Votre question

Interpretation Combofix + autres suppressions : msconfig.exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Septembre 2009 21:46:05

Bonjour,

J'ai utilisé par curiosité combofix. Je n'ai pas de problème apparent sur l'utilisation quotidienne de mon pc. cependant, combofix semble avoir trouvé certains pbs. Il a notamment supprimé msconfig.exe et sqlite3.dll.
Je n'ai pas redémarré encore, mais j'ai déja télécharger msconfig.exe depuis le site generation-nt et copié l'executable dans system32.

Un assistant du forum pourrait-il m'aider svp à interpréter le log de combofix ?

En vous remerciant.


Le log :

ComboFix 09-09-22.01 - Administrateur 22/09/2009 22:49.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.449 [GMT 4:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msconfig.exe
c:\windows\system32\sqlite3.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-22 au 2009-09-22 ))))))))))))))))))))))))))))))))))))
.

2009-09-09 06:33 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-05 04:37 . 2009-09-05 04:37 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Softexc.com
2009-09-05 04:34 . 2009-09-05 04:34 -------- d-----w- c:\program files\Business Objects
2009-09-05 04:34 . 2009-09-05 04:34 -------- d-----w- c:\program files\Fichiers communs\Business Objects
2009-09-05 04:33 . 2009-09-05 07:30 -------- d-----w- c:\program files\ExcIFC

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 15:40 . 2009-01-04 08:42 -------- d-----w- c:\program files\Syslogd
2009-09-22 15:40 . 2008-11-16 18:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-21 19:55 . 2008-11-04 15:09 -------- d-----w- c:\program files\MPlayer for Windows
2009-09-20 13:43 . 2008-11-09 12:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\.purple
2009-09-12 07:35 . 2008-11-01 18:05 66952 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 12:43 . 2009-07-14 09:30 -------- d-----w- c:\program files\JkDefrag
2009-09-11 11:02 . 2008-11-15 14:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\gtk-2.0
2009-08-24 12:57 . 2008-10-26 14:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-24 12:56 . 2008-11-09 12:25 -------- d-----w- c:\program files\Aspell
2009-08-24 12:51 . 2008-11-01 08:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-24 12:51 . 2008-11-01 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 12:49 . 2008-11-02 12:08 -------- d-----w- c:\program files\Diablo II
2009-08-22 06:57 . 2009-08-22 06:57 -------- d-----w- c:\program files\EASEUS
2009-08-21 07:14 . 2009-08-16 07:52 -------- d-----w- c:\program files\Mount&Blade
2009-08-17 16:10 . 2008-11-01 08:15 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-01 08:16 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-01 08:16 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-01 08:16 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-01 08:16 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-01 08:16 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-01 08:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-01 08:16 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-01 08:16 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-10 20:06 . 2008-10-26 15:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 06:17 . 2009-08-08 06:17 -------- d-----w- c:\program files\Klok
2009-08-07 17:35 . 2009-01-19 19:45 -------- d-----w- c:\program files\Trend Micro
2009-08-05 09:00 . 2008-05-02 22:57 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 16:36 . 2009-07-10 14:13 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-08-01 05:26 . 2009-07-11 07:48 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-07-26 09:50 . 2009-07-26 09:50 -------- d-----w- c:\program files\CCleaner
2009-07-25 13:12 . 2009-07-25 13:05 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mount&Blade
2009-07-25 06:24 . 2009-07-25 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-07-17 19:03 . 2008-05-02 22:57 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 14:35 . 2008-11-16 18:11 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-14 14:34 . 2008-11-16 18:11 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-14 14:34 . 2008-11-16 18:11 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-14 14:34 . 2008-11-16 18:11 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-13 19:43 . 2008-05-02 22:57 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 09:36 . 2009-07-17 07:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 09:36 . 2009-07-17 07:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 16:13 . 2008-05-02 22:57 828928 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:13 . 2008-05-02 22:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:13 . 2008-05-02 22:57 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:26 . 2008-05-02 22:57 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2008-05-02 22:57 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2008-05-02 22:57 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2008-05-02 22:57 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2008-05-02 22:57 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2008-05-02 22:57 301568 ----a-w- c:\windows\system32\kerberos.dll
.

------- Sigcheck -------


[-] 2008-05-02 . 22F702A6DCBDB4F7282C4B73B95EE4E4 . 2011136 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll


c:\windows\system32\drivers\beep.sys ... manque !!
c:\windows\system32\regsvc.dll ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"Aureon 5.1 USB"="c:\program files\TerraTec\Aureon 5.1 USB\AFUSBCP.EXE" [2004-10-27 401408]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2008-12-05 389808]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-06-25 1578736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13524992]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-14 1793808]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-04-11 1630208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-28 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-28 76304]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Stick.lnk - c:\program files\Stick\Stick.exe [2008-11-1 2732032]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check(3).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2009-3-13 131584]
Kiwi Syslog Daemon.lnk - c:\program files\Syslogd\Syslogd_Manager.exe [2008-12-3 1826816]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-20 805392]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-01 22:42 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0UDBDef C

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\PortableZMWS\\ZMWS\\ZazouMiniWebServer.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\PortableZMWS\\ZMWS\\mysql\\bin\\mysqld-max.exe"=
"c:\\Program Files\\Syslogd\\Syslogd_Service.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\FirstStrike.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\WordPressPortable\\WordPressPortable\\ZMWS\\mysql\\bin\\mysqld.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\WordPressPortable\\WordPressPortable\\ZMWS\\ZazouMiniWebServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [23/08/2009 18:04 28544]
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [03/05/2008 02:57 76208]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [03/05/2008 02:57 210224]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/11/2008 12:16 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [16/11/2008 22:11 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16/11/2008 22:11 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/11/2008 12:16 20560]
R2 Kiwi Syslog Daemon;Kiwi Syslog Daemon;c:\program files\Syslogd\Syslogd_Service.exe [03/12/2008 00:42 1851392]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [07/08/2009 21:35 582992]
R3 ausens;ausens;c:\windows\system32\drivers\ausens.sys [13/08/2003 16:33 404736]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [07/11/2007 00:22 34064]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [07/08/2009 21:35 206608]
R3 uafilter;uafilter;c:\windows\system32\drivers\UAFilter.sys [26/10/2008 19:12 9886]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [22/08/2009 10:58 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [22/08/2009 10:58 3072]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [07/08/2009 21:35 206608]
S3 XDva016;XDva016;\??\c:\windows\system32\XDva016.sys --> c:\windows\system32\XDva016.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-09-22 c:\windows\Tasks\SetStaticArp.job
- c:\documents and settings\Administrateur\Bureau\arpfreeze\arpfreeze\arpstaticscript.bat [2009-06-16 14:33]
.
.
------- Examen supplémentaire -------
.
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\94b7g7cd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\94b7g7cd.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\94b7g7cd.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 22:51
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\guard32.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1648)
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
.
Heure de fin: 2009-09-22 22:52
ComboFix-quarantined-files.txt 2009-09-22 18:52

Avant-CF: 37 056 004 096 octets libres
Après-CF: 37 020 659 712 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

215 --- E O F --- 2009-09-09 20:43

Autres pages sur : interpretation combofix suppressions msconfig exe

24 Septembre 2009 11:50:50

Je permets de rajouter pour les courageux helpers qui passent par là que ni avast ni MBAM ni PANDA online ne détectent de logiciels malveillants.

En fait une réponse pourrait me rassurer étant donné qu' à l'utilisation quotidienne de mon pc fixe je n'ai aucun pb.

Voici un log de hijackthis pour completer celui de combofix :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:36, on 24/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Syslogd\Syslogd_Service.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\TerraTec\Aureon 5.1 USB\AFUSBCP.EXE
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Syslogd\Syslogd_Manager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stick\Stick.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Aureon 5.1 USB] "C:\Program Files\TerraTec\Aureon 5.1 USB\AFUSBCP.EXE" /minimize
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stick.lnk = C:\Program Files\Stick\Stick.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Kiwi Syslog Daemon.lnk = C:\Program Files\Syslogd\Syslogd_Manager.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kiwi Syslog Daemon - Kiwi Enterprises - C:\Program Files\Syslogd\Syslogd_Service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

--
End of file - 6178 bytes


Merci d'avance
25 Septembre 2009 06:00:04

Je remonte ce post afin de ne pas tomber dans l'oubli.

En tt cas, c vrai qu'on ne devrait pas utiliser combofix sans l'aide d'un helper car j'ai l'impression de me faire du soucis pour rien maintenant. ( j'espère)

Si qqun a la gentillesse de me conseiller, merci encore.


26 Septembre 2009 08:50:20

dernier petit up svp
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS