infectés de spyware? - Sécurité, virus et assimilés::Trojan et spywares

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

1 2

peyo4010

Posté le 14/05/2008 22:38:46

Bonjour,

Mon ordinateur m'indique sans arret quand je navigue "internet secure" ou un truc comme ça et j'ai malwarrior qui veut toujours se mettre ou qui me demande toujours de m'enregistrer.

Voilà je sais pas si c'est clair

Merci de votre aide

Mérillym

Modérateur/Helper
:-)

Posté le 15/05/2008 04:14:38

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

Double clique sur HJTInstall.exe pour lancer l'installation.

Clique sur Install.

Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.

Accepte la licence en cliquant sur Yes.

Clique sur "Do a system scan and save a logfile".

Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

-------
Dossier prévention>à lire
Si vous vous faites déjà aider sur un autre forum, merci de me le dire !

peyo4010

Posté le 15/05/2008 10:24:23

Bonjour,

voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:51, on 15/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\9129837.exe
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {DBFC4BC2-5D6F-4151-ACB9-A6FF7348AFAB} - C:\Windows\system32\rQhFxwvT.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBuVPjh.dll,#1
O4 - HKLM\..\Run: [be9a9c89] rundll32.exe "C:\Windows\system32\mykvsrim.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ttool] C:\Windows\9129837.exe
O4 - HKCU\..\Run: [MalWarrior] "C:\ProgramData\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB58AADC-A68D-4C10-8EA0-A40D603497DE}: NameServer = 192.168.1.1
O21 - SSODL: WLGFRFYqZMDyD - {BE9A9C27-1430-368D-2DE6-65FEA8E350E5} - C:\Windows\system32\obwab.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10755 bytes

Mérillym

Modérateur/Helper
:-)

Posté le 15/05/2008 11:03:41

Re,

==> Désactive l'UAC( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
Et affiche les dossiers/fichiers cachés : http://www.micro-astuce.com/Forum/topic1607.html

==> Désactive toute protection résidente ( antivirus…) ! Aide ici : http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm

Télécharge Combofix de sUBs

Sauvegarde le sur ton bureau et pas ailleurs !

Redémarre en mode sans échecs

Note : /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Déconnecte-toi d’internet, ferme tous les programmes en cours.

Double-clic sur combofix.exe ( le .exe peut ne pas apparaître ).

Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.

Laisse combofix travailler : ne fais donc pas autre chose en même temps ! Et surtout ne clique pas sur la fenêtre avec ta souris au risque de planter le PC.

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

Aide : Un guide et un tutoriel sur l'utilisation de ComboFix

==> Copie/colle un nouveau rapport HiJackThis avec.

-------
Dossier prévention>à lire
Si vous vous faites déjà aider sur un autre forum, merci de me le dire !

peyo4010

Posté le 15/05/2008 13:45:25

Re,

Voici le rapport combofix:

ComboFix 08-05-12.1 - hp 2008-05-15 13:24:04.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.738 [GMT 2:00]
Endroit: C:\Users\hp\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\9129837.exe
C:\WINDOWS\System32\abJiQXyb.ini
C:\WINDOWS\System32\abJiQXyb.ini2
C:\WINDOWS\System32\Egfedccf.ini
C:\WINDOWS\System32\Egfedccf.ini2
C:\Windows\system32\meptipac.ini
C:\Windows\system32\mirsvkym.ini
C:\WINDOWS\System32\OpVwaKkj.ini
C:\WINDOWS\System32\OpVwaKkj.ini2
C:\WINDOWS\System32\OrBKRXbc.ini
C:\WINDOWS\System32\OrBKRXbc.ini2
C:\WINDOWS\System32\TvwxFhQr.ini
C:\WINDOWS\System32\TvwxFhQr.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 11:17 12,884 ----a-w C:\Users\hp\AppData\Roaming\nvModes.dat
2008-05-15 11:16 --------- d-----w C:\Users\hp\AppData\Roaming\OpenOffice.org2
2008-05-15 08:22 --------- d-----w C:\Program Files\Trend Micro
2008-05-14 20:28 --------- d-----w C:\Program Files\Java
2008-05-13 08:54 --------- d-----w C:\ProgramData\Adsl Software Limited
2008-05-13 02:48 102,400 ----a-w C:\Windows\oadkxrts.exe
2008-05-12 19:00 --------- d-----w C:\Program Files\Picasa2
2008-05-12 18:42 --------- d-----w C:\Program Files\QuickTime
2008-05-12 18:41 --------- d-----w C:\ProgramData\Apple Computer
2008-05-12 18:39 --------- d-----w C:\ProgramData\Apple
2008-05-12 18:39 --------- d-----w C:\Program Files\Apple Software Update
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-09 11:57 --------- d-----w C:\Users\hp\AppData\Roaming\Image Zone Express
2008-05-07 21:20 --------- d-----w C:\ProgramData\Roxio
2008-05-07 21:11 --------- d-----w C:\Program Files\GSpot
2008-05-06 21:30 --------- d-----w C:\ProgramData\CyberLink
2008-05-01 15:36 --------- d-----w C:\Program Files\Micro Application
2008-04-26 20:48 --------- d-----w C:\Program Files\L'Entraîneur 2007
2008-04-21 11:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-21 10:40 --------- d-----w C:\Users\hp\AppData\Roaming\temp
2008-04-17 16:24 --------- d-----w C:\Program Files\GameShadow
2008-04-17 16:06 --------- d--h--r C:\Users\hp\AppData\Roaming\SecuROM
2008-04-17 15:53 --------- d-----w C:\Program Files\EA SPORTS
2008-04-15 20:43 --------- d-----w C:\Program Files\Cyanide
2008-04-15 08:57 --------- d-----w C:\Program Files\directx
2008-04-15 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 14:01 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-14 13:49 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-14 13:48 --------- d-----w C:\Users\hp\AppData\Roaming\DAEMON Tools
2008-04-14 13:34 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-04-14 11:58 65,024 ----a-w C:\Windows\IFinst26.exe
2008-04-14 11:58 --------- d-----w C:\Program Files\Xvid
2008-04-14 11:58 --------- d-----w C:\Program Files\Lame MP3 Codec
2008-04-14 11:57 --------- d-----w C:\Users\hp\AppData\Roaming\DataCast
2008-04-14 11:56 --------- d-----w C:\Program Files\Samsung
2008-04-14 11:56 --------- d-----w C:\Program Files\MarkAny
2008-04-14 11:55 --------- d-----w C:\Users\hp\AppData\Roaming\InstallShield
2008-04-11 18:10 --------- d-----w C:\Users\hp\AppData\Roaming\Roxio
2008-04-11 09:41 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 22:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 12:13 --------- d-----w C:\Program Files\HP
2008-04-09 12:13 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-07 19:05 --------- d-----w C:\Users\hp\AppData\Roaming\Ahead
2008-04-07 19:05 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-04 12:46 --------- d-----w C:\Users\hp\AppData\Roaming\Printer Info Cache
2008-04-04 12:35 --------- d-----w C:\Users\hp\AppData\Roaming\HP
2008-04-04 12:29 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_6648.exe
2008-04-04 12:29 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-04-04 12:29 --------- d-----w C:\Program Files\PDFCreator
2008-04-04 11:22 --------- d-----w C:\Program Files\Creative
2008-04-03 22:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 21:21 --------- d-----w C:\Program Files\Everest Poker
2008-04-02 21:11 --------- d-----w C:\Program Files\Ludi
2008-04-02 20:31 --------- d-----w C:\ProgramData\Sonic
2008-04-02 11:28 --------- d-----w C:\ProgramData\HP
2008-04-02 11:27 --------- d-----w C:\ProgramData\Messenger Plus!
2008-04-01 23:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-01 21:30 --------- d-----w C:\ProgramData\WEBREG
2008-04-01 21:28 --------- d-----w C:\Program Files\Common Files\HP
2008-04-01 21:25 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-01 21:22 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-04-01 21:12 --------- d-----w C:\Program Files\WinamaxPoker
2008-04-01 21:07 --------- d-----w C:\ProgramData\eMule
2008-04-01 21:07 --------- d-----w C:\Program Files\eChanblard
2008-04-01 20:56 --------- d-----w C:\Program Files\Microsoft Works
2008-04-01 20:55 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-01 20:49 --------- d-----w C:\Program Files\Finale 2005b
2008-04-01 20:47 --------- d-----w C:\Program Files\Finale Performance Assessment
2008-04-01 20:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 20:35 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-01 20:25 --------- d-----w C:\Program Files\Windows Live
2008-04-01 20:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-01 20:16 --------- d-----w C:\ProgramData\WLInstaller
2008-04-01 13:30 174 --sha-w C:\Program Files\desktop.ini
