Virus cle usb,HDD ext.... "autorun"
Forum Sécurité - Virus : Virus cle usb,HDD ext.... "autorun"
bonjour, mon HDD externe (et d'autre périphérique usb) est infecté par le fameux virus "autorun", quelqu'un pourais m'aider pour les choses à faire pour le suprimer?
Bonjour,
Branche tous tes périphériques infectés.
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
ComboFix 08-12-21.04 - enfant 2008-12-23 18:00:37.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.627 [GMT 1:00]
Lancé depuis: c:\documents and settings\enfant\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
.
2008-12-22 23:11 . 2008-12-23 12:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-22 23:11 . 2008-12-22 23:11 1,409 --a------ c:\windows\QTFont.for
2008-12-22 23:00 . 2008-12-22 23:00 <REP> d-------- c:\program files\Bonjour
2008-12-22 22:50 . 2008-12-22 22:50 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-12-22 14:55 . 2008-12-22 14:55 <REP> d-------- c:\program files\uTorrent
2008-12-22 14:55 . 2008-12-22 19:23 <REP> d-------- c:\documents and settings\enfant\Application Data\uTorrent
2008-12-22 00:03 . 2008-12-22 00:03 528 -r-hs---- c:\windows\PCGWIN32.LI4
2008-12-21 12:09 . 2008-12-21 12:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodata Limited
2008-12-21 12:06 . 2008-12-21 12:06 <REP> d-------- c:\program files\Fichiers communs\Autodata Limited Shared
2008-12-21 12:06 . 2008-12-21 12:06 <REP> d-------- C:\ADCDTEMP
2008-12-21 12:06 . 2008-12-22 00:03 <REP> d-------- C:\ADCDA2
2008-12-21 12:02 . 2008-12-21 12:02 <REP> d-------- c:\program files\PowerISO
2008-12-12 22:47 . 2008-12-12 22:47 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2008-12-12 15:27 . 2008-12-12 15:27 <REP> d-------- c:\program files\Fichiers communs\PCSuite
2008-12-12 15:26 . 2008-12-12 15:26 <REP> d-------- c:\program files\PC Connectivity Solution
2008-12-12 15:26 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-09 11:43 . 2008-12-09 11:43 <REP> d-------- c:\documents and settings\All Users\Application Data\ArcSoft
2008-12-03 13:07 . 2008-12-03 13:07 259 --a------ c:\windows\p
2008-12-03 12:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2008-12-03 12:31 . 2008-12-03 12:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-03 12:31 . 2008-12-03 12:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-03 12:27 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2008-12-03 12:27 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-03 12:27 . 2008-09-15 08:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-03 12:27 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-03 12:27 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-03 12:27 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-03 12:26 . 2008-02-01 16:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys
2008-12-03 12:26 . 2008-02-01 16:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys
2008-12-03 12:19 . 2008-04-13 20:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-03 12:19 . 2008-04-13 20:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2008-12-03 12:19 . 2008-12-03 12:19 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-03 12:19 . 2008-12-03 12:19 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-02 19:21 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 16:48 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-22 22:01 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-22 18:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-22 18:25 --------- d-----w c:\program files\CCleaner
2008-12-20 16:47 --------- d-----w c:\program files\Java
2008-12-20 12:41 --------- d-----w c:\program files\SpywareBlaster
2008-12-19 06:58 --------- d-----w c:\program files\Google
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 14:27 --------- d-----w c:\program files\Nokia
2008-12-12 14:27 --------- d-----w c:\program files\Fichiers communs\Nokia
2008-12-12 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-12-09 10:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-03 11:29 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-11-15 14:20 91,744 ----a-w c:\windows\BPMNT.dll
2008-11-15 14:20 1,213,784 ----a-w c:\windows\vsapi32.dll
2008-11-15 14:18 71,749 ----a-w c:\windows\hcextoutput.dll
2008-11-15 14:18 348,229 ----a-w c:\windows\tsc.exe
2008-11-15 14:16 69,689 ----a-w c:\windows\UNZIP.DLL
2008-11-15 14:16 507,904 ----a-w c:\windows\TMUPDATE.DLL
2008-11-15 14:16 286,720 ----a-w c:\windows\PATCH.EXE
2008-11-10 11:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-01-10 19:07 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-27 86016]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-02 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 c:\windows\system32\CHDAudPropShortcut.exe]
"nwiz"="nwiz.exe" [2006-09-27 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-08-03 102400]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-10-02 07:00 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-02 18:20 185632 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-03 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-03 8320]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a138de-d056-11dd-81ba-001636b95a4e}]
\Shell\AutoRun\command - G:\WDSetup.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2008-01-12 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 10:55]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
O16 -: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 18:04:45
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-12-23 18:05:40
ComboFix-quarantined-files.txt 2008-12-23 17:05:26
Avant-CF: 39 808 094 208 octets libres
Après-CF: 41,831,043,072 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
231 --- E O F --- 2008-12-18 11:34:25
Re,
C'est mieux ?
