C'est bon ouf! j 'ai redémarré l 'ordi et je peux enfin retourner sur internet.
Voici le rapport:
ComboFix 09-09-18.02 - Millaness 19/09/2009 13:10.1.2 - NTFSx86
Microsoft® Windows Vista™ Edition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1769 [GMT 2:00]
Lancé depuis: c:usersMillanessDesktopComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:windowsInstaller29ea6.msi
c:windowssystem32404Fix.exe
c:windowssystem32acovcnt.exe
c:windowssystem32Agent.OMZ.Fix.exe
c:windowssystem32dumphive.exe
c:windowssystem32IEDFix.C.exe
c:windowssystem32IEDFix.exe
c:windowssystem32o4Patch.exe
c:windowssystem32Process.exe
c:windowssystem32SrchSTS.exe
c:windowssystem32 mp.reg
c:windowssystem32VACFix.exe
c:windowssystem32VCCLSID.exe
c:windowssystem32WS2Fix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-19 au 2009-09-19 ))))))))))))))))))))))))))))))))))))
.
2009-09-19 11:15 . 2009-09-19 11:18 -------- d-----w- c:usersMillanessAppDataLocal emp
2009-09-19 11:15 . 2009-09-19 11:15 -------- d-----w- c:usersDefaultAppDataLocal emp
2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:program filesTrend Micro
2009-09-11 15:37 . 2009-08-14 16:27 904776 ----a-w- c:windowssystem32drivers cpip.sys
2009-09-11 15:37 . 2009-08-14 13:49 9728 ----a-w- c:windowssystem32TCPSVCS.EXE
2009-09-11 15:37 . 2009-08-14 13:49 27136 ----a-w- c:windowssystem32NETSTAT.EXE
2009-09-11 15:37 . 2009-08-14 13:49 19968 ----a-w- c:windowssystem32ARP.EXE
2009-09-11 15:37 . 2009-08-14 13:48 105984 ----a-w- c:windowssystem32
etiohlp.dll
2009-09-11 15:37 . 2009-08-14 13:49 17920 ----a-w- c:windowssystem32ROUTE.EXE
2009-09-11 15:37 . 2009-08-14 13:49 11264 ----a-w- c:windowssystem32MRINFO.EXE
2009-09-11 15:37 . 2009-08-14 13:49 8704 ----a-w- c:windowssystem32HOSTNAME.EXE
2009-09-11 15:37 . 2009-08-14 13:49 10240 ----a-w- c:windowssystem32finger.exe
2009-09-11 15:37 . 2009-08-14 13:48 30720 ----a-w- c:windowssystem32drivers cpipreg.sys
2009-09-11 15:37 . 2009-08-14 15:53 17920 ----a-w- c:windowssystem32
etevent.dll
2009-09-11 15:36 . 2009-06-10 11:41 2868224 ----a-w- c:windowssystem32mf.dll
2009-09-11 15:36 . 2009-07-11 19:01 513536 ----a-w- c:windowssystem32wlansvc.dll
2009-09-11 15:36 . 2009-07-11 19:01 302592 ----a-w- c:windowssystem32wlansec.dll
2009-09-11 15:36 . 2009-07-11 19:01 293376 ----a-w- c:windowssystem32wlanmsm.dll
2009-09-11 15:36 . 2009-07-11 19:01 65024 ----a-w- c:windowssystem32wlanapi.dll
2009-09-11 15:36 . 2009-07-11 17:03 127488 ----a-w- c:windowssystem32L2SecHC.dll
2009-09-04 17:32 . 2009-08-29 00:27 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-09-04 17:32 . 2009-08-29 00:14 28672 ----a-w- c:windowssystem32Apphlpdm.dll
2009-08-28 21:48 . 2009-08-28 22:37 -------- d-----w- c:programdataSpybot - Search & Destroy
2009-08-28 21:48 . 2009-08-28 21:48 -------- d-----w- c:program filesSpybot - Search & Destroy
2009-08-26 17:00 . 2009-06-22 10:09 2048 ----a-w- c:windowssystem32 zres.dll
2009-08-25 15:42 . 2009-08-25 15:42 -------- d-----w- c:programdataWindowsSearch
2009-08-23 21:56 . 2009-08-23 21:56 -------- d-----w- c:usersMillanessAppDataRoamingCyberLink
2009-08-20 20:23 . 2009-08-20 20:23 -------- d-----w- c:windowssystem32ca-ES
2009-08-20 20:23 . 2009-08-20 20:23 -------- d-----w- c:windowssystem32eu-ES
2009-08-20 20:23 . 2009-08-20 20:23 -------- d-----w- c:windowssystem32vi-VN
2009-08-20 20:15 . 2009-04-11 06:28 758784 ----a-w- c:windowssystem32qmgr.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 11:17 . 2009-06-04 09:23 17408 ----a-w- c:windowssystem32