2008-04-01 13:26 --------- d-----w C:\Program Files\Google
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Defender
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Calendar
2008-04-01 13:21 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-04-01 13:21 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-04-01 13:21 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-04-01 13:21 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-04-01 13:21 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-04-01 13:20 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-04-01 13:20 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-04-01 13:20 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-04-01 13:20 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-01 13:20 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-04-01 13:20 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-04-01 13:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-01 13:15 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-04-01 13:15 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-04-01 13:15 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-04-01 13:15 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-04-01 13:15 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-04-01 13:15 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-04-01 13:15 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-04-01 13:15 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-04-01 13:12 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-01 13:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2000-10-18 10:19 57,344 --sha-w C:\Windows\System32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w C:\Windows\System32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\Windows\System32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\Windows\System32\msjter32.dll
1995-09-24 09:02 243,472 --sha-w C:\Windows\System32\vbar2232.dll
1998-05-18 01:06 368,912 --sha-w C:\Windows\System32\vbar332.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE698DCC-5F55-4739-B923-0A7628D0F095}]
2008-05-15 13:20 318848 --a------ C:\Windows\system32\byXQiJba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFC4BC2-5D6F-4151-ACB9-A6FF7348AFAB}]
C:\Windows\system32\rQhFxwvT.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-01 15:01 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"MalWarrior"="C:\ProgramData\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-13 10:55 1025536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 06:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 06:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 06:25 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 07:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"MSServer"="C:\Windows\system32\cbXQjijG.dll" [2008-05-13 10:54 29824]
"be9a9c89"="C:\Windows\system32\mykvsrim.dll" [2008-05-14 22:19 90240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-04-04 14:29:10 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
"{7B4FBDC1-F90E-428F-9C16-119BF113079D}"= C:\Windows\system32\cbXQjijG.dll [2008-05-13 10:54 29824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WLGFRFYqZMDyD"= {BE9A9C27-1430-368D-2DE6-65FEA8E350E5} - C:\Windows\system32\obwab.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-04-01 15:13 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-757477431-1162019187-1703053298-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF7F5C86-8A63-4795-9F34-DFAE48F3A11E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{D2942D8D-E4CA-470B-9C3B-25788BFC32A3}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{2931BB84-9E1B-49F4-822B-10B37050D2FF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D32A87B5-2CCC-4445-9B29-B9D7AFF42A99}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{52C083AF-647F-457E-9818-B64A0A01ED5B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{F45497EB-114D-423B-8999-3B4728A78D5A}C:\\program files\\echanblard\\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard
"UDP Query User{FFF80B93-B170-4B7A-9C2D-3D70003648FC}C:\\program files\\echanblard\\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard
"{5D78719C-3863-4E13-8EBF-015FF96F441D}"= UDP:C:\WINDOWS\System32\muzapp.exe:MUZ AOD APP player
"{FC22BDDD-50B6-46A2-88AA-8062B25D6AE4}"= TCP:C:\WINDOWS\System32\muzapp.exe:MUZ AOD APP player
"{C2D1499A-DC9C-494E-8D94-047DBC692DCD}"= UDP:C:\Program Files\Cyanide\Pro Rugby Manager 2005\RUGBY.EXE:Pro Rugby Manager 2005
"{10B0BA8E-95F0-4489-8019-4E5795120F0C}"= TCP:C:\Program Files\Cyanide\Pro Rugby Manager 2005\RUGBY.EXE:Pro Rugby Manager 2005
"{0207ED47-5C43-4F5D-B325-77AAA34F9DE1}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{7AAF3786-F057-4ED3-AE4B-A8474E98415E}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 11:39]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 10:44]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 18:20]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\Windows\system32\Drivers\yuanmodbda2.sys [2006-10-14 13:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f91d259-ffd1-11dc-91ac-001636997e0d}]
\shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684b2030-0fa4-11dd-8145-001636997e0d}]
\shell\AutoRun\command - G:\juok3st.bat
\shell\explore\Command - G:\juok3st.bat
\shell\open\Command - G:\juok3st.bat