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
voila , je n'ai pas réessayé depuis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:35, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\enfant\Bureau\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=pavilion&pf=laptop
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/24.11/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10486 bytes
Apparemment ok.
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
je n'était pas sur mon pc et le propriétaire du pc ne voulait pas mettre antivir donc j'ai refait le procédure sur mon pc voila le rapport de combofix:
ComboFix 08-12-28.01 - quentin 2008-12-28 23:07:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2810 [GMT 1:00]
Lancé depuis: c:\documents and settings\quentin\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081228-0] *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))
.
2008-12-28 22:46 . 2008-12-28 22:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Innovative Solutions
2008-12-28 22:32 . 2008-12-28 22:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Agendis
2008-12-28 22:24 . 2008-12-28 22:54 <REP> d-------- c:\program files\Rapidown
2008-12-28 22:08 . 2008-12-28 22:08 <REP> d-------- c:\program files\Xilisoft
2008-12-28 21:40 . 2008-12-28 21:40 <REP> d-------- c:\documents and settings\quentin\Application Data\Xilisoft Corporation
2008-12-19 20:56 . 2008-12-19 20:56 <REP> d-------- c:\documents and settings\quentin\Application Data\Thinstall
2008-12-19 20:55 . 2008-12-19 20:55 <REP> d-------- c:\program files\VMware
2008-12-15 14:46 . 2008-12-15 14:46 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-12 17:56 . 2008-12-12 17:56 <REP> d-------- c:\program files\ElcomSoft
2008-12-12 17:56 . 2008-12-12 18:04 1,077 --a------ c:\windows\ARCHPR.INI
2008-12-12 07:19 . 2008-12-12 07:19 <REP> dr-h----- c:\documents and settings\quentin\Application Data\SecuROM
2008-12-12 07:18 . 2008-12-12 07:19 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-12 07:16 . 2008-12-12 18:11 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-12 07:03 . 2008-12-12 07:03 <REP> d-------- c:\program files\Rockstar Games
2008-12-11 18:44 . 2008-12-11 18:46 1,393 --a------ c:\windows\imsins.BAK
2008-12-11 06:39 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-08 21:32 . 2008-12-08 21:32 <REP> d-------- c:\documents and settings\quentin\Application Data\FLV Extract
2008-12-08 21:30 . 2008-12-08 21:30 <REP> d-------- c:\documents and settings\quentin\Application Data\FMZilla
2008-12-08 21:09 . 2008-12-09 18:10 <REP> d-------- c:\program files\Unlocker
2008-12-08 21:08 . 2008-12-08 21:08 <REP> d--h----- c:\windows\PIF
2008-12-08 21:08 . 2008-12-08 21:08 <REP> d-------- C:\PHP
2008-12-07 09:45 . 2008-12-07 09:45 528 -r-hs---- c:\windows\PCGWIN32.LI4
2008-12-07 09:32 . 2008-12-07 09:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodata Limited
2008-12-07 09:31 . 2008-12-07 09:31 <REP> d-------- c:\program files\Fichiers communs\Autodata Limited Shared
2008-12-07 09:31 . 2008-12-07 09:31 <REP> d-------- C:\ADCDTEMP
2008-12-07 09:31 . 2008-12-08 15:30 <REP> d-------- C:\ADCDA2
2008-12-03 17:23 . 2008-12-03 17:23 <REP> d-------- c:\program files\MSXML 4.0
2008-12-03 12:36 . 2008-12-03 12:36 4,767 --a------ c:\windows\Irremote.ini
2008-12-03 12:35 . 2008-12-03 12:35 <REP> d-------- c:\program files\Windows Sidebar
2008-12-03 12:30 . 2008-12-03 12:36 <REP> d-------- c:\program files\Nero
2008-12-03 12:30 . 2008-12-03 12:42 <REP> d-------- c:\program files\Fichiers communs\Nero
2008-12-03 12:30 . 2008-12-03 12:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-02 21:41 . 2008-12-02 21:41 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-30 16:51 . 2008-11-30 16:51 <REP> d-------- c:\windows\Sun
2008-11-30 16:33 . 2008-11-30 16:33 22,328 --a------ c:\documents and settings\quentin\Application Data\PnkBstrK.sys
2008-11-30 15:44 . 2008-11-30 15:44 <REP> d--hs---- c:\windows\ftpcache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 22:05 --------- d-----w c:\program files\SuperCopier2
2008-12-28 21:00 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-28 20:39 --------- d-----w c:\documents and settings\quentin\Application Data\Azureus
2008-12-17 21:52 --------- d-----w c:\program files\IEPro
2008-12-14 12:02 --------- d-----w c:\program files\TubeMaster
2008-12-13 19:51 --------- d-----w c:\documents and settings\quentin\Application Data\U3
2008-12-12 06:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-06 10:47 --------- d-----w c:\program files\Azureus
2008-12-02 20:41 --------- d-----w c:\program files\Java
2008-11-23 13:34 --------- d-----w c:\program files\StuffPlug3
2008-11-21 17:12 --------- d-----w c:\documents and settings\quentin\Application Data\vlc
2008-11-21 17:11 --------- d-----w c:\program files\VideoLAN
2008-11-19 12:48 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-11-18 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-18 17:52 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-18 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
2008-11-18 17:37 --------- d-----w c:\program files\Adobe Media Player
2008-11-18 17:36 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-11-18 17:32 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
2008-11-15 16:36 --------- d-----w c:\documents and settings\quentin\Application Data\MiniDm
2008-11-15 16:00 --------- d-----w c:\documents and settings\quentin\Application Data\IEPro
2008-11-15 13:52 --------- d-----w c:\program files\PowerISO
2008-11-15 12:17 --------- d-----w c:\program files\Gemalto
2008-11-14 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-14 21:22 --------- d-----w c:\program files\Microsoft Works
2008-11-14 21:21 --------- d-----w c:\program files\Microsoft.NET
2008-11-14 21:20 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-11-14 20:53 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-14 20:08 --------- d-----w c:\program files\Windows Live
2008-11-14 20:07 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-14 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-14 19:49 --------- d-----w c:\documents and settings\quentin\Application Data\Thunderbird
2008-11-14 19:13 --------- d-----w c:\program files\Windows Desktop Search
2008-11-14 19:12 --------- d-----w c:\program files\Alwil Software
2008-11-14 19:07 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
2008-11-14 19:04 --------- d-----w c:\program files\CCleaner
2008-11-14 19:01 --------- d-----w c:\documents and settings\quentin\Application Data\Windows Search
2008-11-14 18:16 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-14 18:14 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-14 17:30 --------- d-----w c:\documents and settings\quentin\Application Data\CyberLink
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-10-31 00:29 --------- d-----w c:\program files\Analog Devices
2008-10-30 20:25 4,576 ----a-w c:\windows\system32\drivers\1028_Dell_OPT_960.mrk
2008-10-30 12:39 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI
2008-10-30 12:39 --------- d-----w c:\documents and settings\quentin\Application Data\ATI
2008-10-30 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-10-30 12:39 --------- d-----w c:\documents and settings\Administrateur\Application Data\ATI
2008-10-30 12:38 --------- d-----w c:\program files\CyberLink
2008-10-30 12:38 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2008-10-30 12:37 --------- d-----w c:\program files\Intel
2008-10-30 12:37 --------- d-----w c:\program files\Fichiers communs\Intel
2008-10-30 12:37 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-30 12:37 --------- d-----w c:\program files\Common Files
2008-10-30 12:37 --------- d-----w c:\program files\ATI Technologies
2008-10-30 12:37 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-10-30 12:37 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-30 12:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield
2008-10-30 12:36 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\InstallShield
2008-10-30 12:36 --------- d-----w c:\program files\Fichiers communs\Java
2008-10-30 12:36 --------- d-----w c:\documents and settings\quentin\Application Data\InstallShield
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Thinstall Setup Capture Continue"="c:\program files\VMware\VMware ThinApp\Setup Capture.exe" [2008-06-23 6469738]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-08-27 1044480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-02 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-08-06 182808]
"picon"="c:\program files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-17 773144]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 22:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 02:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
--a------ 2008-08-15 05:46 378224 c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-13 17:52 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-10-30 24064]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-14 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-14 20560]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-08-29 935208]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe [2008-10-30 2054680]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k5132.sys [2008-10-30 144480]
R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2008-10-30 62048]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;"c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [2008-08-15 284016]
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
MSConfigStartUp-PDVDDXSrv - c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Download with Rapget - d:\logiciel\rapget1.41ByBBD\rapget.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 23:07:46
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\quentin\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Heure de fin: 2008-12-28 23:08:14
ComboFix-quarantined-files.txt 2008-12-28 22:08:02
Avant-CF: 108 617 146 368 octets libres
Après-CF: 108,755,181,568 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
235 --- E O F --- 2008-12-18 15:02:08
Pourquoi avoir refais un scan Combofix 
Répondre à Angeldark
je ne suis pas sur le meme pc et je pense que celui est aussi infecté
Nan il est propre.
Répondre à Angeldark
Il y a 2196 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
