Ordinateur infecté par virus ihavenet [Résolu/Fermé]

Signaler
Messages postés
4
Date d'inscription
mercredi 3 avril 2013
Statut
Membre
Dernière intervention
4 avril 2013
-
 Utilisateur anonyme -
Bonsoir Guillaume,

Merci beaucoup pour ton aide. Je te poste ci-dessous le compte-rendu du scan combofix:

ComboFix 13-04-02.01 - FRANCK 03/04/2013 21:48:26.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.399 [GMT 2:00]
Lancé depuis: c:\documents and settings\FRANCK\Mes documents\TÚlÚchargements\asdehi.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Vivie\Local Settings\Application Data\assembly\tmp
c:\windows\system32\ijl11.dll
c:\windows\system32\images
c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR'
c:\windows\system32\images\1.ico
c:\windows\system32\images\2.ico
c:\windows\system32\images\3.ico
c:\windows\system32\images\4.ico
c:\windows\system32\images\5.ico
c:\windows\system32\images\Flèche bas.ico
c:\windows\system32\images\Flèche haut.ico
c:\windows\system32\LANG\ENGLISH.LNG
c:\windows\system32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-03-03 au 2013-04-03 ))))))))))))))))))))))))))))))))))))
.
.
2013-04-03 19:34 . 2013-04-03 19:34 -------- d-----w- c:\documents and settings\All Users\Favoris
2013-03-22 16:43 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 12:22 . 2013-03-06 23:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-22 12:22 . 2013-03-06 23:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-22 12:22 . 2013-03-06 23:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-22 12:22 . 2013-03-06 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-22 12:22 . 2013-03-06 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-22 12:22 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-22 12:22 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-22 12:22 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-22 12:22 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-22 12:21 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-22 12:07 . 2013-03-22 12:07 -------- d-sh--w- c:\documents and settings\FRANCK\IECompatCache
2013-03-20 09:16 . 2013-03-20 09:16 -------- d-----w- c:\documents and settings\FRANCK\Application Data\Orange
2013-03-20 09:16 . 2013-03-20 09:16 -------- d-sh--w- c:\documents and settings\FRANCK\PrivacIE
2013-03-19 14:46 . 2013-03-19 14:46 98304 --sha-r- c:\windows\system32\w32timek.dll
2013-03-15 16:49 . 2013-03-15 16:49 1409 ----a-w- c:\windows\QTFont.for
2013-03-07 08:21 . 2013-03-07 08:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-07 08:21 . 2013-03-07 08:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 18:58 . 2012-05-24 05:13 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:58 . 2012-05-24 05:13 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-07 08:20 . 2012-05-14 19:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-07 08:20 . 2012-05-14 19:18 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-12 00:32 . 2009-05-25 10:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 00:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-30 10:53 . 2012-04-27 16:34 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-19 17:09 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2005-03-02 10:13 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2006-12-13 12:48 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2006-12-13 12:49 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 11:40 . 2013-03-08 11:38 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2009-02-16 319488]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MDM"=2 (0x2)
"ICDSPTSV"=3 (0x3)
"gusvc"=3 (0x3)
"AcerMemUsageCheckService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [22/03/2013 14:22 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22/03/2013 14:22 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/03/2013 14:22 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/03/2013 14:22 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [22/03/2013 14:22 66336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/03/2013 18:43 21104]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [15/07/2010 13:18 27632]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [22/03/2013 14:22 164736]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [30/09/2008 20:22 39048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 11:28 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 18:58]
.
2013-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
2013-04-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-22 23:32]
.
2013-04-01 c:\windows\Tasks\backup.job
- c:\windows\system32\ntbackup.exe [2004-08-19 02:34]
.
2013-04-03 c:\windows\Tasks\bdxxuz.job
- c:\windows\system32\w32timek.dll [2013-03-19 14:46]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-01 08:11]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-01 08:11]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-220523388-725345543-1003Core.job
- c:\documents and settings\Vivie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-29 12:08]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-220523388-725345543-1003UA.job
- c:\documents and settings\Vivie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-29 12:08]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\FRANCK\Application Data\Mozilla\Firefox\Profiles\8psagml5.default\
FF - ExtSQL: 2013-03-19 18:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\FRANCK\Application Data\Mozilla\Firefox\Profiles\8psagml5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-22 13:21; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
AddRemove-kpbrecae - c:\documents and settings\vivie\local settings\application data\kpbrecae.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-03 21:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*-€|ÿÿÿÿ;*€|é*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2013-04-03 22:00:35
ComboFix-quarantined-files.txt 2013-04-03 20:00
.
Avant-CF: 3 636 924 416 octets libres
Après-CF: 3 869 622 272 octets libres
.
- - End Of File - - 7E75A92A6A678FDBE94184A71875F17F

Encore merci!!

Franck

1 réponse