Rootkit dectecté par avast C:\SETUP.EXE

Je n'ai pas de rapport et Avast ne trouvait rien pendant les analyses c'est juste des alertes je vais faire tout ce que tu m'a marqué a tout de suite :)

Et voila :)


ComboFix 08-06-16.5 - François 2008-06-18 18:51:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.476 [GMT 2:00]
Endroit: C:\Documents and Settings\François\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\setup.exe
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.

2008-06-18 18:32 . 2008-06-18 18:32 <REP> d----c--- C:\Deckard
2008-06-18 18:29 . 2008-06-18 18:29 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-06-18 17:56 . 2008-06-18 18:02 <REP> d-------- C:\Program Files\RootKit Hook Analyzer
2008-06-18 17:56 . 2007-07-07 00:39 19,248 --a------ C:\WINDOWS\system32\drivers\rspsc32.sys
2008-06-17 19:06 . 2008-06-17 19:06 <REP> d-------- C:\Program Files\CCleaner
2008-06-14 10:53 . 2008-06-14 10:53 <REP> d-------- C:\WINDOWS\system32\fr
2008-06-14 10:53 . 2008-06-14 10:53 <REP> d-------- C:\WINDOWS\system32\bits
2008-06-14 10:53 . 2008-06-14 10:53 <REP> d-------- C:\WINDOWS\l2schemas
2008-06-14 10:51 . 2008-06-14 10:54 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-06-14 10:45 . 2008-06-14 10:45 <REP> d-------- C:\WINDOWS\EHome
2008-06-14 10:41 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-06-14 10:41 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-06-14 10:41 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-06-14 10:41 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-06-14 10:41 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-06-14 10:41 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-06-14 10:41 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-06-14 10:41 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-06-14 10:39 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-11 18:56 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:56 . 2008-04-14 17:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 18:56 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-08 21:40 . 2008-06-08 21:40 <REP> d-------- C:\Documents and Settings\Nadine\Application Data\HP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 16:49 --------- d-----w C:\Program Files\Wanadoo
2008-06-17 09:54 --------- d-----w C:\Program Files\Microsoft Money
2008-06-15 13:41 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-14 11:08 --------- d-----w C:\Documents and Settings\François\Application Data\TaoUSign
2008-06-14 09:05 --------- d-----w C:\Program Files\MSN Messenger
2008-05-26 17:39 4,430 ----a-w C:\Documents and Settings\François\Application Data\wklnhst.dat
2008-05-14 17:17 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-05-14 17:17 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-14 17:15 --------- d-----w C:\Program Files\Real
2008-05-12 16:38 --------- d-----w C:\Program Files\RealPlayer
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll
2008-04-14 02:32 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll
2008-04-14 02:32 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 02:32 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 02:32 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
2008-04-14 02:32 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
2008-04-14 02:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 01:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:43 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-12-16 17:50 850 ----a-w C:\Documents and Settings\Marie\Application Data\wklnhst.dat
2006-09-12 22:34 154 ----a-w C:\Documents and Settings\Nadine\Application Data\wklnhst.dat
2006-07-09 14:47 154 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 10:08 68856]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-05-28 16:40 1197296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 02:29 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 07:11 49152]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PCDrSmartMonitor"="C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2005-12-20 20:34 368640]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-02-16 15:37 90112]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2005-10-31 13:20 503808]
"WD Button Manager"="WDBtnMgr.exe" [2006-12-28 20:52 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 01:15:02 27136]

C:\Documents and Settings\Marie\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 01:15:02 27136]
WKCALREM.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 02:54:26 15360]

C:\Documents and Settings\Nadine\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 01:15:02 27136]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 01:15:02 27136]

C:\Documents and Settings\Fran‡ois\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 01:15:02 27136]
WKCALREM.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 02:54:26 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2006-12-28 20:42:14 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2003-06-18 12:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-02 15:43]
R3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2005-11-22 02:27]
R3 RSPHOOKANALYZER;RSPHOOKANALYZER;C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\rspsc32.sys []
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S3 ATIXPGAA;ATIXPGAA;C:\Program Files\PC-Doctor 5 for Windows\ATIXPGAA.SYS []
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 14:12]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 14:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e0e8ad1-3be1-11dd-8430-001617262ae5}]
\Shell\AutoRun\command - F:\CD-LOGIS2007-2004-2.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-02 10:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 19:25:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2008-06-18 16:22:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-18 16:50:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B754C41B-3309-4E34-814C-00BDF31B0871}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 18:53:50
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms"
.
Temps d'accomplissement: 2008-06-18 18:54:45
ComboFix-quarantined-files.txt 2008-06-18 16:54:39

Pre-Run: 171,070,115,840 octets libres
Post-Run: 171,562,778,624 octets libres

220 --- E O F --- 2008-06-18 15:57:03

Je viens de remettre l'anti virus j'attends...
IL dit quoi le dernier rapport?


(merci de ton aide ^^ j'avais oublié de le marquer :p)

Merci de ton aide je suis obligée de partir je te ferais tout ca demain.

Arg je suis désolée de faire quatre post a suivre rien que de moi mais si quelqu'un pouvait m'aider...

En plus je ne sais pas si c'est lié mais depuis que j'ai fait la dernière chose j'ai des soucis avec microsoft word il ne répond plus quand je l'ouvre je suis obligée de le forcer a se fermer :(

Je viens de lire que mon helpeur était parti du forum quelqu'un pourrait reprendre la suite?


merci d'avance

:)