Virus
sofi
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je n'arrive pas à supprimer certains virus. J'ai un anti virus mc afee qui me signale tjs un generic artemis.Quand je fais un scan antivirus il ne me note aucun fichier détecté.
J'ai fait un scan combofix, quelqu'un peut-il m'aider à déchiffrer ? Merci
Voici le rapport combo.
ComboFix 09-02-28.01 - HP_Administrateur 2009-03-01 18:04:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.510.131 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0/u10EF3E4.swf
c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0/u112D1B2.jpg
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u10D05B0.urr
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u10EAE6F.urr
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u10F2072.dat
c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\instant access
c:\program files\instant access\Center\Icons\sexe69.lnk
c:\program files\instant access\Center\Sevenline.lnk
c:\program files\instant access\Center\Sevenline.upd
c:\program files\instant access\Center\sexe69.lnk
c:\program files\instant access\Center\sexe69.upd
c:\program files\instant access\Center\tray1.ico
c:\program files\instant access\DesktopIcons\Sevenline.lnk
c:\program files\instant access\DesktopIcons\sexe69.lnk
c:\program files\instant access\Dialer\707508613\es6-external-api.dlv4.com\js\3990590d69b35a13d6bb661e819557b2
c:\program files\instant access\Dialer\707508613\es6-scripts.nccgateway.com\Common\1ced85c80a66eb00c190f6abe549c67e.html
c:\program files\instant access\Dialer\707508613\www.f5biz.com\dial\htm\2d452a252d7687d6a628fff294552d0e.html
c:\program files\instant access\Dialer\707508613\www.f5biz.com\dial\htm\img\pix.gif
c:\program files\instant access\Multi\20061202171229\Common\module.php
c:\program files\instant access\Multi\20061202171229\dialerexe.ini
c:\program files\instant access\Multi\20061202171229\js\js_api_dialer.php
c:\program files\instant access\Multi\20061202171229\medias\button1.jpg
c:\program files\instant access\Multi\20061202171229\medias\button2.jpg
c:\program files\instant access\Multi\20061202171229\medias\button3.jpg
c:\program files\instant access\Multi\20061202171229\medias\button4.jpg
c:\program files\instant access\Multi\20061202171229\medias\dialer.ico
c:\program files\instant access\Multi\20061217131221\Common\module.php
c:\program files\instant access\Multi\20061217131221\dialerexe.ini
c:\program files\instant access\Multi\20061217131221\js\js_api_dialer.php
c:\program files\instant access\Multi\20061217131221\medias\4239_dialer.ico
c:\program files\instant access\Multi\20061217131221\medias\button1.gif
c:\program files\instant access\Multi\20061217131221\medias\button2.gif
c:\program files\instant access\Multi\20061217131221\medias\button3.gif
c:\program files\instant access\Multi\20061217131221\medias\button4.gif
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\[u]0/u0022FC0
c:\program files\MyWebSearch\bar\Cache\[u]0/u002FBAC
c:\program files\MyWebSearch\bar\Cache\[u]0/u006A124
c:\program files\MyWebSearch\bar\Cache\[u]0/u00AD3F9
c:\program files\MyWebSearch\bar\Cache\[u]0/u00ADF24
c:\program files\MyWebSearch\bar\Cache\[u]0/u0487253.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u04874B4.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u04876D7.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F1288
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F2B20
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F2E1E.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F32C2.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F3B4D.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F41E5.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u14BB636.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u14BB8F5.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u14BBB47.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u14BBEA2.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u262B5DB
c:\program files\MyWebSearch\bar\Cache\[u]0/u2B32AD7
c:\program files\MyWebSearch\bar\Cache\[u]0/u57B15C2.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\dialerexe.ini
c:\windows\pack.epk
c:\windows\system32\aaugq.dat
c:\windows\system32\aaugq.exe
c:\windows\system32\aaugq_nav.dat
c:\windows\system32\aaugq_navps.dat
c:\windows\system32\csnkpwh.dat
c:\windows\system32\csnkpwh_nav.dat
c:\windows\system32\csnkpwh_navps.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\jtteopma.dat
c:\windows\system32\jtteopma_nav.dat
c:\windows\system32\jtteopma_navps.dat
c:\windows\system32\nvs2.inf
c:\windows\tmlpcert2007
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-01 au 2009-03-01 ))))))))))))))))))))))))))))))))))))
.