pcnetp.exe
2009-09-19 11:17 . 2009-07-27 14:46 56680 ----a-w- c:windowssystem32
pcnet.dll
2009-09-19 11:16 . 2009-06-04 09:29 12 ----a-w- c:windowsthservsdp.dat
2009-09-19 11:08 . 2008-04-16 11:16 669890 ----a-w- c:windowssystem32perfh00C.dat
2009-09-19 11:08 . 2008-04-16 11:16 123896 ----a-w- c:windowssystem32perfc00C.dat
2009-09-19 11:01 . 2009-07-17 18:54 32251 ----a-w- c:programdata
vModes.dat
2009-09-11 15:41 . 2009-07-17 13:34 -------- d-----w- c:program filesMicrosoft Silverlight
2009-09-11 15:38 . 2006-11-02 11:18 -------- d-----w- c:program filesWindows Mail
2009-09-11 15:38 . 2009-06-04 09:38 -------- d-----w- c:programdataMicrosoft Help
2009-08-23 21:56 . 2009-06-04 09:53 -------- d-----w- c:programdataCyberLink
2009-08-20 20:32 . 2009-06-04 11:00 -------- d-----w- c:programdataNVIDIA
2009-08-20 20:24 . 2006-11-02 12:37 -------- d-----w- c:program filesWindows Calendar
2009-08-20 20:24 . 2006-11-02 12:37 -------- d-----w- c:program filesWindows Sidebar
2009-08-20 20:24 . 2006-11-02 12:37 -------- d-----w- c:program filesWindows Journal
2009-08-20 20:24 . 2006-11-02 12:37 -------- d-----w- c:program filesWindows Collaboration
2009-08-20 20:24 . 2006-11-02 12:37 -------- d-----w- c:program filesWindows Photo Gallery
2009-08-20 20:24 . 2006-11-02 12:37 -------- d-----w- c:program filesWindows Defender
2009-08-18 19:01 . 2009-07-27 14:51 55656 ----a-w- c:windowssystem32driversavgntflt.sys
2009-08-17 19:11 . 2009-07-17 13:30 -------- d-----w- c:program filesWindows Live
2009-08-17 19:11 . 2009-08-17 19:11 -------- d-----w- c:program filesMicrosoft Sync Framework
2009-08-15 20:14 . 2009-07-17 13:24 99864 ----a-w- c:usersMillanessAppDataLocalGDIPFONTCACHEV1.DAT
2009-08-15 20:03 . 2009-06-04 09:44 -------- d-----w- c:program filesMicrosoft Works
2009-07-29 15:31 . 2009-07-29 15:31 0 ----a-w- c:windows
sreg.dat
2009-07-28 17:45 . 2009-07-28 17:45 410984 ----a-w- c:windowssystem32deploytk.dll
2009-07-28 17:45 . 2009-07-28 17:45 -------- d-----w- c:program filesJava
2009-07-27 14:51 . 2009-07-27 14:51 -------- d-----w- c:programdataAvira
2009-07-27 14:51 . 2009-07-27 14:51 -------- d-----w- c:program filesAvira
2009-07-27 14:46 . 2009-07-27 14:46 56680 ----a-w- c:windowssystem32
pcnet.exe
2009-07-27 14:43 . 2009-06-04 09:27 17408 ----a-w- c:windowssystem32
pcnetp.dll
2009-07-27 14:36 . 2009-06-04 09:54 -------- d-----w- c:programdataNorton
2009-07-21 21:52 . 2009-08-15 17:24 915456 ----a-w- c:windowssystem32wininet.dll
2009-07-21 21:47 . 2009-08-15 17:24 109056 ----a-w- c:windowssystem32iesysprep.dll
2009-07-21 21:47 . 2009-08-15 17:24 71680 ----a-w- c:windowssystem32iesetup.dll
2009-07-21 20:13 . 2009-08-15 17:24 133632 ----a-w- c:windowssystem32ieUnatt.exe
2009-07-17 13:54 . 2009-08-15 19:43 71680 ----a-w- c:windowssystem32atl.dll
2009-07-15 12:40 . 2009-08-15 19:42 8147456 ----a-w- c:windowssystem32wmploc.DLL
2009-07-15 12:39 . 2009-08-15 19:42 313344 ----a-w- c:windowssystem32wmpdxm.dll
2009-07-15 12:39 . 2009-08-15 19:42 4096 ----a-w- c:windowssystem32dxmasf.dll
2009-07-15 12:39 . 2009-08-15 19:42 7680 ----a-w- c:windowssystem32spwmp.dll
2008-10-14 21:57 . 2008-10-14 21:57 106496 ----a-w- c:program filesCommon FilesCPInstallAction.dll
2008-05-22 15:35 . 2008-05-22 15:35 51962 ----a-w- c:program filesCommon Filesanner.jpg
2007-06-12 16:34 . 2007-06-12 16:34 35822 ----a-w- c:program filesCommon FilesASPG_icon.ico
2009-06-04 09:47 . 2009-06-04 09:47 8192 --sha-w- c:windowsUsersDefaultNTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOTCLSID{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:program filesASUSASUS Data Security ManagerOverlayIconShlExt1.dll