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-15 11:15:04 C:\Windows\Tasks\WebReg Photosmart C4100 series.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 13:30:27
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\Users\hp\AppData\Roaming\Microsoft\Windows\Cookies\hp@live[1].txt 329 bytes
C:\Users\hp\AppData\Local\Temp\STSF4C9.tmp

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\cbXQjijG.dll

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\mykvsrim.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 13:39:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 11:38:53

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

287 --- E O F --- 2008-04-22 11:02:42

peyo4010

Posté le 15/05/2008 13:48:16

et hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:27, on 15/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXQjijG.dll,#1
O4 - HKLM\..\Run: [be9a9c89] rundll32.exe "C:\Windows\system32\slcsdwss.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MalWarrior] "C:\ProgramData\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB58AADC-A68D-4C10-8EA0-A40D603497DE}: NameServer = 192.168.1.1
O21 - SSODL: WLGFRFYqZMDyD - {BE9A9C27-1430-368D-2DE6-65FEA8E350E5} - C:\Windows\system32\obwab.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9698 bytes

Mérillym

Modérateur/Helper
:-)

Posté le 15/05/2008 20:06:50

Désactive toute protection résidente ( antivirus…) Et l'uac ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

File::
C:\Windows\oadkxrts.exe
G:\juok3st.bat
C:\Users\hp\AppData\Local\Temp\STSF4C9.tmp
C:\Windows\system32\cbXQjijG.dll
C:\Windows\system32\mykvsrim.dll
C:\Windows\system32\byXQiJba.dll
C:\Windows\system32\rQhFxwvT.dll
C:\Windows\system32\obwab.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE698DCC-5F55-4739-B923-0A7628D0F095}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFC4BC2-5D6F-4151-ACB9-A6FF7348AFAB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"be9a9c89"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{7B4FBDC1-F90E-428F-9C16-119BF113079D}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WLGFRFYqZMDyD"=-

=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

< inclued picture >

-------
Dossier prévention>à lire
Si vous vous faites déjà aider sur un autre forum, merci de me le dire !

peyo4010

Posté le 15/05/2008 22:47:03

Salut,

Par contre l'UAC n'était jamais coché meme la première fois c'st normal ou il fallait la cocher?

et combofix ne me demande jamais non plus de taper sur un ou sur deux.

enfi voici le rapport:

ComboFix 08-05-12.1 - hp 2008-05-15 21:35:29.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.360 [GMT 2:00]
Endroit: C:\Users\hp\Desktop\ComboFix.exe
Command switches used :: C:\Users\hp\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Users\hp\AppData\Local\Temp\STSF4C9.tmp
C:\Windows\oadkxrts.exe
C:\Windows\system32\byXQiJba.dll
C:\Windows\system32\cbXQjijG.dll
C:\Windows\system32\mykvsrim.dll
C:\Windows\system32\obwab.dll
C:\Windows\system32\rQhFxwvT.dll
G:\juok3st.bat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\oadkxrts.exe
C:\Windows\System32\abJiQXyb.ini
C:\WINDOWS\System32\abJiQXyb.ini2
C:\WINDOWS\System32\BIkmmUvw.ini
C:\WINDOWS\System32\BIkmmUvw.ini2
C:\Windows\system32\byXQiJba.dll
C:\Windows\System32\sswdscls.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 19:44 --------- d-----w C:\Users\hp\AppData\Roaming\OpenOffice.org2
2008-05-15 19:28 12,884 ----a-w C:\Users\hp\AppData\Roaming\nvModes.dat
2008-05-15 08:22 --------- d-----w C:\Program Files\Trend Micro
2008-05-14 20:28 --------- d-----w C:\Program Files\Java
2008-05-13 08:54 --------- d-----w C:\ProgramData\Adsl Software Limited
2008-05-12 19:00 --------- d-----w C:\Program Files\Picasa2
2008-05-12 18:42 --------- d-----w C:\Program Files\QuickTime
2008-05-12 18:41 --------- d-----w C:\ProgramData\Apple Computer
2008-05-12 18:39 --------- d-----w C:\ProgramData\Apple
2008-05-12 18:39 --------- d-----w C:\Program Files\Apple Software Update
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-09 11:57 --------- d-----w C:\Users\hp\AppData\Roaming\Image Zone Express
2008-05-07 21:20 --------- d-----w C:\ProgramData\Roxio
2008-05-07 21:11 --------- d-----w C:\Program Files\GSpot
2008-05-06 21:30 --------- d-----w C:\ProgramData\CyberLink
2008-05-01 15:36 --------- d-----w C:\Program Files\Micro Application
2008-04-26 20:48 --------- d-----w C:\Program Files\L'Entraîneur 2007
2008-04-21 11:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-21 10:40 --------- d-----w C:\Users\hp\AppData\Roaming\temp
2008-04-17 16:24 --------- d-----w C:\Program Files\GameShadow
2008-04-17 16:06 --------- d--h--r C:\Users\hp\AppData\Roaming\SecuROM
2008-04-17 15:53 --------- d-----w C:\Program Files\EA SPORTS
2008-04-15 20:43 --------- d-----w C:\Program Files\Cyanide
2008-04-15 08:57 --------- d-----w C:\Program Files\directx
2008-04-15 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 14:01 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-14 13:49 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-14 13:48 --------- d-----w C:\Users\hp\AppData\Roaming\DAEMON Tools
2008-04-14 13:34 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-04-14 11:58 65,024 ----a-w C:\Windows\IFinst26.exe
2008-04-14 11:58 --------- d-----w C:\Program Files\Xvid
2008-04-14 11:58 --------- d-----w C:\Program Files\Lame MP3 Codec
2008-04-14 11:57 --------- d-----w C:\Users\hp\AppData\Roaming\DataCast
2008-04-14 11:56 --------- d-----w C:\Program Files\Samsung
2008-04-14 11:56 --------- d-----w C:\Program Files\MarkAny
2008-04-14 11:55 --------- d-----w C:\Users\hp\AppData\Roaming\InstallShield
2008-04-11 18:10 --------- d-----w C:\Users\hp\AppData\Roaming\Roxio
2008-04-11 09:41 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 22:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 12:13 --------- d-----w C:\Program Files\HP
2008-04-09 12:13 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-07 19:05 --------- d-----w C:\Users\hp\AppData\Roaming\Ahead
2008-04-07 19:05 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-04 12:46 --------- d-----w C:\Users\hp\AppData\Roaming\Printer Info Cache
2008-04-04 12:35 --------- d-----w C:\Users\hp\AppData\Roaming\HP
2008-04-04 12:29 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_6648.exe
2008-04-04 12:29 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-04-04 12:29 --------- d-----w C:\Program Files\PDFCreator
2008-04-04 11:22 --------- d-----w C:\Program Files\Creative
2008-04-03 22:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 21:21 --------- d-----w C:\Program Files\Everest Poker
2008-04-02 21:11 --------- d-----w C:\Program Files\Ludi
2008-04-02 20:31 --------- d-----w C:\ProgramData\Sonic
2008-04-02 11:28 --------- d-----w C:\ProgramData\HP
2008-04-02 11:27 --------- d-----w C:\ProgramData\Messenger Plus!
2008-04-01 23:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-01 21:30 --------- d-----w C:\ProgramData\WEBREG
2008-04-01 21:28 --------- d-----w C:\Program Files\Common Files\HP
2008-04-01 21:25 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-01 21:22 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-04-01 21:12 --------- d-----w C:\Program Files\WinamaxPoker
2008-04-01 21:07 --------- d-----w C:\ProgramData\eMule
2008-04-01 21:07 --------- d-----w C:\Program Files\eChanblard
2008-04-01 20:56 --------- d-----w C:\Program Files\Microsoft Works
2008-04-01 20:55 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-01 20:49 --------- d-----w C:\Program Files\Finale 2005b
2008-04-01 20:47 --------- d-----w C:\Program Files\Finale Performance Assessment
2008-04-01 20:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 20:35 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-01 20:25 --------- d-----w C:\Program Files\Windows Live
2008-04-01 20:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-01 20:16 --------- d-----w C:\ProgramData\WLInstaller
2008-04-01 13:30 174 --sha-w C:\Program Files\desktop.ini
2008-04-01 13:26 --------- d-----w C:\Program Files\Google
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Defender
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Calendar
2008-04-01 13:21 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-04-01 13:21 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-04-01 13:21 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-04-01 13:21 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-04-01 13:21 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-04-01 13:20 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-04-01 13:20 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-04-01 13:20 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-04-01 13:20 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-01 13:20 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-04-01 13:20 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-04-01 13:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-01 13:15 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-04-01 13:15 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-04-01 13:15 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-04-01 13:15 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-04-01 13:15 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-04-01 13:15 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-04-01 13:15 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-04-01 13:15 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-04-01 13:12 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-01 13:12 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-01 13:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2000-10-18 10:19 57,344 --sha-w C:\Windows\System32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w C:\Windows\System32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\Windows\System32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\Windows\System32\msjter32.dll
1995-09-24 09:02 243,472 --sha-w C:\Windows\System32\vbar2232.dll
1998-05-18 01:06 368,912 --sha-w C:\Windows\System32\vbar332.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-15_13.38.11.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 11:29:47 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-15 19:44:05 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-15 11:30:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-15 19:44:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-15 19:44:29 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-15 11:30:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-15 19:44:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-15 19:44:29 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-15 11:30:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-15 19:44:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-15 11:30:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-15 19:44:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-15 11:30:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-15 19:44:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-15 11:43:11 91,776 ----a-w C:\Windows\System32\slcsdwss.dll
- 2008-05-15 11:18:12 6,216 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-757477431-1162019187-1703053298-1000_UserData.bin
+ 2008-05-15 19:29:40 6,240 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-757477431-1162019187-1703053298-1000_UserData.bin
- 2008-05-15 11:18:12 70,688 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-15 19:29:39 71,984 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-15 11:17:55 41,364 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-15 19:29:29 41,614 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-13 08:54:39 29,824 ----a-w C:\Windows\System32\wvUkICtq.dll
+ 2008-05-15 18:38:14 318,336 ----a-w C:\Windows\System32\wvUmmkIB.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-01 15:01 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"MalWarrior"="C:\ProgramData\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-13 10:55 1025536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 06:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 06:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 06:25 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 07:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-04-04 14:29:10 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-04-01 15:13 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-757477431-1162019187-1703053298-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF7F5C86-8A63-4795-9F34-DFAE48F3A11E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{D2942D8D-E4CA-470B-9C3B-25788BFC32A3}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{2931BB84-9E1B-49F4-822B-10B37050D2FF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D32A87B5-2CCC-4445-9B29-B9D7AFF42A99}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{52C083AF-647F-457E-9818-B64A0A01ED5B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{F45497EB-114D-423B-8999-3B4728A78D5A}C:\\program files\\echanblard\\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard
"UDP Query User{FFF80B93-B170-4B7A-9C2D-3D70003648FC}C:\\program files\\echanblard\\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard
"{5D78719C-3863-4E13-8EBF-015FF96F441D}"= UDP:C:\WINDOWS\System32\muzapp.exe:MUZ AOD APP player
"{FC22BDDD-50B6-46A2-88AA-8062B25D6AE4}"= TCP:C:\WINDOWS\System32\muzapp.exe:MUZ AOD APP player
"{C2D1499A-DC9C-494E-8D94-047DBC692DCD}"= UDP:C:\Program Files\Cyanide\Pro Rugby Manager 2005\RUGBY.EXE:Pro Rugby Manager 2005
"{10B0BA8E-95F0-4489-8019-4E5795120F0C}"= TCP:C:\Program Files\Cyanide\Pro Rugby Manager 2005\RUGBY.EXE:Pro Rugby Manager 2005
"{0207ED47-5C43-4F5D-B325-77AAA34F9DE1}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{7AAF3786-F057-4ED3-AE4B-A8474E98415E}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 11:39]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 10:44]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 18:20]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\Windows\system32\Drivers\yuanmodbda2.sys [2006-10-14 13:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f91d259-ffd1-11dc-91ac-001636997e0d}]
\shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684b2030-0fa4-11dd-8145-001636997e0d}]
\shell\AutoRun\command - G:\juok3st.bat
\shell\explore\Command - G:\juok3st.bat
\shell\open\Command - G:\juok3st.bat

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-15 11:15:04 C:\Windows\Tasks\WebReg Photosmart C4100 series.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 21:44:41
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\Users\hp\AppData\Roaming\Microsoft\Windows\Cookies\hp@live[2].txt 391 bytes
C:\Users\hp\AppData\Local\Temp\STS869C.tmp 79 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 21:50:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 19:49:47
ComboFix2.txt 2008-05-15 11:39:27

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

298 --- E O F --- 2008-04-22 11:02:42

Mérillym

Modérateur/Helper
:-)

Posté le 15/05/2008 23:43:54

N.B : Laisse l'uac désactivée pour le moment ! Tu as une infection sur ton support amovible G:\, je vais donc te demander de ne pas l'ouvrir jusqu'à la fin de la désinfection !

Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

Folder::
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MalWarrior"=-

* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

***

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

***

Fais un scan en ligne Kaspersky avec Internet Explorer :

Clique sur < inclued picture >

Clique maintenant sur J'accepte.

Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.

Patiente pendant l'installation des Mises à jour.

Choisis par la suite l'analyse du Poste de travail

Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

Bon courage :super:

-------
Dossier prévention>à lire
Si vous vous faites déjà aider sur un autre forum, merci de me le dire !

peyo4010

Posté le 16/05/2008 00:04:33

voici combofix

ComboFix 08-05-12.1 - hp 2008-05-15 23:58:21.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.449 [GMT 2:00]
Endroit: C:\Users\hp\Desktop\ComboFix.exe
Command switches used :: C:\Users\hp\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Adsl Software Limited\MalWarrior 2008\
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080513135608207.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080513150859748.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080513221651526.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080514221259988.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080514224248290.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515101549421.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515131528547.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515133029347.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515203313135.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515204220036.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515212648321.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515214444214.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515215853690.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\LOG\20080515222115913.log
C:\ProgramData\Adsl Software Limited\MalWarrior 2008\\Malwarrior.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 21:58 --------- d-----w C:\ProgramData\Adsl Software Limited
2008-05-15 20:22 12,884 ----a-w C:\Users\hp\AppData\Roaming\nvModes.dat
2008-05-15 20:21 --------- d-----w C:\Users\hp\AppData\Roaming\OpenOffice.org2
2008-05-15 19:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 18:38 318,336 ----a-w C:\Windows\System32\wvUmmkIB.dll
2008-05-15 11:43 91,776 ----a-w C:\Windows\System32\slcsdwss.dll
2008-05-15 08:22 --------- d-----w C:\Program Files\Trend Micro
2008-05-15 08:20 318,848 ----a-w C:\Windows\System32\fccdefgE.dll
2008-05-14 20:28 --------- d-----w C:\Program Files\Java
2008-05-14 20:18 318,848 ----a-w C:\Windows\System32\cbXRKBrO.dll
2008-05-13 20:21 318,080 ----a-w C:\Windows\System32\jkKawVpO.dll
2008-05-13 08:54 29,824 ----a-w C:\Windows\System32\wvUkICtq.dll
2008-05-12 19:00 --------- d-----w C:\Program Files\Picasa2
2008-05-12 18:42 --------- d-----w C:\Program Files\QuickTime
2008-05-12 18:41 --------- d-----w C:\ProgramData\Apple Computer
2008-05-12 18:39 --------- d-----w C:\ProgramData\Apple
2008-05-12 18:39 --------- d-----w C:\Program Files\Apple Software Update
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-09 11:57 --------- d-----w C:\Users\hp\AppData\Roaming\Image Zone Express
2008-05-07 21:20 --------- d-----w C:\ProgramData\Roxio
2008-05-07 21:11 --------- d-----w C:\Program Files\GSpot
2008-05-06 21:30 --------- d-----w C:\ProgramData\CyberLink
2008-05-01 15:36 --------- d-----w C:\Program Files\Micro Application
2008-04-26 20:48 --------- d-----w C:\Program Files\L'Entraîneur 2007
2008-04-21 10:40 --------- d-----w C:\Users\hp\AppData\Roaming\temp
2008-04-17 16:29 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-04-17 16:24 --------- d-----w C:\Program Files\GameShadow
2008-04-17 16:06 --------- d--h--r C:\Users\hp\AppData\Roaming\SecuROM
2008-04-17 15:53 --------- d-----w C:\Program Files\EA SPORTS
2008-04-15 20:43 --------- d-----w C:\Program Files\Cyanide
2008-04-15 08:57 --------- d-----w C:\Program Files\directx
2008-04-15 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 14:01 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-14 13:49 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-14 13:48 --------- d-----w C:\Users\hp\AppData\Roaming\DAEMON Tools
2008-04-14 13:34 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-04-14 11:58 65,024 ----a-w C:\Windows\IFinst26.exe
2008-04-14 11:58 --------- d-----w C:\Program Files\Xvid
2008-04-14 11:58 --------- d-----w C:\Program Files\Lame MP3 Codec
2008-04-14 11:57 --------- d-----w C:\Users\hp\AppData\Roaming\DataCast
2008-04-14 11:56 --------- d-----w C:\Program Files\Samsung
2008-04-14 11:56 --------- d-----w C:\Program Files\MarkAny
2008-04-14 11:55 --------- d-----w C:\Users\hp\AppData\Roaming\InstallShield
2008-04-11 18:10 --------- d-----w C:\Users\hp\AppData\Roaming\Roxio
2008-04-11 09:41 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 22:45 944,184 ----a-w C:\Windows\System32\winload.exe
2008-04-10 22:45 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-04-10 22:45 620,088 ----a-w C:\Windows\System32\ci.dll
2008-04-10 22:45 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 22:45 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 22:45 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 22:45 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 22:45 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 22:45 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 22:44 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 22:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 22:42 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-10 22:42 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-10 22:39 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-10 22:39 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-10 22:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-10 22:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-09 12:13 --------- d-----w C:\Program Files\HP
2008-04-09 12:13 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-07 19:05 --------- d-----w C:\Users\hp\AppData\Roaming\Ahead
2008-04-07 19:05 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-04 12:46 --------- d-----w C:\Users\hp\AppData\Roaming\Printer Info Cache
2008-04-04 12:35 --------- d-----w C:\Users\hp\AppData\Roaming\HP
2008-04-04 12:29 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_6648.exe
2008-04-04 12:29 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-04-04 12:29 --------- d-----w C:\Program Files\PDFCreator
2008-04-04 11:22 --------- d-----w C:\Program Files\Creative
2008-04-03 22:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 21:21 --------- d-----w C:\Program Files\Everest Poker
2008-04-02 21:11 --------- d-----w C:\Program Files\Ludi
2008-04-02 20:31 --------- d-----w C:\ProgramData\Sonic
2008-04-02 11:28 --------- d-----w C:\ProgramData\HP
2008-04-02 11:27 --------- d-----w C:\ProgramData\Messenger Plus!
2008-04-01 23:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-01 21:30 --------- d-----w C:\ProgramData\WEBREG
2008-04-01 21:28 --------- d-----w C:\Program Files\Common Files\HP
2008-04-01 21:25 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-01 21:22 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-04-01 21:12 --------- d-----w C:\Program Files\WinamaxPoker
2008-04-01 21:07 --------- d-----w C:\ProgramData\eMule
2008-04-01 21:07 --------- d-----w C:\Program Files\eChanblard
2008-04-01 20:56 --------- d-----w C:\Program Files\Microsoft Works
2008-04-01 20:55 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-01 20:49 --------- d-----w C:\Program Files\Finale 2005b
2008-04-01 20:47 --------- d-----w C:\Program Files\Finale Performance Assessment
2008-04-01 20:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 20:35 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-01 20:25 --------- d-----w C:\Program Files\Windows Live
2008-04-01 20:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-01 20:16 --------- d-----w C:\ProgramData\WLInstaller
2008-04-01 13:30 174 --sha-w C:\Program Files\desktop.ini
2008-04-01 13:26 --------- d-----w C:\Program Files\Google
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Defender
2008-04-01 13:24 --------- d-----w C:\Program Files\Windows Calendar
2000-10-18 10:19 57,344 --sha-w C:\Windows\System32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w C:\Windows\System32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w C:\Windows\System32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w C:\Windows\System32\msjter32.dll
1995-09-24 09:02 243,472 --sha-w C:\Windows\System32\vbar2232.dll
1998-05-18 01:06 368,912 --sha-w C:\Windows\System32\vbar332.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-15_13.38.11.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 11:29:47 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-15 20:20:48 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-08-28 21:16:00 350,064 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 16:03:02 4,280,176 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-28 22:07:58 24,928 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-06 15:56:32 17,490,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WWLIB.DLL
- 2008-04-22 11:02:42 2,560 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-05-15 19:55:44 2,560 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-04-22 11:02:42 34,304 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-05-15 19:55:44 34,304 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-04-22 11:02:42 8,192 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-05-15 19:55:44 8,192 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-04-22 11:02:42 3,584 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-05-15 19:55:44 3,584 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-04-22 11:02:42 16,384 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-05-15 19:55:44 16,384 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-04-22 11:02:42 12,800 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2008-05-15 19:55:44 12,800 ----a-r C:\Windows\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\pubs.exe
- 2008-04-21 11:31:18 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-15 19:56:13 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-21 11:31:18 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-15 19:56:12 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-21 11:31:18 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-15 19:56:13 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-21 11:31:18 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-15 19:56:13 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-21 11:31:18 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-15 19:56:13 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-21 11:31:18 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-15 19:56:12 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-21 11:31:18 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-15 19:56:13 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-21 11:31:18 1,172,240 -