Cheval de Troie Rootkit.gen • page 2

[bernard53]

Je dois partir au boulot je vois ton rapport ce soir

[neospirit]

rapport combofix : (lors du 1° lancement, il a du buguer car un vilain écran bleu est apparu me disant des choses pas très rassurantes...alors j'ai redémarré l'ordi et relancé combofix)

voila :

ComboFix 10-04-06.03 - Etienne 07/04/2010 12:57:19.4.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.511 [GMT 2:00]
Lancé depuis: c:\documents and settings\Etienne\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Etienne\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\NetworkService\Application Data\ypgmjw.dat"
"c:\windows\system32\fjhdyfhsn.bat"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Etienne\rthdcpl .exe
c:\documents and settings\Etienne\rthdcpl.exe
c:\documents and settings\NetworkService\Application Data\ypgmjw.dat
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\fjhdyfhsn.bat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-07 au 2010-04-07 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 20:45 . 2010-05-12 20:45 -------- d-----w- c:\program files\microsoft frontpage
2010-05-12 20:43 . 2010-05-12 20:43 -------- d-----w- c:\program files\Services en ligne
2010-05-12 20:43 . 2010-05-12 20:43 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-07 10:57 . 2009-12-01 16:12 -------- d-----w- c:\program files\iTunes
2010-04-06 21:21 . 2009-08-26 22:40 -------- d-----w- c:\documents and settings\Etienne\Application Data\vlc
2010-04-06 19:19 . 2009-09-10 08:48 -------- d-----w- c:\program files\QuickTime
2010-04-06 15:44 . 2010-04-06 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-06 15:35 . 2009-06-23 11:08 37376 ----a-w- c:\windows\asscrpro.exe
2010-04-06 15:35 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\igfxpers.exe
2010-04-06 15:35 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\hkcmd.exe
2010-04-06 15:35 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\igfxtray.exe
2010-04-06 15:25 . 2010-03-25 18:26 -------- d-----w- c:\documents and settings\Etienne\Application Data\uTorrent
2010-04-06 15:16 . 2009-08-31 00:07 -------- d-----w- c:\documents and settings\Etienne\Application Data\dvdcss
2010-04-06 13:37 . 2010-03-25 18:47 -------- d-----w- c:\program files\DreaMule
2010-04-06 09:58 . 2009-09-10 08:37 1 ----a-w- c:\documents and settings\Etienne\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-05 10:51 . 2010-04-05 10:51 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:57 . 2010-04-02 14:57 -------- d-----w- c:\program files\uTorrent
2010-03-31 19:17 . 2010-05-12 22:32 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 19:17 . 2010-05-12 22:32 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-16 13:19 . 2010-03-16 13:19 -------- d-----w- c:\program files\Prg Chris
2010-03-11 07:02 . 2009-06-23 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 19:48 . 2010-03-08 19:47 -------- d-----w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-03-07 12:42 . 2009-08-26 12:50 -------- d-----w- c:\documents and settings\Etienne\Application Data\Skype
2010-03-07 12:41 . 2009-10-12 20:20 -------- d-----w- c:\documents and settings\Etienne\Application Data\skypePM
2010-02-25 06:17 . 2010-05-12 22:32 916480 ------w- c:\windows\system32\wininet.dll
2010-02-23 21:58 . 2009-11-03 12:55 -------- d-----w- c:\documents and settings\Etienne\Application Data\U3
2010-02-18 18:31 . 2009-08-26 22:14 -------- d-----w- c:\program files\Messenger Plus! Live
2010-02-12 10:03 . 2010-03-08 19:49 293376 ------w- c:\windows\system32\browserchoice.exe
.

Code: Tout sélectionner

<pre>
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-04-06_16.48.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-07 10:53 . 2010-04-07 10:53 16384 c:\windows\temp\Perflib_Perfdata_b4.dat
+ 2010-04-06 18:32 . 2008-04-13 09:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2010-04-06 18:32 . 2008-04-13 09:40 62976 c:\windows\system32\dllcache\cdrom.sys
+ 2009-07-07 01:27 . 2010-04-06 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-07-07 01:27 . 2010-04-06 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-06 18:30 . 2010-04-06 19:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 37376]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 37376]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 37376]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-04-06 37376]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-08-27 735208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Etienne\Menu D‚marrer\Programmes\D‚marrage\
ihaupd32.exe [2008-4-14 37376]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
wwwmen32.exe [2008-4-14 31232]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-23 376832]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Données Etienne Eee\\Age Of Empire II\\age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DreaMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 10:44 108289]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 09:26 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 09:26 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [23/06/2009 10:11 1684736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Etienne\Application Data\Mozilla\Firefox\Profiles\b8162q62.default\
FF - prefs.js: browser.startup.homepage - http://www.google.fr
FF - plugin: c:\documents and settings\Etienne\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 13:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2010-04-07 13:06:20
ComboFix-quarantined-files.txt 2010-04-07 11:06
ComboFix2.txt 2010-04-06 19:35
ComboFix3.txt 2010-04-06 18:34
ComboFix4.txt 2010-04-06 16:52

Avant-CF: 8 798 322 688 octets libres
Après-CF: 8 765 116 416 octets libres

- - End Of File - - B959ABAE44C89AC5D9F7D84A90EED622

[neospirit]

ok, très bien.
Merci beaucoup pour votre aide.

[bernard53]

Et voila avant que je parte

Bon super cette fois il n'ya plus qu'un petit reste.

Dis moi tu connais ce dossier.

c:\program files\Prg Chris

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

RenV::
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:




Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

[neospirit]

voici le rapport de ce soir :

ComboFix 10-04-06.03 - Etienne 07/04/2010 18:54:55.5.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.389 [GMT 2:00]
Lancé depuis: c:\documents and settings\Etienne\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Etienne\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Etienne\rthdcpl.exe
c:\program files\Adobe\acrotray .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\asscrpro .exe
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-07 au 2010-04-07 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 20:45 . 2010-05-12 20:45 -------- d-----w- c:\program files\microsoft frontpage
2010-05-12 20:43 . 2010-05-12 20:43 -------- d-----w- c:\program files\Services en ligne
2010-05-12 20:43 . 2010-05-12 20:43 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-07 16:39 . 2009-12-01 16:12 -------- d-----w- c:\program files\iTunes
2010-04-07 16:39 . 2009-06-23 11:08 37376 ----a-w- c:\windows\asscrpro.exe
2010-04-07 16:39 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\igfxpers.exe
2010-04-07 16:39 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\hkcmd.exe
2010-04-07 16:37 . 2010-04-07 16:37 8 ----a-w- c:\documents and settings\NetworkService\Application Data\ypgmjw.dat
2010-04-06 21:21 . 2009-08-26 22:40 -------- d-----w- c:\documents and settings\Etienne\Application Data\vlc
2010-04-06 19:19 . 2009-09-10 08:48 -------- d-----w- c:\program files\QuickTime
2010-04-06 15:44 . 2010-04-06 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-06 15:35 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\igfxtray.exe
2010-04-06 15:25 . 2010-03-25 18:26 -------- d-----w- c:\documents and settings\Etienne\Application Data\uTorrent
2010-04-06 15:16 . 2009-08-31 00:07 -------- d-----w- c:\documents and settings\Etienne\Application Data\dvdcss
2010-04-06 13:37 . 2010-03-25 18:47 -------- d-----w- c:\program files\DreaMule
2010-04-06 09:58 . 2009-09-10 08:37 1 ----a-w- c:\documents and settings\Etienne\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-05 10:51 . 2010-04-05 10:51 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:57 . 2010-04-02 14:57 -------- d-----w- c:\program files\uTorrent
2010-03-31 19:17 . 2010-05-12 22:32 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 19:17 . 2010-05-12 22:32 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-11 07:02 . 2009-06-23 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 19:48 . 2010-03-08 19:47 -------- d-----w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-03-07 12:42 . 2009-08-26 12:50 -------- d-----w- c:\documents and settings\Etienne\Application Data\Skype
2010-03-07 12:41 . 2009-10-12 20:20 -------- d-----w- c:\documents and settings\Etienne\Application Data\skypePM
2010-02-25 06:17 . 2010-05-12 22:32 916480 ------w- c:\windows\system32\wininet.dll
2010-02-23 21:58 . 2009-11-03 12:55 -------- d-----w- c:\documents and settings\Etienne\Application Data\U3
2010-02-18 18:31 . 2009-08-26 22:14 -------- d-----w- c:\program files\Messenger Plus! Live
2010-02-12 10:03 . 2010-03-08 19:49 293376 ------w- c:\windows\system32\browserchoice.exe
.

