A voir également:
- Antivirus xp virus
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Comodo antivirus - Télécharger - Sécurité
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Avast antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Cle windows xp - Guide
1 réponse
J'ai fais un scan avec Combofix, pourriez-vous me dire la suite des opérations svp.
voici le rapport combofix.txt :
ComboFix 08-10-16.08 - diane 2008-10-17 17:27:03.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1245 [GMT 3:00]
Lancé depuis: C:\Documents and Settings\diane\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\diane\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\diane\Menu Démarrer\Antivirus 2009
C:\Documents and Settings\diane\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk
C:\Documents and Settings\diane\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk
C:\Program Files\Antivirus 2009
C:\Program Files\Antivirus 2009\av2009.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\ieupdates.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-17 au 2008-10-17 ))))))))))))))))))))))))))))))))))))
.
2008-10-15 00:18 . 2008-10-17 16:52 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-10-08 21:57 . 2008-10-08 21:57 <REP> d-------- C:\Documents and Settings\diane\Application Data\Image Zone Express
2008-10-08 21:23 . 2008-10-08 21:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-08 21:15 . 2008-10-08 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-08 21:15 . 2007-03-29 19:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-10-08 21:15 . 2008-10-08 21:35 162,188 --a------ C:\WINDOWS\hpoins14.dat
2008-10-08 21:15 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-10-08 21:15 . 2008-04-02 11:01 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-10-08 21:14 . 2007-03-16 20:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-10-08 21:14 . 2007-03-16 20:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-10-08 21:14 . 2007-03-07 08:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-10-08 21:14 . 2007-03-07 08:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-10-08 21:14 . 2007-03-16 20:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-10-04 11:20 . 2008-10-04 11:20 109,056 --a------ C:\WINDOWS\system32\ieexplorer32.exe
2008-09-23 12:44 . 2008-09-24 00:30 <REP> d-------- C:\Documents and Settings\diane\amsn
2008-09-23 12:43 . 2008-09-23 12:43 <REP> d-------- C:\Program Files\aMSN
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 14:03 --------- d-----w C:\Documents and Settings\diane\Application Data\Skype
2008-10-16 16:03 --------- d-----w C:\Documents and Settings\diane\Application Data\OpenOffice.org2
2008-10-08 18:34 --------- d-----w C:\Program Files\Digital Imaging
2008-10-08 18:23 --------- d-----w C:\Program Files\HP Software Update
2008-10-08 18:23 --------- d-----w C:\Program Files\HP
2008-10-06 10:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-06 10:39 --------- d-----w C:\Program Files\Wanadoo
2008-10-02 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-28 21:59 --------- d-----w C:\Documents and Settings\diane\Application Data\HP
2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-29 22:17 --------- d-----w C:\Program Files\Dictionnaire
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-18 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-18 13:32 --------- d-----w C:\Program Files\Image Zone Express
2008-08-18 13:32 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-08-18 13:27 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-14 13:39 2,144,768 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:39 2,022,912 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-10-01 05:38 404,110 ----a-w C:\Program Files\ProductContext1310.log
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-05 25370152]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="C:\Program Files\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]
C:\Documents and Settings\diane\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
HP Digital Imaging Monitor.lnk - C:\Program Files\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\diane\\Bureau\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\aMSN\\bin\\wish.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 29056]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45b44dc2-7ea9-11dd-86cd-0060b30f1c2c}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aba1860-ce8b-11dc-858c-8d5ad8108a09}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aba1861-ce8b-11dc-858c-8d5ad8108a09}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94d16f74-e61b-11dc-85cb-8f0d16495d63}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a142fff9-0940-11dd-8626-00c0a8cc0095}]
\Shell\Auto\command - E:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc7948a0-4db4-11dd-869d-00c0a8cc0095}]
\Shell\AutoRun\command - F:\EmDesk.exe
\Shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34be8c7-5ba8-11dc-8455-00c0a8cc0095}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6af0be2-d1d3-11dc-8596-bf2cf131d663}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c945b6-5337-11dc-842e-00030d53f366}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-09-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\diane\Application Data\Mozilla\Firefox\Profiles\cvmh05vh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.lemonde.fr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 17:29:18
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Heure de fin: 2008-10-17 17:31:37
ComboFix-quarantined-files.txt 2008-10-17 14:30:57
Avant-CF: 69,759,234,048 octets libres
Après-CF: 70,642,274,304 octets libres
195 --- E O F --- 2008-10-16 05:52:53
voici le rapport combofix.txt :
ComboFix 08-10-16.08 - diane 2008-10-17 17:27:03.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1245 [GMT 3:00]
Lancé depuis: C:\Documents and Settings\diane\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\diane\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\diane\Menu Démarrer\Antivirus 2009
C:\Documents and Settings\diane\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk
C:\Documents and Settings\diane\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk
C:\Program Files\Antivirus 2009
C:\Program Files\Antivirus 2009\av2009.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\ieupdates.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-17 au 2008-10-17 ))))))))))))))))))))))))))))))))))))
.