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:program filesCommon FilesLightScribeLightScribeControlPanel.exe" [2008-06-09 2363392]
"EA Core"="c:program filesElectronic ArtsEADMCore.exe" [2009-09-03 3342336]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-06-04 39408]
"msnmsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2009-01-26 2144088]
"WindowsWelcomeCenter"="oobefldr.dll" - c:windowsSystem32oobefldr.dll [2009-04-11 2153472]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Windows Defender"="c:program filesWindows DefenderMSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:program filesCyberLinkPower2GoCLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:program filesCyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-06-14 210216]
"IAAnotif"="c:program filesIntelIntel Matrix Storage Manageriaanotif.exe" [2008-07-21 182808]
"IaNvSrv"="c:program filesIntelIntel Matrix Storage ManagerOROMIaNvSrvIaNvSrv.exe" [2008-07-30 33304]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-10-02 13597216]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2008-10-02 92704]
"RtHDVCpl"="c:program filesRealtekAudioHDARtHDVCpl.exe" [2008-11-25 6691360]
"HControlUser"="c:program filesASUSATK HotkeyHControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:program filesASUSATKOSD2ATKOSD2.exe" [2008-09-03 8105984]
"ADSMTray"="c:program filesASUSASUS Data Security ManagerADSMTray.exe" [2009-06-04 272952]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-07-31 1348904]
"ATKMEDIA"="c:program filesASUSATK MediaDMedia.exe" [2008-08-19 159744]
"ACMON"="c:program filesASUSSplendidACMON.exe" [2008-10-01 851968]
"ASUS Screen Saver Protector"="c:windowsAsScrPro.exe" [2009-06-04 3054136]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2008-12-03 35184]
"avgnt"="c:program filesAviraAntiVir Desktopavgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:program filesJavajre6injusched.exe" [2009-07-28 148888]
"fssui"="c:program filesWindows LiveFamily Safetyfsui.exe" [2009-02-06 454000]
"Skytel"="c:program filesRealtekAudioHDASkytel.exe" [2008-11-25 1833504]
c:programdataMicrosoftWindowsStart MenuProgramsStartup
Bluetooth.lnk - c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2008-7-30 752168]
FancyStart daemon.lnk - c:windowsInstaller{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [2009-6-4 12862]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon
otifyspba]
2008-03-25 22:24 567560 ----a-w- c:program filesCommon FilesSPBAhomefus2.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
"VistaSp2"=hex(b):d7,70,1e,ff,d4,21,ca,01
[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"{56A03F6B-6B11-4702-A4E5-FA2D2CA82FEB}"= TCP:6004|c:program filesMicrosoft OfficeOffice12outlook.exe:Microsoft Office Outlook
"{9B80FAAB-3360-4105-B189-53C1696179B1}"= c:program filesWindows LiveSyncWindowsLiveSync.exe:Windows Live Sync
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:windowsSystem32driversiaNvStor.sys [04/06/2009 12:10 225304]
R0 lullaby;lullaby;c:windowsSystem32driverslullaby.sys [04/06/2009 13:23 15416]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:program filesAviraAntiVir Desktopsched.exe [27/07/2009 16:51 108289]
R2 fssfltr;FssFltr;c:windowsSystem32driversfssfltr.sys [17/07/2009 15:33 55264]
R2 fsssvc;Windows Live Contrôle parental;c:program filesWindows LiveFamily Safetyfsssvc.exe [06/02/2009 18:08 533360]