2009-03-01 16:28 . 2009-03-01 16:28 <REP> d-------- c:\program files\Yahoo!
2009-03-01 16:28 . 2009-03-01 16:28 <REP> d-------- c:\program files\CCleaner
2009-03-01 16:28 . 2009-03-01 16:28 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\Yahoo!
2009-03-01 16:28 . 2009-03-01 16:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-22 12:02 . 2009-02-22 14:14 <REP> d-------- C:\musique + film
2009-02-15 10:20 . 2009-02-15 10:20 <REP> d-------- c:\windows\system32\fr
2009-02-15 10:20 . 2009-02-15 10:20 <REP> d-------- c:\windows\system32\bits
2009-02-14 17:05 . 2009-03-01 17:59 7,861 --a------ c:\windows\system32\Config.MPF
2009-02-14 16:50 . 2009-01-09 12:03 213,640 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-02-14 16:50 . 2008-10-23 13:08 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-02-14 16:50 . 2009-01-09 12:03 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-02-14 16:50 . 2009-01-09 12:03 40,552 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-02-14 16:50 . 2009-01-09 12:03 35,272 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-02-14 16:45 . 2009-01-09 12:03 34,216 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-02-14 14:57 . 2009-02-14 14:57 <REP> d-------- c:\windows\system32\AlertModule
2009-02-14 14:31 . 2009-02-14 14:31 <REP> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-02-14 14:24 . 2009-02-14 14:24 <REP> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-14 14:17 . 2009-02-14 16:48 <REP> d-------- c:\program files\McAfee.com
2009-02-14 14:17 . 2009-02-14 14:23 <REP> d-------- c:\program files\McAfee
2009-02-14 14:17 . 2009-02-14 16:50 <REP> d-------- c:\program files\Fichiers communs\McAfee
2009-02-14 13:27 . 2009-02-14 13:27 <REP> d-------- c:\windows\l2schemas
2009-02-14 13:25 . 2009-02-14 13:28 <REP> d-------- c:\windows\ServicePackFiles
2009-02-14 12:10 . 2009-02-14 14:26 <REP> d-------- c:\documents and settings\All Users\Application Data\McAfee
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 16:58 --------- d-----w c:\program files\Wanadoo
2009-03-01 15:18 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-01 15:11 --------- d-----w c:\program files\eMule
2009-02-28 19:18 --------- d-----w c:\program files\VideoLAN
2009-02-24 20:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 20:21 --------- d-----w c:\program files\MUSICMATCH
2009-02-24 20:11 --------- d-----w c:\program files\LG PC Suite
2009-02-21 12:24 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\LimeWire
2009-02-15 11:22 --------- d-----w c:\program files\MSN Messenger
2009-02-14 20:54 --------- d-----w c:\program files\Masta
2009-02-14 16:16 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-14 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-14 08:25 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Apple Computer
2009-02-14 08:09 --------- d-----w c:\program files\Java
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 22:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-12-20 22:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2008-12-20 22:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-12-19 09:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2007-09-02 13:30 126,316,416 -c--a-w c:\program files\Operation R'n'b II - By Dj Snipe New School CD1.mp3
2007-07-03 20:13 5,416,931 -c--a-w c:\program files\Dido - Don't Leave Home.mp3
2007-03-30 15:14 878 -c--a-w c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2006-05-07 15:17 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-04-17 16:35 22 -csha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-01-07 16384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-02 180269]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-28 270648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 c:\windows\KHALMNPR.Exe]
c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-02 27136]
c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-02 27136]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3codecp.acm
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.ap41"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"msacm.divxa32"= DivXa32.acm
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-14 206096]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-01-02 2799488]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2005-06-20 215040]
.
Contenu du dossier 'Tâches planifiées'
2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2009-02-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
2009-02-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
2009-03-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
2009-03-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKLM-Run-aaugq - c:\windows\system32\aaugq.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm795YYFR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 18:08:02
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-03-01 18:12:04
ComboFix-quarantined-files.txt 2009-03-01 17:11:53
Avant-CF: 95,466,397,696 octets libres
Après-CF: 95,450,808,320 octets libres
327 --- E O F --- 2009-02-24 20:29:25
Configuration: Windows XP
Internet Explorer 7.0
je n'arrive pas à supprimer certains virus. J'ai un anti virus mc afee qui me signale tjs un generic artemis.Quand je fais un scan antivirus il ne me note aucun fichier détecté.
J'ai fait un scan combofix, quelqu'un peut-il m'aider à déchiffrer ? Merci
Voici le rapport combo.
ComboFix 09-02-28.01 - HP_Administrateur 2009-03-01 18:04:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.510.131 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0/u10EF3E4.swf
c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0/u112D1B2.jpg
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u10D05B0.urr
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u10EAE6F.urr
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u10F2072.dat
c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\instant access
c:\program files\instant access\Center\Icons\sexe69.lnk
c:\program files\instant access\Center\Sevenline.lnk
c:\program files\instant access\Center\Sevenline.upd
c:\program files\instant access\Center\sexe69.lnk
c:\program files\instant access\Center\sexe69.upd
c:\program files\instant access\Center\tray1.ico
c:\program files\instant access\DesktopIcons\Sevenline.lnk
c:\program files\instant access\DesktopIcons\sexe69.lnk
c:\program files\instant access\Dialer\707508613\es6-external-api.dlv4.com\js\3990590d69b35a13d6bb661e819557b2
c:\program files\instant access\Dialer\707508613\es6-scripts.nccgateway.com\Common\1ced85c80a66eb00c190f6abe549c67e.html
c:\program files\instant access\Dialer\707508613\www.f5biz.com\dial\htm\2d452a252d7687d6a628fff294552d0e.html
c:\program files\instant access\Dialer\707508613\www.f5biz.com\dial\htm\img\pix.gif
c:\program files\instant access\Multi\20061202171229\Common\module.php
c:\program files\instant access\Multi\20061202171229\dialerexe.ini
c:\program files\instant access\Multi\20061202171229\js\js_api_dialer.php
c:\program files\instant access\Multi\20061202171229\medias\button1.jpg
c:\program files\instant access\Multi\20061202171229\medias\button2.jpg
c:\program files\instant access\Multi\20061202171229\medias\button3.jpg
c:\program files\instant access\Multi\20061202171229\medias\button4.jpg
c:\program files\instant access\Multi\20061202171229\medias\dialer.ico
c:\program files\instant access\Multi\20061217131221\Common\module.php
c:\program files\instant access\Multi\20061217131221\dialerexe.ini
c:\program files\instant access\Multi\20061217131221\js\js_api_dialer.php
c:\program files\instant access\Multi\20061217131221\medias\4239_dialer.ico
c:\program files\instant access\Multi\20061217131221\medias\button1.gif
c:\program files\instant access\Multi\20061217131221\medias\button2.gif
c:\program files\instant access\Multi\20061217131221\medias\button3.gif
c:\program files\instant access\Multi\20061217131221\medias\button4.gif
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\[u]0/u0022FC0
c:\program files\MyWebSearch\bar\Cache\[u]0/u002FBAC
c:\program files\MyWebSearch\bar\Cache\[u]0/u006A124
c:\program files\MyWebSearch\bar\Cache\[u]0/u00AD3F9
c:\program files\MyWebSearch\bar\Cache\[u]0/u00ADF24
c:\program files\MyWebSearch\bar\Cache\[u]0/u0487253.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u04874B4.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u04876D7.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F1288
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F2B20
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F2E1E.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F32C2.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F3B4D.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u10F41E5.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u14BB636.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u14BB8F5.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u14BBB47.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u14BBEA2.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u262B5DB
c:\program files\MyWebSearch\bar\Cache\[u]0/u2B32AD7
c:\program files\MyWebSearch\bar\Cache\[u]0/u57B15C2.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\dialerexe.ini
c:\windows\pack.epk
c:\windows\system32\aaugq.dat
c:\windows\system32\aaugq.exe
c:\windows\system32\aaugq_nav.dat
c:\windows\system32\aaugq_navps.dat
c:\windows\system32\csnkpwh.dat
c:\windows\system32\csnkpwh_nav.dat
c:\windows\system32\csnkpwh_navps.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\jtteopma.dat
c:\windows\system32\jtteopma_nav.dat
c:\windows\system32\jtteopma_navps.dat
c:\windows\system32\nvs2.inf
c:\windows\tmlpcert2007
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-01 au 2009-03-01 ))))))))))))))))))))))))))))))))))))
.
2009-03-01 16:28 . 2009-03-01 16:28 <REP> d-------- c:\program files\Yahoo!
2009-03-01 16:28 . 2009-03-01 16:28 <REP> d-------- c:\program files\CCleaner
2009-03-01 16:28 . 2009-03-01 16:28 <REP> d-------- c:\documents and settings\HP_Administrateur\Application Data\Yahoo!
2009-03-01 16:28 . 2009-03-01 16:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-22 12:02 . 2009-02-22 14:14 <REP> d-------- C:\musique + film
2009-02-15 10:20 . 2009-02-15 10:20 <REP> d-------- c:\windows\system32\fr
2009-02-15 10:20 . 2009-02-15 10:20 <REP> d-------- c:\windows\system32\bits
2009-02-14 17:05 . 2009-03-01 17:59 7,861 --a------ c:\windows\system32\Config.MPF
2009-02-14 16:50 . 2009-01-09 12:03 213,640 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-02-14 16:50 . 2008-10-23 13:08 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-02-14 16:50 . 2009-01-09 12:03 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-02-14 16:50 . 2009-01-09 12:03 40,552 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-02-14 16:50 . 2009-01-09 12:03 35,272 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-02-14 16:45 . 2009-01-09 12:03 34,216 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-02-14 14:57 . 2009-02-14 14:57 <REP> d-------- c:\windows\system32\AlertModule
2009-02-14 14:31 . 2009-02-14 14:31 <REP> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-02-14 14:24 . 2009-02-14 14:24 <REP> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-14 14:17 . 2009-02-14 16:48 <REP> d-------- c:\program files\McAfee.com
2009-02-14 14:17 . 2009-02-14 14:23 <REP> d-------- c:\program files\McAfee
2009-02-14 14:17 . 2009-02-14 16:50 <REP> d-------- c:\program files\Fichiers communs\McAfee
2009-02-14 13:27 . 2009-02-14 13:27 <REP> d-------- c:\windows\l2schemas
2009-02-14 13:25 . 2009-02-14 13:28 <REP> d-------- c:\windows\ServicePackFiles
2009-02-14 12:10 . 2009-02-14 14:26 <REP> d-------- c:\documents and settings\All Users\Application Data\McAfee
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 16:58 --------- d-----w c:\program files\Wanadoo
2009-03-01 15:18 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-01 15:11 --------- d-----w c:\program files\eMule
2009-02-28 19:18 --------- d-----w c:\program files\VideoLAN
2009-02-24 20:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 20:21 --------- d-----w c:\program files\MUSICMATCH
2009-02-24 20:11 --------- d-----w c:\program files\LG PC Suite
2009-02-21 12:24 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\LimeWire
2009-02-15 11:22 --------- d-----w c:\program files\MSN Messenger
2009-02-14 20:54 --------- d-----w c:\program files\Masta
2009-02-14 16:16 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-14 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-14 08:25 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Apple Computer
2009-02-14 08:09 --------- d-----w c:\program files\Java
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 22:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-12-20 22:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2008-12-20 22:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-12-19 09:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2007-09-02 13:30 126,316,416 -c--a-w c:\program files\Operation R'n'b II - By Dj Snipe New School CD1.mp3
2007-07-03 20:13 5,416,931 -c--a-w c:\program files\Dido - Don't Leave Home.mp3
2007-03-30 15:14 878 -c--a-w c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2006-05-07 15:17 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-04-17 16:35 22 -csha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-01-07 16384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-02 180269]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-28 270648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 c:\windows\KHALMNPR.Exe]
c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-02 27136]
c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-02 27136]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3codecp.acm
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.ap41"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"msacm.divxa32"= DivXa32.acm
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-14 206096]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-01-02 2799488]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2005-06-20 215040]
.
Contenu du dossier 'Tâches planifiées'
2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2009-02-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
2009-02-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
2009-03-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
2009-03-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKLM-Run-aaugq - c:\windows\system32\aaugq.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm795YYFR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 18:08:02
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-03-01 18:12:04
ComboFix-quarantined-files.txt 2009-03-01 17:11:53
Avant-CF: 95,466,397,696 octets libres
Après-CF: 95,450,808,320 octets libres
327 --- E O F --- 2009-02-24 20:29:25
Configuration: Windows XP
Internet Explorer 7.0
A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
1 réponse
slt combofix a fait le ménage!
__________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
__________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
