Bonjour,
J'ai localisé des virus avec Malwarebytes et ils sont mis en quatantaine. Est-ce que je peux les supprimer.
Voir ci-dessous les rapports Malwarebytes (2) et Hijackthis:
RECHERCHE SUR PARTITION C SYSTEME WINDOWS:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1490
Windows 5.1.2600 Service Pack 3
12/12/2008 22:09:36
mbam-log-2008-12-12 (22-09-36).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 108395
Temps écoulé: 16 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\yukawcth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
RECHERCHE SUR PARTITION E :
Type de recherche: Examen complet (E:\|)
Eléments examinés: 52838
Temps écoulé: 2 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ikgewenw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnnNheE.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fbyxvl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBsqNed.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3fe63559-082a-46fe-99af-b506ca9e31e1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fe63559-082a-46fe-99af-b506ca9e31e1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebsqned (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0fdb385-5784-4447-9312-1aa914fb94e5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f0fdb385-5784-4447-9312-1aa914fb94e5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3fe63559-082a-46fe-99af-b506ca9e31e1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0fdb385-5784-4447-9312-1aa914fb94e5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e0e3e28b (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnnnhee -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnnhee -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\fbyxvl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBsqNed.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnnNheE.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\EehNnnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EehNnnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikgewenw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wnewegki.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
RAPPORT Hijackthis après mise en quarantaine:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:36, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Nettoyage\Rapport analyse HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: PopUpBlocker ; XpTuner2004 - {49E0E0F0-5C30-11D4-945D-000000000010} - C:\PROGRA~1\Simon Tools\XP Tuner\PopUp.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/...
O20 - AppInit_DLLs: fbyxvl.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Afficher la suite
13 déc. 2008 à 22:12
Par contre j'ai un message qui me dit que Windows n'est pas l'original ...
ComboFix 08-12-12.05 - Administrateur 2008-12-13 21:54:54.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3327.2830 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\cbXOFwVo.dll
c:\windows\system32\lsrc.dll
c:\windows\system32\mfc45.dll
c:\windows\system32\sysinfo.exe
c:\windows\system32\VB4FR32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\xmltok.dll
c:\windows\Tasks\jaunuthj.job
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
.
2008-12-12 22:49 . 2008-12-12 22:49 <REP> d-------- c:\documents and settings\Invité\Application Data\HPAppData
2008-12-09 18:32 . 2008-12-09 18:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 18:32 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 18:32 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-08 22:16 . 2008-12-08 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 22:16 . 2008-12-08 22:16 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-12-07 18:23 . 2008-12-07 19:24 <REP> d-------- c:\program files\Navilog1
2008-12-07 11:32 . 2008-12-07 18:14 <REP> d-------- C:\ToolBar SD
2008-11-30 20:23 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-30 20:23 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-30 20:22 . 2008-11-30 20:23 <REP> d-------- c:\program files\iTunes
2008-11-30 20:22 . 2008-11-30 20:22 <REP> d-------- c:\program files\iPod
2008-11-30 20:22 . 2008-11-30 20:23 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 19:41 . 2008-11-28 19:47 <REP> d-------- c:\program files\PasToucheXP
2008-11-28 10:00 . 2008-11-28 10:00 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Ahead
2008-11-27 18:48 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-11-27 18:48 . 2002-04-24 12:43 35,840 --a------ c:\windows\system32\comdlg32.oca
2008-11-27 18:48 . 2002-04-09 17:23 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-27 18:48 . 2002-10-17 10:35 26,096 --a------ c:\windows\system32\xmlinst.exe
2008-11-27 18:48 . 2002-01-07 16:30 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-11-22 16:29 . 2008-11-22 16:29 <REP> d-------- c:\windows\speech
2008-11-22 16:29 . 2008-11-22 17:38 <REP> d-------- c:\windows\Lhsp
2008-11-22 16:29 . 2008-11-22 16:29 <REP> d-------- c:\program files\LudoSoft
2008-11-22 16:29 . 2003-11-04 01:31 221,184 --a------ c:\windows\system32\HookMenu.ocx
2008-11-22 16:29 . 1998-06-24 00:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-11-22 16:29 . 2004-03-09 00:00 131,856 --a------ c:\windows\system32\MSADODC.OCX
2008-11-21 21:24 . 2008-11-21 21:24 <REP> d-------- c:\documents and settings\Invité\Application Data\Thunderbird
2008-11-18 18:54 . 2008-10-01 22:20 <REP> d--h----- c:\documents and settings\Invité\Voisinage réseau
2008-11-18 18:54 . 2008-10-01 22:20 <REP> d--h----- c:\documents and settings\Invité\Voisinage réseau
2008-11-18 18:54 . 2008-10-01 22:20 <REP> d--h----- c:\documents and settings\Invité\Voisinage d'impression
2008-11-18 18:54 . 2008-10-01 22:20 <REP> d--h----- c:\documents and settings\Invité\Voisinage d'impression
2008-11-18 18:54 . 2008-10-26 09:36 <REP> d--h----- c:\documents and settings\Invité\Modèles
2008-11-18 18:54 . 2008-10-26 09:36 <REP> d--h----- c:\documents and settings\Invité\Modèles
2008-11-18 18:54 . 2008-11-18 18:55 <REP> dr------- c:\documents and settings\Invité\Mes documents
2008-11-18 18:54 . 2008-11-18 18:55 <REP> dr------- c:\documents and settings\Invité\Mes documents
2008-11-18 18:54 . 2008-10-01 22:20 <REP> dr------- c:\documents and settings\Invité\Menu Démarrer
2008-11-18 18:54 . 2008-10-01 22:20 <REP> dr------- c:\documents and settings\Invité\Menu Démarrer
2008-11-18 18:54 . 2008-11-18 18:54 <REP> dr------- c:\documents and settings\Invité\Favoris
