Re bonjour
voici le rappor comboFix5 + le log hijackthis que tu m'à demandé
merci
ComboFix 08-03-05.1 - sandrine 2008-03-05 21:45:12.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1384 [GMT 1:00]
Endroit: C:\Users\sandrine\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\Users\sandrine\AppData\Roaming\urlredir.cfg
C:\Windows\system32\dcads-remove.exe
C:\Windows\system32\DcadsSocial-uninstall.exe
C:\Windows\system32\iebrowserc.dll
C:\Windows\system32\jusched.exe
C:\Windows\system32\nsd7918.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\poof
((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
.
2008-03-05 21:22 . 2008-03-05 21:22 3,273,265 --a------ C:\upload_moi_PC-de-sandrine.tar.gz
2008-03-05 20:38 . 2008-03-05 20:38 3,718 --a------ C:\Windows\System32\tmp.reg
2008-03-05 20:37 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-03-05 20:37 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-03-05 20:37 . 2008-03-01 23:12 86,016 --a------ C:\Windows\System32\VACFix.exe
2008-03-05 20:37 . 2008-02-29 23:48 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-03-05 20:37 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-03-05 20:37 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-03-05 20:37 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-03-03 10:53 . 2008-03-03 10:55 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-02 11:04 . 2008-03-02 11:25 <REP> d-------- C:\Program Files\LimeWire
2008-03-02 10:51 . 2008-03-03 10:47 <REP> dr------- C:\Users\sandrine\Searches
2008-03-01 11:58 . 2008-03-05 21:43 <REP> d-------- C:\Program Files\ContextEnhancer
2008-03-01 10:50 . 2008-03-01 10:50 84,761 --a------ C:\Windows\System32\mysidesearch_sidebar_uninstall.exe
2008-02-28 17:57 . 2008-03-02 11:05 <REP> d-------- C:\Users\sandrine\AppData\Roaming\LimeWire
2008-02-25 15:34 . 2008-02-25 15:34 339,968 --a------ C:\Windows\System32\mysidesearch_sidebar.dll
2008-02-23 12:37 . 2008-02-23 12:37 <REP> d-------- C:\Users\sandrine\AppData\Roaming\WinBatch
2008-02-16 17:56 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 03:12 . 2008-02-14 03:12 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 03:12 . 2008-02-14 03:12 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 03:07 . 2008-02-14 03:07 3,505,720 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:07 . 2008-02-14 03:07 3,471,928 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:07 . 2008-02-14 03:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 03:07 . 2008-02-14 03:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-14 03:07 . 2008-02-14 03:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-14 03:07 . 2008-02-14 03:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-14 03:07 . 2008-02-14 03:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-14 03:06 . 2008-02-14 03:06 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 03:06 . 2008-02-14 03:06 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 03:06 . 2008-02-14 03:06 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:06 . 2008-02-14 03:06 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 03:06 . 2008-02-14 03:06 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-14 03:05 . 2008-02-14 03:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:05 . 2008-02-14 03:05 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-06 21:26 . 2008-02-09 12:17 <REP> d-------- C:\Users\sandrine\AppData\Roaming\???????sAppData
2008-02-05 20:06 . 2008-02-05 20:06 97,216 --a------ C:\Windows\System32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 17:55 --------- d-----w C:\ProgramData\Symantec
2008-03-04 21:13 --------- d-----w C:\Users\sandrine\AppData\Roaming\uTorrent
2008-03-04 21:13 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-04 21:13 --------- d-----w C:\Program Files\Microsoft Works
2008-03-04 21:13 --------- d-----w C:\Program Files\Google
2008-03-04 21:13 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-04 20:55 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-04 20:54 --------- d-----w C:\ProgramData\Nero
2008-03-02 09:59 --------- d-----w C:\Users\sandrine\AppData\Roaming\Shareaza
2008-03-01 10:28 --------- d-----w C:\Users\sandrine\AppData\Roaming\Ahead
2008-02-25 10:21 --------- d-----w C:\Program Files\Nero
2008-02-15 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-14 02:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 11:31 --------- d-----w C:\ProgramData\Roxio
2008-02-09 11:17 --------- d-----w C:\Users\sandrine\AppData\Roaming\???????sAppData
2008-02-09 10:47 --------- d-----w C:\Users\sandrine\AppData\Roaming\Roxio
2008-02-06 19:28 --------- d-----w C:\ProgramData\DVD Shrink
2008-02-03 19:07 --------- d-----w C:\Users\sandrine\AppData\Roaming\Elaborate Bytes
2008-02-03 19:03 --------- d-----w C:\Program Files\Elaborate Bytes
2008-02-03 18:26 --------- d-----w C:\Program Files\SlySoft
2008-02-03 17:44 --------- d-----w C:\ProgramData\Elaborate Bytes
2008-02-03 09:17 --------- d-----w C:\Users\sandrine\AppData\Roaming\Nero
2008-02-02 19:02 --------- d-----w C:\ProgramData\Ahead
2008-02-02 09:39 --------- d-----w C:\Program Files\uTorrent
2008-02-02 09:21 --------- d-----w C:\Program Files\Azureus
2008-02-01 15:36 --------- d-----w C:\Program Files\HomePlayer1.5
2008-02-01 14:20 --------- d-----w C:\ProgramData\LightScribe
2008-02-01 14:16 --------- d-----w C:\Users\sandrine\AppData\Roaming\Azureus
2008-02-01 09:49 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-01 09:34 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-01 09:34 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-01 09:34 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-01 09:34 --------- d-----w C:\Program Files\Symantec
2008-01-31 18:03 --------- d-----w C:\Program Files\DivX
2008-01-31 18:00 --------- d-----w C:\Users\sandrine\AppData\Roaming\DivX
2008-01-31 17:56 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-31 13:28 32,390 ----a-w C:\Windows\king-uninstall.exe
2008-01-31 12:58 --------- d-----w C:\ProgramData\Azureus
2008-01-31 12:02 --------- d-----w C:\ProgramData\SlySoft
2008-01-31 11:37 --------- d-----w C:\Program Files\DVD Shrink
2008-01-31 11:27 --------- d-----w C:\Program Files\MSBuild
2008-01-31 11:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-31 11:24 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-31 10:19 --------- d-----w C:\Users\sandrine\AppData\Roaming\Symantec
2008-01-31 10:09 174 --sha-w C:\Program Files\desktop.ini
2008-01-31 10:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-31 10:06 --------- d-----w C:\Program Files\Windows Mail
2008-01-31 10:06 --------- d-----w C:\Program Files\Windows Calendar
2008-01-31 10:00 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-31 10:00 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-31 10:00 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-31 10:00 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-31 10:00 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-31 10:00 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-31 10:00 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-31 10:00 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-31 10:00 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-31 10:00 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-31 10:00 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-01-31 09:58 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-31 09:58 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-31 09:58 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-31 09:58 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-31 09:56 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-31 09:56 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-31 09:56 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-31 09:56 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-31 09:56 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-31 09:56 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-01-31 09:56 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-31 09:56 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-31 09:56 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-31 09:55 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-31 09:55 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-31 09:54 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-31 09:54 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-31 09:54 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-31 09:54 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-31 09:54 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-31 09:54 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-31 09:52 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-31 09:50 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-31 09:50 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-31 09:50 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-31 09:50 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-31 09:50 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-31 09:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-31 09:49 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-31 09:48 --------- d--h--w C:\ProgramData\CanonBJ
2008-01-31 09:47 --------- d-----w C:\Users\sandrine\AppData\Roaming\Hewlett-Packard
2008-01-31 09:47 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-01-31 09:46 --------- d-----w C:\Users\sandrine\AppData\Roaming\ATI
.
((((((((((((((((((((((((((((( snapshot@2008-03-05_21.40.35.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-05 20:38:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-05 20:46:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-05 20:46:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-05 20:24:39 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-05 20:43:10 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-05 20:24:39 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-05 20:43:10 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-05 20:24:39 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-05 20:43:10 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-05 20:24:39 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-05 20:43:10 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-05 20:21:49 5,792 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1017998519-953618848-1121065845-1000_UserData.bin
+ 2008-03-05 20:40:40 6,064 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1017998519-953618848-1121065845-1000_UserData.bin
- 2008-03-05 20:21:49 55,734 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-05 20:40:40 55,790 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6C4BA2-1646-0F3A-1FAE-B393C162C92E}]
2007-12-30 21:48 1019904 --a------ C:\Program Files\ContextEnhancer\ContextEnhancer-1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 11:41 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDFA1356-E6ED-42a5-9D62-93211D424A90}]
2008-02-25 15:34 339968 --a------ C:\Windows\system32\mysidesearch_sidebar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-02-06 11:06 1682368]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-15 07:20 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 16:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 12:06 4669440 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 12:13 71176]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 01:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6C1F8FB3-8252-42B9-9296-69B1498CBE3F}"= UDP:6346:shareaza
"{2CAC91C3-EDA9-4206-AFA4-3B659C470058}"= TCP:6346:shareaza
"{68F9E2BD-B6BD-4CC5-B9EF-C527308B8FE4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8A0DDBA5-4777-42E8-B0A2-095F3C47A419}"= UDP:8080:homeplayer
"{8469D0AD-0ECD-4A40-849B-F90E8A41BE4D}"= TCP:8080:homeplayer
"{7E9A3FEC-223C-4ACA-9195-0D14B6B15300}"= UDP:62770:utorrent
"{BD703C1A-FFFB-4C51-AA26-70308700AAD8}"= TCP:62770:utorrent
"{47DF1BE7-CD51-43A8-ADA2-B65D6F3411FE}"= Disabled:UDP:4:82.243.170.2
"{A792F460-B2C4-4BED-AFF7-F7F29DCE1A4B}"= Disabled:UDP:3620:82.243.170.2
"{A39E1F71-C6D0-4CBF-B3F2-4D4F04A5AA80}"= Disabled:TCP:4:82.243.170.2
"{0A92365B-35E5-4CEF-9825-71F5FFE3975E}"= Disabled:TCP:1316:82.243.170.2
"TCP Query User{ECD4B7AF-55E3-4A0B-BD15-4A4C8ED47294}C:\program files\homeplayer1.5\homeplayer.exe"= UDP:C:\program files\homeplayer1.5\homeplayer.exe:HomePlayer|Desc=HomePlayer
"UDP Query User{9DCB4CC3-229F-4BEB-904F-4BC9F9B02357}C:\program files\homeplayer1.5\homeplayer.exe"= TCP:C:\program files\homeplayer1.5\homeplayer.exe:HomePlayer|Desc=HomePlayer
"{C72D4E48-EAA9-4BEE-BD51-97E97A70B085}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E493CCC6-D9DD-43A0-B41E-574868DA9E09}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080305.001\IDSvix86.sys [2008-02-13 17:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-13 23:07]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 22:28]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-03 20:54:31 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - sandrine.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-02-15 14:51:42 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-05 21:46:18
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-05 21:46:57
ComboFix-quarantined-files.txt 2008-03-05 20:46:55
.
2008-03-03 09:55:46 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:59, on 06/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sandrine\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - C:\Program Files\ContextEnhancer\ContextEnhancer-1.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\Windows\system32\mysidesearch_sidebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7466 bytes