R2 SBSDWSCService;SBSD Security Center Service;c:program filesSpybot - Search & DestroySDWinSec.exe [28/08/2009 23:48 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:windowsSystem32driverstwl2cap.sys [04/06/2009 13:09 29736]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowsSystem32driversNETw5v32.sys [17/11/2008 01:40 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:windowsSystem32drivers
vhda32v.sys [24/09/2008 10:09 45600]
S2 Norton Internet Security;Norton Internet Security;"c:program filesNorton Internet SecurityEngine16.0.0.125ccSvcHst.exe" /s "Norton Internet Security" /m "c:program filesNorton Internet SecurityEngine16.0.0.125diMaster.dll" /prefetch:1 --> c:program filesNorton Internet SecurityEngine16.0.0.125ccSvcHst.exe [?]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:windowsSystem32
undll32.exe" "c:windowsSystem32iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:program filesCommon FilesLightScribeLSRunOnce.exe"
.
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
mStart Page =
hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000
FF - ProfilePath - c:usersMillanessAppDataRoamingMozillaFirefoxProfilesl9zcwptq.default
FF - prefs.js: browser.search.defaulturl -
hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: keyword.URL -
hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:program filesGooglePicasa3
pPicasa3.dll
FF - plugin: c:program filesMicrosoftOffice Live
pOLW.dll
FF - plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-09-19 13:17
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesNorton Internet Security]
"ImagePath"=""c:program filesNorton Internet SecurityEngine16.0.0.125ccSvcHst.exe" /s "Norton Internet Security" /m "c:program filesNorton Internet SecurityEngine16.0.0.125diMaster.dll" /prefetch:1"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1740)
c:program filesASUSASUS Data Security ManagerOverlayIconShlExt.dll
c:program filesASUSASUS Data Security ManagerOverlayIconShlExt1.dll
c:program filesAviraAntiVir Desktopshlext.dll
c:program filesASUSASUS Data Security ManagerAdsmendecExt.dll
.
------------------------ Autres processus actifs ------------------------
.
c:windowsSystem32
vvsvc.exe
c:windowsSystem32audiodg.exe
c:program filesASUSASUS Data Security ManagerADSMSrv.exe
c:program filesASUSATK HotkeyAsLdrSrv.exe
c:program filesATKGFNEXGFNEXSrv.exe
c:windowsSystem32
undll32.exe
c:program filesASUSSmartLogonsmartlogon.exe
c:program filesCommon FilesSPBAupeksvr.exe
c:program filesAviraAntiVir Desktopavguard.exe
c:program filesWIDCOMMBluetooth Softwareintwdins.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:windowsSystem32
pcnet.exe
c:program filesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
c:program filesIntelIntel Matrix Storage ManagerIAANTmon.exe
c:program filesASUSASUS CopyProtectASPG.exe
c:program filesASUSSmartLogonsensorsrv.exe
c:program filesP4GBatteryLife.exe
c:program filesASUSATK HotkeyMsgTranAgt.exe
c:program filesASUSATK HotkeyHControl.exe
c:program filesWireless Console 2wcourier.exe
c:program filesASUSATK HotkeyATKOSD.exe
c:program filesASUSATK HotkeyKBFiltr.exe
c:program filesASUSATK HotkeyWDC.exe
c:windowsSystem32ACEngSvr.exe
c:windowsservicingTrustedInstaller.exe
c:windowsSystem32wbemWMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2009-09-19 13:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-19 11:22
Avant-CF: 179 939 258 368 octets libres
Après-CF: 179 781 935 104 octets libres
243 --- E O F --- 2009-09-18 17:16