Code: Tout sélectionner

<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ASUS\LiveUpdate\liveupdate .exe
c:\program files\EeePC\ACPI\asacpisvr .exe
c:\program files\EeePC\ACPI\asepcmon .exe
c:\program files\EeePC\ACPI\astray .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Synaptics\SynTP\synasusacpi .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-04-06_16.48.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-07 16:37 . 2010-04-07 16:37 16384 c:\windows\temp\Perflib_Perfdata_c4.dat
+ 2010-04-06 18:32 . 2008-04-13 09:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2010-04-06 18:32 . 2008-04-13 09:40 62976 c:\windows\system32\dllcache\cdrom.sys
+ 2009-07-07 01:27 . 2010-04-07 16:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-07 01:27 . 2010-04-07 16:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2010-04-07 16:37 . 2010-04-07 16:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 37376]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 37376]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 37376]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-04-07 37376]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2010-04-07 37376]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2010-04-07 37376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-07 37376]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-07 37376]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-04-07 37376]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-04-07 37376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-07 37376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-07 37376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-07 37376]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Etienne\Menu D‚marrer\Programmes\D‚marrage\
ihaupd32.exe [2008-4-14 37376]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
wwwmen32.exe [2008-4-14 31232]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-23 376832]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-07 16:39 37376 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Données Etienne Eee\\Age Of Empire II\\age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DreaMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 10:44 108289]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 09:26 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 09:26 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [23/06/2009 10:11 1684736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Etienne\Application Data\Mozilla\Firefox\Profiles\b8162q62.default\
FF - prefs.js: browser.startup.homepage - http://www.google.fr
FF - plugin: c:\documents and settings\Etienne\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 19:00
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2010-04-07 19:02:10
ComboFix-quarantined-files.txt 2010-04-07 17:02
ComboFix2.txt 2010-04-07 11:06
ComboFix3.txt 2010-04-06 19:35
ComboFix4.txt 2010-04-06 18:34
ComboFix5.txt 2010-04-07 16:48

Avant-CF: 8 769 318 912 octets libres
Après-CF: 8 739 475 456 octets libres

- - End Of File - - 5A25B6E52FDC31A3C9220DC149A3377E

Autre question, j'ai un message d'erreur concernant

ihaupd32.exe

à chaque allumage de l'ordi? Dois-je m'inquiéter?

Ah, et j'ai supprimer le dossier

c:\program files\Prg Chris

ainsi que tout ce qui s'y affilié. J'avais installé ce programme.

[bernard53]

On est bien d'accord dans l'immédiat ne réinstalle pas de logiciel s.t.p

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

killall::

RenV::
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ASUS\LiveUpdate\liveupdate .exe
c:\program files\EeePC\ACPI\asacpisvr .exe
c:\program files\EeePC\ACPI\asepcmon .exe
c:\program files\EeePC\ACPI\astray .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Synaptics\SynTP\synasusacpi .exe
c:\program files\Synaptics\SynTP\syntpenh .exe +
File::
c:\documents and settings\NetworkService\Application Data\ypgmjw.dat
c:\documents and settings\Etienne\Menu Démarrer\Programmes\Démarrage

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:




Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

[neospirit]

rapport :