2008-11-18 18:54 . 2008-11-18 18:54 <REP> dr------- c:\documents and settings\Invité\Favoris
2008-11-18 18:54 . 2008-10-01 22:20 <REP> d-------- c:\documents and settings\Invité\Bureau
2008-11-18 18:54 . 2008-10-01 22:20 <REP> d-------- c:\documents and settings\Invité\Bureau
2008-11-18 18:54 . 2008-12-12 22:51 <REP> d-------- c:\documents and settings\Invité
2008-11-16 12:01 . 2008-11-16 12:01 <REP> d-------- c:\program files\Fichiers communs\Ahead
2008-11-16 12:01 . 2008-11-16 12:01 <REP> d-------- c:\program files\Ahead
2008-11-16 12:01 . 2006-01-12 15:40 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-16 12:01 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2008-11-16 12:01 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-16 12:01 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2008-11-14 17:25 . 2008-11-14 17:59 <REP> d-------- c:\program files\Thoosje Sidebar V2.3
2008-11-13 19:44 . 2008-11-13 19:44 244 --ah----- C:\sqmnoopt07.sqm
2008-11-13 19:44 . 2008-11-13 19:44 232 --ah----- C:\sqmdata07.sqm
2008-11-13 18:02 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\DllCache\msxml3.dll
2008-11-13 18:02 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\DllCache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 16:37 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-12 22:21 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-12 10:40 --------- d-----w c:\program files\BankPerfect
2008-12-11 22:47 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-11 22:14 --------- d-----w c:\program files\eMule
2008-12-11 22:04 --------- d-----w c:\program files\adslTV
2008-11-30 19:09 --------- d-----w c:\program files\QuickTime
2008-11-30 19:09 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-29 23:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-29 08:24 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-28 20:06 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2008-11-27 17:48 --------- d-----w c:\program files\Ubisoft
2008-11-16 10:46 --------- d-----w c:\program files\Fichiers communs\Nero
2008-11-16 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-12 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-11 18:01 --------- d-----w c:\program files\Présentations_chimico
2008-11-11 13:18 --------- d-----w c:\program files\Simon Tools
2008-11-11 09:30 --------- d-----w c:\program files\Bit Che
2008-11-11 09:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\Convivea
2008-11-10 16:59 --------- d-----w c:\program files\Nero
2008-11-09 21:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\iolo
2008-11-09 21:36 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2008-11-09 21:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 20:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\NeroDCTemplates
2008-11-08 19:21 --------- d-----w c:\documents and settings\Administrateur\Application Data\Nero
2008-11-08 18:50 --------- d-----w c:\program files\Fichiers communs\LightScribe
2008-11-08 18:19 --------- d-----w c:\program files\Stickies
2008-11-07 20:12 --------- d-----w c:\program files\%systemdir%
2008-11-06 19:45 --------- d-----w c:\program files\EA Sports
2008-11-04 20:18 --------- d-----w c:\program files\Driver-Soft
2008-11-03 17:48 --------- d-----w c:\documents and settings\Administrateur\Application Data\HP
2008-11-01 19:29 --------- d-----w c:\documents and settings\Administrateur\Application Data\Thunderbird
2008-10-30 17:24 96,320 ----a-w c:\windows\system32\drivers\snapman.sys
2008-10-30 17:24 30,688 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-10-30 17:24 249,152 ----a-w c:\windows\system32\drivers\timntr.sys
2008-10-30 17:23 --------- d-----w c:\program files\Micro Application
2008-10-30 17:23 --------- d-----w c:\program files\Fichiers communs\Micro Application
2008-10-30 17:23 --------- d-----w c:\program files\Fichiers communs\Acronis
2008-10-29 20:33 --------- d-----w c:\program files\CDBurnerXP
2008-10-29 20:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\Canneverbe_Limited
2008-10-29 19:19 --------- d-----w c:\program files\Bonjour
2008-10-29 18:33 --------- d-----w c:\program files\Reference Assemblies
2008-10-29 18:33 --------- d-----w c:\program files\MSBuild
2008-10-27 20:17 --------- d-----w c:\program files\Apple Software Update
2008-10-27 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-27 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-27 19:23 --------- d-----w c:\program files\Windows Defender
2008-10-26 20:03 --------- d-----w c:\program files\Ares
2008-10-26 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom
2008-10-26 11:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\TomTom
2008-10-26 09:42 --------- d-----w c:\program files\MSXML 4.0
2008-10-26 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-24 20:26 --------- d-----w c:\program files\Windows Live
2008-10-24 20:22 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-10-24 11:55 --------- d-----w c:\program files\Google
2008-10-24 11:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-24 11:46 --------- d-----w c:\program files\Picasa2
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-01 19:42 315,392 ----a-w c:\windows\HideWin.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=fbyxvl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 25088 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-09-17 23:55 13574144 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-10 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-24 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-24 20560]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-10-01 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc56860c-a343-11dd-a2bb-0022153c6556}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-e0e3e28b - c:\windows\system32\ikgewenw.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\225lal2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 21:56:46
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\relog_ap.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\WgaTray.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-13 21:57:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-13 20:57:31
Avant-CF: 78 056 534 016 octets libres
Après-CF: 77,986,488,320 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
284 --- E O F --- 2008-12-09 11:57:12