Sujet Précédent Sujet Suivant

Résidus Antivirus 2009

Fermé
Murmure - 13 janv. 2009 à 16:17
 Murmure - 14 janv. 2009 à 09:21
Bonjour,

Le pc d'un de mes utilisateurs était infecté par Antivirus 2009. Après SmitFraudFix, Combofix, Spybot, Malwarebyte, Ad-aware je pensais le problème résolu mais il reste un "résidu" de l'infection : il y a toujours la petite barre jaune sous la barre d'adresse avec IE disant que le PC est infecté (par contre elle n'a plus l'icone) et le texte sous Google (pareil, il ne contient pas d'image le lien est mort).
Il n'éxiste plus aucun des fichiers caractéristiques d'Antivirus 2009 et pourtant ce problème persiste.

J'en appelle à votre bon coeur ...

Voilà le log HijackThis du poste :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02, on 2009-01-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 172.20.20.1 nt-2000
O1 - Hosts: 172.20.20.2 proliant
O1 - Hosts: 172.20.20.3 proliant2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://proliant:8000/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://proliant:8000/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://proliant:8000/officescan/clientinstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://proliant:8000/officescan/clientinstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geta.fr
O17 - HKLM\Software\..\Telephony: DomainName = geta.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = geta.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = geta.fr
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
A voir également:

3 réponses

Réponse 1 / 3
Utilisateur anonyme
13 janv. 2009 à 16:47
Bonjour

On peut avoir le rapport Combofix ?
0
Réponse 2 / 3
Murmure
13 janv. 2009 à 18:03
ComboFix 09-01-11.04 - BZZZ 2009-01-13 14:43:31.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.502.252 [GMT 1:00]
Lancé depuis: c:\documents and settings\berger\Bureau\ComboFix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-13 au 2009-01-13 ))))))))))))))))))))))))))))))))))))
.

2009-01-12 10:23 . 2009-01-12 10:23 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 10:23 . 2009-01-12 10:23 <REP> d-------- c:\documents and settings\dupas\Application Data\Malwarebytes
2009-01-12 10:23 . 2009-01-12 10:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 10:23 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 10:23 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 10:11 . 2008-09-08 23:38 88,576 --a------ c:\windows\system32\AntiXPVSTFix.exe
2009-01-12 10:03 . 2009-01-12 10:03 <REP> d--hs---- c:\documents and settings\dupas\UserData
2009-01-12 09:31 . 2009-01-12 09:31 <REP> d-------- c:\program files\Navilog1
2009-01-09 16:46 . 2005-08-22 20:13 <REP> d--h----- c:\documents and settings\berger\Voisinage réseau
2009-01-09 16:46 . 2005-08-22 20:13 <REP> d--h----- c:\documents and settings\berger\Voisinage d'impression
2009-01-09 16:46 . 2005-08-22 20:13 <REP> d--h----- c:\documents and settings\berger\Modèles
2009-01-09 16:46 . 2009-01-09 16:47 <REP> dr------- c:\documents and settings\berger\Mes documents
2009-01-09 16:46 . 2005-08-22 20:13 <REP> dr------- c:\documents and settings\berger\Menu Démarrer
2009-01-09 16:46 . 2009-01-09 16:47 <REP> dr------- c:\documents and settings\berger\Favoris
2009-01-09 16:46 . 2005-08-22 20:13 <REP> d-------- c:\documents and settings\berger\Bureau
2009-01-09 16:46 . 2009-01-09 16:46 <REP> d-------- c:\documents and settings\berger
2009-01-09 15:00 . 2009-01-09 15:01 974,062 --a------ C:\cc_20090109_150026.reg
2009-01-09 14:59 . 2009-01-09 14:59 <REP> d-------- c:\program files\CCleaner
2009-01-09 14:55 . 2009-01-09 14:55 <REP> d-------- c:\documents and settings\administrateur.GETA\Application Data\DivX
2009-01-09 14:51 . 2009-01-09 14:51 225 --a------ c:\windows\wininit.ini
2008-12-23 16:17 . 2008-10-23 13:36 286,720 --------- c:\windows\system32\dllcache\gdi32.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 12:53 45,965 ----a-w C:\tracedbg.dat
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-12_ 9.41.05,20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-12 14:37:24 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-13 13:33:54 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-11-12 14:37:24 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-13 13:33:54 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-12 14:37:24 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-01-13 13:33:54 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-11-12 14:37:24 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-13 13:33:54 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-12 14:37:24 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-13 13:33:54 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-12 14:37:24 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-13 13:33:54 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-12 14:37:24 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-13 13:33:54 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-12 14:37:24 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-13 13:33:54 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-12 14:37:24 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-13 13:33:54 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-12 14:37:24 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-13 13:33:54 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-12 14:37:24 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-13 13:33:54 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-12 14:37:24 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-13 13:33:54 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-12 14:37:24 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-13 13:33:54 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2000-05-11 12:06:20 397,312 ----a-w c:\windows\system32\MSRDO20.DLL
+ 2000-04-03 16:52:54 151,552 ----a-w c:\windows\system32\RDOCURS.DLL
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}]
2004-08-03 22:59 311296 --a------ c:\windows\system32\winsystems.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 200704]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2004-01-19 458752]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--a------ 2005-06-11 19:51 53248 c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
--a------ 2005-03-15 10:03 2893824 c:\acer\ePM\ePM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-08-18 19:38 352256 c:\program files\acer\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-07-18 20:06 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-08 14:43 688218 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-08 14:44 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 14:49 20480 c:\progra~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-08-09 15:17 14743552 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-04-10 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-04-10 78208]
R4 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [2007-02-27 61440]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-04-10 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-04-10 4010]
R4 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2005-11-09 36368]
S3 GTF32BUS;GT F32 BUS;c:\windows\system32\drivers\gtf32bus.sys [2006-04-18 32000]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2006-04-18 7936]
S3 GTSCSER;GT SC SER;c:\windows\system32\drivers\gtscser.sys [2006-04-18 18944]
S4 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2005-11-09 205328]
.
Contenu du dossier 'Tâches planifiées'

2008-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 14:45:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-01-13 14:46:01
ComboFix-quarantined-files.txt 2009-01-13 13:46:00
ComboFix4.txt 2009-01-12 08:57:10
ComboFix3.txt 2009-01-12 09:09:22
ComboFix5.txt 2009-01-13 13:41:18
ComboFix2.txt 2009-01-12 09:28:36

Avant-CF: 10,603,216,896 octets libres
Après-CF: 10,618,257,408 octets libres

217 --- E O F --- 2009-01-05 07:51:42
0
Réponse 3 / 3
Murmure
14 janv. 2009 à 09:21
Up ?
0

Discussions similaires

Télécharger le logiciel Encarta gratuit 2015 version française.
Rémy M. SAKI -
medab -

13 réponses
Telecharger encarta junior 2015 Gratuit en Francais
Chairman -
Weuz -

2 réponses