Bonjour,
Ramnit vient de me faire une manchette moldave... comment puis je m'en débarasser?
j'ai lancé combofix mais là maintenant je suis un peu perdue...
voilà le rapport combofix:
ComboFix 11-12-06.02 - GJ 07/12/2011 17:43:24.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1021.462 [GMT 1:00]
Lancé depuis: c:\documents and settings\GJ\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-11-07 au 2011-12-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-12-07 10:35 . 2011-12-07 11:21 -------- d-----w- C:\ZHP
2011-12-07 10:34 . 2011-12-07 11:40 -------- d-----w- c:\program files\ZHPDiag
2011-12-06 16:25 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-06 16:25 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-06 16:25 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-06 16:25 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-06 16:25 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-06 16:25 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-06 16:25 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-06 16:25 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-06 16:25 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-06 16:25 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-06 16:24 . 2011-12-06 16:24 -------- d-----w- c:\program files\AVAST Software
2011-12-06 16:24 . 2011-12-06 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-06 08:55 . 2011-11-21 04:28 134104 ------w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-06 08:55 . 2011-11-21 04:28 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-12-06 08:55 . 2011-11-21 04:28 801752 ------w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-12-06 08:55 . 2011-11-21 04:28 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-12-06 08:55 . 2011-11-21 04:28 1989592 ------w- c:\program files\Mozilla Firefox\mozjs.dll
2011-12-06 08:55 . 2011-11-21 04:28 15832 ------w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-12-06 08:55 . 2011-11-21 01:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-12-06 08:55 . 2011-11-21 01:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-12-06 08:25 . 2011-12-07 09:47 -------- d-----w- c:\documents and settings\GJ\Local Settings\Application Data\mddfggxm
2011-11-17 08:54 . 2011-11-17 08:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-11-10 08:55 . 2011-11-10 08:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 08:54 . 2011-11-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-11-10 07:31 . 2011-12-06 16:19 -------- d-----w- c:\documents and settings\GJ\Local Settings\Application Data\Akamai
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:23 . 2007-10-02 12:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-03-02 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2011-09-26 09:41 614400 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-11-21 04:28 . 2011-12-06 08:55 134104 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-10 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16116224]
"SkyTel"="SkyTel.EXE" [2007-03-13 2879488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-13 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-13 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-13 94208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 86016]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-11-24 491520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\RAIDar\\RAIDar.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/12/2011 17:25 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/12/2011 17:25 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/12/2011 17:25 20568]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/03/2010 17:50 135664]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/03/2010 17:50 135664]
.
Contenu du dossier 'Tâches planifiées'
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 16:50]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-10 16:50]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: gouv.fr\impots
Trusted Zone: gouv.fr\tva.dgi.minefi
Trusted Zone: msn.com\fr
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
TCP: Interfaces\{1EA23690-8686-4A2C-A9E5-41EBAF1CCE3B}: NameServer = 193.252.19.3,193.252.19.4
DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} - hxxps://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
FF - ProfilePath - c:\documents and settings\GJ\Application Data\Mozilla\Firefox\Profiles\6wm6k5rn.default\
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-12-07 17:53
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
C:\## aswSnx private storage
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Heure de fin: 2011-12-07 17:56:42
ComboFix-quarantined-files.txt 2011-12-07 16:56
.
Avant-CF: 56 645 169 152 octets libres
Après-CF: 56 629 747 712 octets libres
.
- - End Of File - - BC1650345C99339A5B584828455052E0
Afficher la suite