Cheval de troie win 64 sirefef er win32Atraps

Bonjour,

J'ai le meme probleme avec le cheval de troie win 64 sirefef et win 32;Atraps-Pf,
pouvez vous m'aider (Windows XP / Internet Explorer 8.0)

Voici mon rapport obtenu avec combofix,
ComboFix 12-07-02.01 - ISA 03/07/2012 22:45:21.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.486 [GMT 2:00]
Lancé depuis: c:\documents and settings\ISA\Bureau\isa.exe
AV: avast! antivirus 4.8.1368 [VPS 120703-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
[i] ADS - svchost.exe: deleted 68 bytes in 1 streams. /i
[i] ADS - netcfgx.dll: deleted 100 bytes in 1 streams. /i
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\ISA\Application Data\shacoc.dll
c:\documents and settings\ISA\Local Settings\Application Data\{e650a2eb-1a9b-9c24-5229-37e642b51fe6}
c:\documents and settings\ISA\Local Settings\Application Data\{e650a2eb-1a9b-9c24-5229-37e642b51fe6}\@
c:\documents and settings\ISA\Local Settings\Application Data\{e650a2eb-1a9b-9c24-5229-37e642b51fe6}\n
c:\documents and settings\ISA\Local Settings\Application Data\{e650a2eb-1a9b-9c24-5229-37e642b51fe6}\U\00000004.@
c:\documents and settings\ISA\Local Settings\Application Data\{e650a2eb-1a9b-9c24-5229-37e642b51fe6}\U\00000008.@
c:\documents and settings\ISA\Local Settings\Application Data\{e650a2eb-1a9b-9c24-5229-37e642b51fe6}\U\000000cb.@
c:\documents and settings\ISA\Recent\Thumbs.db
c:\documents and settings\ISA\WINDOWS
c:\program files\INSTALL.LOG
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-03 au 2012-07-03 ))))))))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 09:38 . 2012-04-24 09:38 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-24 09:37 . 2011-08-17 18:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-07 39408]
"Facebook Update"="c:\documents and settings\ISA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-03-23 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetIcon"="c:\program files\SMSC\Seticon.exe" [2003-07-29 40960]
"HGTXPEI"="c:\windows\system32\FirstReboot.exe" [2002-06-11 24576]
"SoundFusion"="hercplgs.cpl" [2002-12-20 453120]
"HPWireless"="c:\program files\HP Wireless Adapter\HPWLAN.exe" [2006-10-04 618496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2001-02-14 168013]
"avast!"="d:\disque~1\Avast\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="d:\disque dur c\quicktime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Démarrage rapide du logiciel HP Image Zone.lnk - d:\disque dur c\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
E-Color.lnk - d:\common\IconMgr.exe [N/A]
HP Digital Imaging Monitor.lnk - d:\disque dur c\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=c:\windows\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Photo Express Calendar Checker SE.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Redémarrer le gestionnaire de connexion.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Redémarrer le gestionnaire de connexion.lnk
backup=c:\windows\pss\Redémarrer le gestionnaire de connexion.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-06-10 19:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2001-12-06 12:09 45056 ----a-w- d:\disque dur c\Clone CD\CloneCD\ElbyCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2002-04-15 08:12 57344 ----a-w- d:\disque dur c\Clone CD\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 08:36 256576 ----a-w- d:\disque dur c\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51 25088 ------w- d:\disque dur c\Ulead Photo Express\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- d:\disque dur c\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2001-02-14 00:59 168013 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\DISQUE DUR C\\Emule\\emule.exe"=
"d:\\DISQUE DUR C\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\ISA\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2007 18:49 682232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/06/2011 21:38 114768]
R1 lkbdhlpr;Logitech Keyboard Class Helper Driver;c:\windows\system32\drivers\LKBDHLPR.SYS [15/03/2005 22:41 9952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/06/2011 21:38 20560]
R2 HPEAPPkt;Realtek EAPPkt Protocol(HP);c:\windows\system32\drivers\HPEAPPkt.sys [16/03/2008 16:27 68864]
R3 hercspud;Hercules (R) WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys [15/03/2005 23:55 135936]
R3 hercwdm;Hercules (R) WDM Interface Driver;c:\windows\system32\drivers\hercwdm.sys [15/03/2005 23:55 466688]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [16/03/2008 16:32 10752]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [16/03/2008 16:32 37120]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/11/2010 17:11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24/04/2012 11:38 253088]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07/11/2010 17:11 136176]
S3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [16/03/2008 16:32 11648]
S3 RTLWUSB;Wireless Adapter;c:\windows\system32\drivers\HPL8187.SYS [16/03/2008 16:27 189440]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [16/03/2008 16:27 13532]
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 09:38]
.
2012-07-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-179605362-839522115-1003Core.job
- c:\documents and settings\ISA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-23 21:39]
.
2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-179605362-839522115-1003UA.job
- c:\documents and settings\ISA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-23 21:39]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 15:11]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 15:11]
.
2012-07-03 c:\windows\Tasks\User_Feed_Synchronization-{1C6D4B17-8990-477A-A45B-9D1A90C3FA16}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ISA\Application Data\Mozilla\Firefox\Profiles\924y50j2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-LogitechSetup - e:\setup\Setup.exe
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
HKLM-Run-shacoc - c:\documents and settings\ISA\Application Data\shacoc.dll
HKU-Default-Run-Picasa Media Detector - d:\disque dur c\Picasa\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-BDSwitchAgent - c:\program files\Softwin\BitDefender9\bdswitch.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - d:\disque dur c\HP imprim psc 2355\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
MSConfigStartUp-LVCOMSX - c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
MSConfigStartUp-Norton Ghost 9 - c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-Steam - l:\dossier jeux\Counter strike\Steam.exe
AddRemove-DVDFab HD Decrypter_is1 - m:\dvdfab hd decrypter 3\unins000.exe
AddRemove-Mystery Case Files Prime Suspects_is1 - d:\dossier jeux\Mystery Case Files - Prime Suspects\MysteryCaseFiles'PrimeSuspects'v1.1\Mystery Case Files - Prime Suspects\Mystery Case Files Prime Suspects\unins000.exe
AddRemove-pob8 - d:\dossier jeux\Petit Ours Brun\POB 8\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111201613} - c:\program files\Oberon Media\Dynasty\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 22:50
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2012-07-03 22:53:02
ComboFix-quarantined-files.txt 2012-07-03 20:53
.
Avant-CF: 3 731 910 656 octets libres
Après-CF: 4 136 120 320 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D9452E3CA5E84B6E531CB79A4CEE7DEC



Merci de votre réponse.

Cordialement