ComboFix 10-04-06.03 - Etienne 07/04/2010 20:14:29.6.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.591 [GMT 2:00]
Lancé depuis: c:\documents and settings\Etienne\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Etienne\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Etienne\Menu Démarrer\Programmes\Démarrage"
"c:\documents and settings\NetworkService\Application Data\ypgmjw.dat"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\ypgmjw.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-07 au 2010-04-07 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 20:45 . 2010-05-12 20:45 -------- d-----w- c:\program files\microsoft frontpage
2010-05-12 20:43 . 2010-05-12 20:43 -------- d-----w- c:\program files\Services en ligne
2010-05-12 20:43 . 2010-05-12 20:43 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-07 18:14 . 2009-12-01 16:12 -------- d-----w- c:\program files\iTunes
2010-04-07 16:39 . 2009-06-23 11:08 37376 ----a-w- c:\windows\asscrpro.exe
2010-04-07 16:39 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\igfxpers.exe
2010-04-07 16:39 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\hkcmd.exe
2010-04-06 21:21 . 2009-08-26 22:40 -------- d-----w- c:\documents and settings\Etienne\Application Data\vlc
2010-04-06 19:19 . 2009-09-10 08:48 -------- d-----w- c:\program files\QuickTime
2010-04-06 15:44 . 2010-04-06 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-06 15:35 . 2009-06-23 08:08 37376 ----a-w- c:\windows\system32\igfxtray.exe
2010-04-06 15:25 . 2010-03-25 18:26 -------- d-----w- c:\documents and settings\Etienne\Application Data\uTorrent
2010-04-06 15:16 . 2009-08-31 00:07 -------- d-----w- c:\documents and settings\Etienne\Application Data\dvdcss
2010-04-06 13:37 . 2010-03-25 18:47 -------- d-----w- c:\program files\DreaMule
2010-04-06 09:58 . 2009-09-10 08:37 1 ----a-w- c:\documents and settings\Etienne\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-05 10:51 . 2010-04-05 10:51 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:57 . 2010-04-02 14:57 -------- d-----w- c:\program files\uTorrent
2010-03-31 19:17 . 2010-05-12 22:32 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 19:17 . 2010-05-12 22:32 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-11 07:02 . 2009-06-23 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 19:48 . 2010-03-08 19:47 -------- d-----w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-03-07 12:42 . 2009-08-26 12:50 -------- d-----w- c:\documents and settings\Etienne\Application Data\Skype
2010-03-07 12:41 . 2009-10-12 20:20 -------- d-----w- c:\documents and settings\Etienne\Application Data\skypePM
2010-02-25 06:17 . 2010-05-12 22:32 916480 ------w- c:\windows\system32\wininet.dll
2010-02-23 21:58 . 2009-11-03 12:55 -------- d-----w- c:\documents and settings\Etienne\Application Data\U3
2010-02-18 18:31 . 2009-08-26 22:14 -------- d-----w- c:\program files\Messenger Plus! Live
2010-02-12 10:03 . 2010-03-08 19:49 293376 ------w- c:\windows\system32\browserchoice.exe
.

Code: Tout sélectionner

<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ASUS\LiveUpdate\liveupdate .exe
c:\program files\EeePC\ACPI\asacpisvr .exe
c:\program files\EeePC\ACPI\asepcmon .exe
c:\program files\EeePC\ACPI\astray .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Synaptics\SynTP\synasusacpi .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\windows\asscrpro .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-04-06_16.48.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-07 18:19 . 2010-04-07 18:19 16384 c:\windows\temp\Perflib_Perfdata_8c.dat
+ 2010-04-06 18:32 . 2008-04-13 09:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2010-04-06 18:32 . 2008-04-13 09:40 62976 c:\windows\system32\dllcache\cdrom.sys
+ 2009-07-07 01:27 . 2010-04-07 16:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-07 01:27 . 2010-04-07 16:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 37376]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 37376]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 37376]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-04-07 37376]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2010-04-07 37376]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2010-04-07 37376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-07 37376]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-07 37376]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-04-07 37376]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-04-07 37376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-07 37376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-07 37376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-07 37376]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Etienne\Menu D‚marrer\Programmes\D‚marrage\
ihaupd32.exe [2008-4-14 37376]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
wwwmen32.exe [2008-4-14 31232]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-23 376832]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-07 18:22 37376 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Données Etienne Eee\\Age Of Empire II\\age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DreaMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 10:44 108289]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 09:26 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 09:26 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [23/06/2009 10:11 1684736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]
.
Contenu du dossier 'Tâches planifiées'

2010-04-07 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]

2010-04-07 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-07 18:22]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Etienne\Application Data\Mozilla\Firefox\Profiles\b8162q62.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\documents and settings\Etienne\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(4056)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\synaptics\syntp\syntpenh .exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-04-07 20:24:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-07 18:24
ComboFix2.txt 2010-04-07 17:02
ComboFix3.txt 2010-04-07 11:06
ComboFix4.txt 2010-04-06 19:35
ComboFix5.txt 2010-04-07 18:13

Avant-CF: 8 710 971 392 octets libres
Après-CF: 8 675 127 296 octets libres

- - End Of File - - 6AA41489A2926A3B85E0643C0565038B

On est d'accord que je n'installe aucun programme non. Le logiciel avait été installé antérieurement au début de la manipulation.

Ihaupd32.exe est toujours présent au démarrage. :$

[bernard53]

OK refait un passage de Ccleaner et vide bien tout les fichiers temporaires.

Ensuite ceci.

Installe Malewarebytes' Antimalware,
Téléchargement et tuto

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.
*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.

Ensuite ::

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

killall::
AtJob::
RenV::
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ASUS\LiveUpdate\liveupdate .exe
c:\program files\EeePC\ACPI\asacpisvr .exe
c:\program files\EeePC\ACPI\asepcmon .exe
c:\program files\EeePC\ACPI\astray .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Synaptics\SynTP\synasusacpi .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\windows\asscrpro .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe

File::
c:\documents and settings\Etienne\Menu D‚marrer\Programmes\D‚marrage\ihaupd32.exe
c:\documents and settings\Etienne\Menu D‚marrer\Programmes\D‚marrage\wwwmen32.exe

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:




Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



***Reprends bien ceci que je viens de réditer**

[neospirit]

je ne peux pas executer MBAM car j'ai le même problème que quand j'avais voulu installer ATF-cleaner..

Cette application n'a pas pu démarrer car MSVBVM60.DLL est introuvable. La réinstallation de cette application peut corriger ce problème.

je fais quand même le combofix?

[bernard53]

Une petite minute je te donne ce DLL que tu mets dans C:\ Windows\system32

[bernard53]

Récupères le ici.

http://www.cijoint.fr/cjlink.php?file=c ... Dy19v3.zip

Puis tu le dézippe.

[neospirit]

l'examen est lancé...il y a déjà 32 infections.. :$

[bernard53]

l'examen est lancé...il y a déjà 32 infections.. :$

super surtout supprimes tout ce qui est trouvé

[neospirit]

le rapport de MBAM :

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3966

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/04/2010 22:55:58
mbam-log-2010-04-07 (22-55-58).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 158110
Temps écoulé: 1 heure(s), 6 minute(s), 18 seconde(s)

Processus mémoire infecté(s): 7
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 13
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 127

Processus mémoire infecté(s):
C:\WINDOWS\system32\igfxtray.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\EeePC\ACPI\asepcmon.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\EeePC\ACPI\astray.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\iTunes\iTunesHelper.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asusacpiserver (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asusepcmonitor (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asustray (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ituneshelper (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hotkeyscmds (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\persistence (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntpenh (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\synasusacpi (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asus screen saver protector (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe reader speed launcher (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Etienne\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\igfxtray.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\EeePC\ACPI\asepcmon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\EeePC\ACPI\astray.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\iTunes\iTunesHelper.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkcmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Synaptics\SynTP\syntpenh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\asscrpro.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Etienne\rthdcpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Etienne\Menu Démarrer\Programmes\Démarrage\ihaupd32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\QuickTime\qttask .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\QuickTime\qttask .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\QuickTime\qttask .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\QuickTime\qttask.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Etienne\rthdcpl .exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Etienne\rthdcpl.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Etienne\wuaucldt .exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Etienne\wuaucldt.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray .exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\asscrpro .exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hkcmd .exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxpers .exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rthdcpl.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wdgwx.dll.vir (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000021.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000022.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000023.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000024.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000025.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000026.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000027.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000028.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000030.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000033.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000039.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000040.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000041.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000042.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000059.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000289.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000173.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000192.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000262.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0000282.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001053.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001054.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001055.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001056.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001057.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001058.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001059.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001060.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001061.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001062.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001063.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001064.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001160.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001161.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001177.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001184.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001192.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001301.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001314.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001395.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001404.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001447.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001448.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001449.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001450.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001451.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001452.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001453.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001454.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001455.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001456.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001457.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001458.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001459.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001480.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001481.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001482.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001485.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001488.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001489.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001491.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001492.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001493.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001494.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001495.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002480.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002481.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002482.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002485.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002486.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002487.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002488.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002491.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002492.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002493.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001410.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0001483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002489.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002588.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002757.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002758.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002759.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98A3BAD-A175-4B0C-8961-C8189C0EDD33}\RP1\A0002902.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\asscrpro .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkcmd .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igfxpers .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

[neospirit]

le dernier rapport combofix :

ComboFix 10-04-06.03 - Etienne 07/04/2010 23:08:44.7.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.619 [GMT 2:00]
Lancé depuis: c:\documents and settings\Etienne\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Etienne\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Etienne\Menu D‚marrer\Programmes\D‚marrage\ihaupd32.exe"
"c:\documents and settings\Etienne\Menu D‚marrer\Programmes\D‚marrage\wwwmen32.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-07 au 2010-04-07 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 20:45 . 2010-05-12 20:45 -------- d-----w- c:\program files\microsoft frontpage
2010-05-12 20:43 . 2010-05-12 20:43 -------- d-----w- c:\program files\Services en ligne
2010-05-12 20:43 . 2010-05-12 20:43 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-07 21:08 . 2009-12-01 16:12 -------- d-----w- c:\program files\iTunes
2010-04-07 21:02 . 2009-09-10 08:37 1 ----a-w- c:\documents and settings\Etienne\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-07 20:58 . 2009-08-26 22:40 -------- d-----w- c:\documents and settings\Etienne\Application Data\vlc
2010-04-07 20:55 . 2009-09-10 08:48 -------- d-----w- c:\program files\QuickTime
2010-04-07 20:10 . 2009-08-31 00:07 -------- d-----w- c:\documents and settings\Etienne\Application Data\dvdcss
2010-04-07 19:45 . 2010-04-07 19:45 -------- d-----w- c:\documents and settings\Etienne\Application Data\Malwarebytes
2010-03-11 07:02 . 2009-06-23 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 19:48 . 2010-03-08 19:47 -------- d-----w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-03-08 19:47 . 2010-03-08 19:47 290816 ----a-w- c:\documents and settings\Etienne\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-03-07 12:42 . 2009-08-26 12:50 -------- d-----w- c:\documents and settings\Etienne\Application Data\Skype
2010-03-07 12:41 . 2009-10-12 20:20 -------- d-----w- c:\documents and settings\Etienne\Application Data\skypePM
2010-02-25 06:17 . 2010-05-12 22:32 916480 ------w- c:\windows\system32\wininet.dll
2010-02-23 21:58 . 2009-11-03 12:55 -------- d-----w- c:\documents and settings\Etienne\Application Data\U3
2010-02-18 18:31 . 2009-08-26 22:14 -------- d-----w- c:\program files\Messenger Plus! Live
2010-02-12 10:03 . 2010-03-08 19:49 293376 ------w- c:\windows\system32\browserchoice.exe
.

Code: Tout sélectionner

<pre>
c:\program files\QuickTime\qttask     .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-04-06_16.48.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-07 21:15 . 2010-04-07 21:15 16384 c:\windows\temp\Perflib_Perfdata_71c.dat
- 2009-06-23 08:08 . 2010-04-06 16:49 37376 c:\windows\system32\igfxpers.exe
+ 2009-06-23 08:08 . 2010-04-07 18:21 37376 c:\windows\system32\igfxpers.exe
+ 2010-04-07 19:45 . 2010-03-29 22:46 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-04-07 19:45 . 2010-03-29 22:45 20824 c:\windows\system32\drivers\mbam.sys
+ 2010-04-06 18:32 . 2008-04-13 09:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2010-04-06 18:32 . 2008-04-13 09:40 62976 c:\windows\system32\dllcache\cdrom.sys
+ 2009-07-07 01:27 . 2010-04-07 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-07-07 01:27 . 2010-04-07 18:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-07-07 01:27 . 2010-04-06 15:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-07 18:27 . 2010-04-07 18:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-07 19:44 . 2008-04-13 17:33 1384479 c:\windows\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-08-27 735208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Etienne\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
wwwmen32.exe [2008-4-14 31232]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-23 376832]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Données Etienne Eee\\Age Of Empire II\\age2_x1\\age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DreaMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 10:44 108289]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 09:26 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 09:26 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [23/06/2009 10:11 1684736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Etienne\Application Data\Mozilla\Firefox\Profiles\b8162q62.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\documents and settings\Etienne\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 23:16
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1612)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2010-04-07 23:19:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-07 21:19
ComboFix2.txt 2010-04-07 18:24
ComboFix3.txt 2010-04-07 17:02
ComboFix4.txt 2010-04-07 11:06
ComboFix5.txt 2010-04-07 21:07

Avant-CF: 8 674 537 472 octets libres
Après-CF: 8 642 596 864 octets libres

- - End Of File - - 7C98D16847580096A5DC35041ED7AD93