;C:Windowssystem32DRIVERSitecir.sys [2006-11-25 45568]
R3 Ltn_stk7070P;PCTV based TV tuner device;C:Windowssystem32DRIVERSLtn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;C:Windowssystem32DRIVERSLtn_stkrc.sys [2007-06-13 13440]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:Windowssystem32DriversStkCMini.sys [2007-01-19 1324544]
R3 WCPU;WCPU;C:Program FilesP4GWCPU.sys [2007-01-03 11120]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]
shellAutoRuncommand - G:wd_windows_toolssetup.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9ef34d28-f8b7-11dc-b7bd-001a92f00f65}]
shellAutoRuncommand - H:LaunchU3.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d04a7776-892a-11dc-948b-001a92f00f65}]
shellAutoRuncommand - F:
anvrgn.exe
shellexploreCommand - F:
anvrgn.exe
shellopenCommand - F:
anvrgn.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{dc054cb5-5d6e-11dc-a40c-001a92f00f65}]
shellAutoRuncommand - G:wd_windows_toolssetup.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f6033340-56c3-11dc-a36d-001a92f00f65}]
shellAutoRuncommand - F:
anvrgn.exe
shellexploreCommand - F:
anvrgn.exe
shellopenCommand - F:
anvrgn.exe
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsccc-core-static]
msiexec /fums {8BB7F11E-4F20-9E97-0350-0EEDEF3C3D89} /qb
.
.
------- Examen supplémentaire -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O15 -: Trusted Zone: *.registration.sonystyle-europe.com
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-25 13:17:28
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-25 13:18:33
ComboFix-quarantined-files.txt 2008-10-25 11:18:22
Avant-CF: 23 930 454 016 octets libres
Après-CF: 25,914,085,376 octets libres
183 --- E O F --- 2008-10-25 01:01:01