2008-10-15 00:18 . 2008-10-17 16:52 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-10-08 21:57 . 2008-10-08 21:57 <REP> d-------- C:\Documents and Settings\diane\Application Data\Image Zone Express
2008-10-08 21:23 . 2008-10-08 21:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-08 21:15 . 2008-10-08 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-08 21:15 . 2007-03-29 19:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-10-08 21:15 . 2008-10-08 21:35 162,188 --a------ C:\WINDOWS\hpoins14.dat
2008-10-08 21:15 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-10-08 21:15 . 2008-04-02 11:01 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-10-08 21:14 . 2007-03-16 20:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-10-08 21:14 . 2007-03-16 20:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-10-08 21:14 . 2007-03-07 08:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-10-08 21:14 . 2007-03-07 08:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-10-08 21:14 . 2007-03-16 20:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-10-04 11:20 . 2008-10-04 11:20 109,056 --a------ C:\WINDOWS\system32\ieexplorer32.exe
2008-09-23 12:44 . 2008-09-24 00:30 <REP> d-------- C:\Documents and Settings\diane\amsn
2008-09-23 12:43 . 2008-09-23 12:43 <REP> d-------- C:\Program Files\aMSN
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 14:03 --------- d-----w C:\Documents and Settings\diane\Application Data\Skype
2008-10-16 16:03 --------- d-----w C:\Documents and Settings\diane\Application Data\OpenOffice.org2
2008-10-08 18:34 --------- d-----w C:\Program Files\Digital Imaging
2008-10-08 18:23 --------- d-----w C:\Program Files\HP Software Update
2008-10-08 18:23 --------- d-----w C:\Program Files\HP
2008-10-06 10:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-06 10:39 --------- d-----w C:\Program Files\Wanadoo
2008-10-02 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-28 21:59 --------- d-----w C:\Documents and Settings\diane\Application Data\HP
2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-29 22:17 --------- d-----w C:\Program Files\Dictionnaire
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-18 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-18 13:32 --------- d-----w C:\Program Files\Image Zone Express
2008-08-18 13:32 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-08-18 13:27 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-14 13:39 2,144,768 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:39 2,022,912 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-10-01 05:38 404,110 ----a-w C:\Program Files\ProductContext1310.log
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-05 25370152]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="C:\Program Files\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]
C:\Documents and Settings\diane\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
HP Digital Imaging Monitor.lnk - C:\Program Files\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\diane\\Bureau\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\aMSN\\bin\\wish.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 29056]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45b44dc2-7ea9-11dd-86cd-0060b30f1c2c}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aba1860-ce8b-11dc-858c-8d5ad8108a09}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aba1861-ce8b-11dc-858c-8d5ad8108a09}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94d16f74-e61b-11dc-85cb-8f0d16495d63}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a142fff9-0940-11dd-8626-00c0a8cc0095}]
\Shell\Auto\command - E:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc7948a0-4db4-11dd-869d-00c0a8cc0095}]
\Shell\AutoRun\command - F:\EmDesk.exe
\Shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34be8c7-5ba8-11dc-8455-00c0a8cc0095}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6af0be2-d1d3-11dc-8596-bf2cf131d663}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c945b6-5337-11dc-842e-00030d53f366}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-09-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\diane\Application Data\Mozilla\Firefox\Profiles\cvmh05vh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.lemonde.fr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 17:29:18
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Heure de fin: 2008-10-17 17:31:37
ComboFix-quarantined-files.txt 2008-10-17 14:30:57
Avant-CF: 69,759,234,048 octets libres
Après-CF: 70,642,274,304 octets libres
195 --- E O F --- 2008-10-16 05:52:53
