Se connecter / S'enregistrer
Votre question

Menace ineffaçable

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Juillet 2011 21:23:51

Bonjour à tous,

il y a quelques jours mon ordinateur m'a affiché un message d'avertissement de virus détecté et pour lequel j'ai choisi l'option supprimer.
Sauf que maintenant, à chaque redémarrage le virus est encore présent.
J'ai utilisé hijackthis qui me donne le résultat suivant :


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:35:25, on 06/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
c:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Admin\Application Data\Microsoft\conhost.exe
C:\Documents and Settings\Admin\Application Data\dwm.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\csrss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Mes documents\Mes images\TomsDownloader15149.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\TomsDownloader15149.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USREL/7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:64242
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\DOCUME~1\Admin\LOCALS~1\Temp\csrss.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\Admin\Application Data\Microsoft\conhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = scd.univ-metz.fr
O17 - HKLM\Software\..\Telephony: DomainName = scd.univ-metz.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = scd.univ-metz.fr
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - c:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://www.ocsinventory-ng.org - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - c:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - c:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r213367\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 16398 bytes




Pouvez vous m'aider à supprimer durablement cette menace ?

Cordialement,

CB.

Autres pages sur : menace ineffacable

6 Juillet 2011 21:27:58

Bonsoir
Citation :
F3 - REG:win.ini: load=C:\DOCUME~1\Admin\LOCALS~1\Temp\csrss.exe


on va virer ça:

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
  • Poste ce rapport.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.

    +++
    ++++++++
    7 Juillet 2011 20:53:42

    Bonjour Sham_rock,


    merci de ton aide. Voici le rapport de mbam.


    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Version de la base de données: 7043

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    07/07/2011 20:53:29
    mbam-log-2011-07-07 (20-53-29).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 235847
    Temps écoulé: 50 minute(s), 35 seconde(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 13

    Processus mémoire infecté(s):
    c:\documents and settings\Admin\application data\microsoft\conhost.exe (Backdoor.Bot) -> 1876 -> Unloaded process successfully.
    c:\documents and settings\Admin\application data\dwm.exe (Backdoor.Bot) -> 5100 -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\DOCUME~1\Admin\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Documents and Settings\Admin\Local Settings\Temp\csrss.exe (Backdoor.Bot) -> Delete on reboot.
    c:\documents and settings\Admin\application data\microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:\documents and settings\Admin\application data\dwm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:\documents and settings\admin\application data\adobe\plugs\mmc23538140.txt (Trojan.Backdoor.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\Admin\application data\Sun\Java\deployment\cache\6.0\3\3a9e2983-6f685670 (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\Admin\local settings\Temp\0.5197598172717809.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{7f06edf5-c529-4657-a0a2-a39c96fde661}\RP4\A0000136.exe (Trojan.Backdoor.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{7f06edf5-c529-4657-a0a2-a39c96fde661}\RP5\A0001171.exe (Trojan.Backdoor.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{7f06edf5-c529-4657-a0a2-a39c96fde661}\RP5\A0001172.exe (Trojan.Backdoor.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{7f06edf5-c529-4657-a0a2-a39c96fde661}\RP5\A0001187.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:\documents and settings\Admin\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\Admin\application data\Adobe\plugs\mmc12.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\Admin\application data\Adobe\plugs\mmc20.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.



    Cordialement,

    CB.
    Contenus similaires
    7 Juillet 2011 21:41:16

    Bonsoir
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>
    13 Juillet 2011 13:53:02

    Bonjour,

    je pensais pas que ça serait aussi compliqué. Merci de ton aide.
    Je copie/colle le rapport de Combofix.


    ComboFix 11-07-12.09 - Admin 13/07/2011 13:40:29.1.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2003.799 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Admin\Application Data\Adobe\plugs
    c:\documents and settings\Admin\Application Data\Adobe\plugs\mmc12
    c:\documents and settings\Admin\Application Data\Adobe\shed
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-06-13 au 2011-07-13 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-07-12 17:42 . 2011-07-12 17:50 -------- d-----w- C:\Fraps
    2011-07-12 15:55 . 2011-07-12 15:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
    2011-07-09 14:47 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2011-07-09 14:47 . 2008-04-13 17:33 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2011-07-09 14:47 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-07-09 14:47 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-07-07 17:55 . 2011-07-07 17:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
    2011-07-07 17:55 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-07 17:55 . 2011-07-07 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-07-07 17:55 . 2011-07-07 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-07-07 17:55 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-05 17:03 . 2011-07-13 10:57 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
    2011-07-04 20:12 . 2011-07-04 20:12 -------- d-----w- c:\documents and settings\Admin\Application Data\FastStone
    2011-07-04 20:12 . 2011-07-04 20:12 -------- d-----w- c:\program files\FastStone Capture
    2011-07-04 18:41 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2011-07-04 18:41 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2011-07-04 18:41 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
    2011-07-04 18:41 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
    2011-07-04 18:41 . 1998-07-13 00:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2011-07-04 18:41 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2011-07-04 18:41 . 2011-07-04 18:42 -------- d-----w- c:\program files\PDFCreator
    2011-07-04 18:41 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
    2011-07-04 18:41 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
    2011-07-03 20:29 . 2011-07-03 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\oH00000NeMdK00000
    2011-07-03 20:29 . 2011-07-03 20:29 -------- d-----w- c:\windows\Sun
    2011-07-03 14:35 . 2011-07-03 14:35 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org
    2011-07-03 14:15 . 2001-10-20 09:00 5632 ----a-w- c:\windows\system32\kbdth1.dll
    2011-07-03 14:12 . 2011-07-03 14:12 5632 -c--a-w- c:\windows\system32\dllcache\kbdth0.dll
    2011-07-03 14:12 . 2011-07-03 14:12 5632 ----a-w- c:\windows\system32\kbdth0.dll
    2011-07-03 14:04 . 2011-07-03 14:04 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
    2011-07-03 14:04 . 2011-07-03 14:04 6144 ----a-w- c:\windows\system32\ftlx041e.dll
    2011-07-03 13:55 . 2011-07-03 16:30 -------- d-----w- c:\program files\MSECache
    2011-07-03 13:08 . 2011-07-13 10:58 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
    2011-07-02 18:50 . 2011-07-02 18:50 -------- d-----w- c:\documents and settings\Admin\Public
    2011-07-02 18:33 . 2011-07-02 18:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Wifirst
    2011-07-02 18:33 . 2011-07-02 18:33 -------- d-----w- c:\program files\wiLink
    2011-07-02 09:59 . 2011-07-02 09:59 -------- d-----w- c:\documents and settings\Etudiant\Local Settings\Application Data\Adobe
    2011-06-30 17:04 . 2011-06-30 22:09 -------- d-----w- c:\documents and settings\Etudiant\Application Data\Skype
    2011-06-30 17:03 . 2011-07-09 15:32 -------- d-----w- c:\documents and settings\Etudiant\Tracing
    2011-06-30 16:59 . 2011-06-30 16:59 -------- d-----w- c:\documents and settings\Etudiant\Application Data\Apple Computer
    2011-06-29 16:13 . 2011-06-29 16:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-28 19:15 . 2011-07-04 17:30 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
    2011-06-28 19:13 . 2011-06-28 19:15 -------- d-----r- c:\program files\Skype
    2011-06-28 19:13 . 2011-06-28 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2011-06-28 16:16 . 2011-06-28 16:16 84621672 ----a-w- c:\program files\Fichiers communs\Windows Live\.cache\wlc62.tmp
    2011-06-28 15:46 . 2011-07-12 23:57 -------- d-----w- c:\documents and settings\Admin\Tracing
    2011-06-27 20:06 . 2011-06-27 20:06 -------- d-----w- c:\windows\Philips
    2011-06-27 20:06 . 2011-06-27 20:06 -------- d-----w- c:\program files\Philips
    2011-06-27 20:06 . 2008-01-04 08:25 135680 ----a-w- c:\windows\system32\SPC230NC.AX
    2011-06-27 20:06 . 2007-12-31 14:19 461056 ----a-w- c:\windows\system32\drivers\SPC230NC.SYS
    2011-06-27 20:06 . 2007-11-02 09:07 6656 ----a-w- c:\windows\system32\CoInst.dll
    2011-06-27 20:06 . 2007-09-26 12:28 8576 ----a-w- c:\windows\system32\drivers\PAEAFLT.sys
    2011-06-27 20:00 . 2008-04-13 09:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-06-27 20:00 . 2008-04-13 09:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2011-06-24 22:27 . 2011-06-24 22:27 -------- d-----w- c:\windows\ServicePackFiles
    2011-06-24 20:50 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2011-06-24 20:50 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-06-24 20:48 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-06-24 20:47 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-06-24 20:45 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-24 20:37 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-13 11:46 . 2009-11-05 14:22 0 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\WavXMapDrive.bat
    2011-07-09 15:32 . 2009-11-05 14:42 0 ----a-w- c:\documents and settings\Etudiant\Local Settings\Application Data\WavXMapDrive.bat
    2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\system32\frapsvid.dll
    2011-05-02 15:31 . 2008-04-25 17:59 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-05-02 13:09 . 2011-05-02 13:09 330 ------w- C:\BaseRegistres.reg
    2011-04-29 17:25 . 2008-04-25 12:46 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2008-04-25 12:46 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:06 . 2008-04-25 12:46 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:06 . 2008-04-25 12:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:06 . 2008-04-25 12:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2008-04-25 12:46 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2008-04-25 12:46 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2009-03-23 22:10 . 2009-11-18 15:19 217600 ----a-w- c:\program files\wsname.exe
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-06-11 17:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-06-11 17:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-11 656384]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
    "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-05-29 52840]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-12-19 125736]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-11-04 198160]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
    "SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
    .
    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1253152]
    TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2011-6-27 241664]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\wiLink\\bin\\wiLink.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:D isabled:Gestion à distance de Windows
    .
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [15/05/2009 18:33 1803512]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [27/04/2009 14:40 293968]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [16/07/2009 13:04 376096]
    R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [16/04/2009 16:24 69632]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [24/10/2009 17:17 112512]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [24/06/2011 23:13 105592]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [24/10/2009 17:17 109568]
    R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [27/06/2011 22:06 8576]
    R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [27/06/2011 22:06 461056]
    R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [24/10/2009 08:57 232744]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/11/2009 19:17 135664]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04/11/2009 19:17 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07/07/2011 19:55 39984]
    S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [19/12/2007 13:28 120104]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25/04/2008 14:46 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc40ac5577e498.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 17:17]
    .
    2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc40ac557f0ba6.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 17:17]
    .
    2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{27890ECF-218C-4BC8-8066-10D106242D0D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{9D2D0F40-D539-4382-971A-A51C891A4DCC}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 212.27.40.241 212.27.40.242
    FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\jj3stung.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 64242
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-13 13:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(964)
    c:\windows\System32\TdmNetworkProvider.dll
    c:\windows\System32\WCR10.dll
    c:\windows\system32\NetProvCredMan.dll
    .
    - - - - - - - > 'explorer.exe'(4772)
    c:\windows\system32\igfxdo.dll
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\xpsp3res.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    c:\program files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\drivers\audio\r213367\stacsv.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\windows\system32\wscntfy.exe
    c:\program files\Symantec AntiVirus\DoScan.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\SearchProtocolHost.exe
    c:\windows\system32\SearchFilterHost.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-07-13 13:50:29 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-07-13 11:50
    .
    Avant-CF: 128 755 970 048 octets libres
    Après-CF: 128 836 198 400 octets libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
    .
    - - End Of File - - F74063ACEA79E7ACD8B4FFD885B31B72



    Cordialement,

    CB.
    16 Juillet 2011 18:41:37

    Bonjour,

    je me permets ce petit up car je n'ai pas de réponses et cela m'inquiète un peu.
    Quelqu'un saurait il me dire si le rapport de combofix est rassurant ou s'il y a encore une manip à faire pour finir de nettoyer mon ordinateur ?

    Merci de vos réponses.

    Cordialement,

    CB.
    18 Juillet 2011 16:59:27

    SALUT ,

    il faut que tu attendes le retour de sham rock. bye
    18 Juillet 2011 20:37:57

    Salut,

    Merci de l'info. Je vais donc attendre patiemment son retour.

    à bientôt,

    CB.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS