Se connecter / S'enregistrer
Votre question

Rapport de Combofix

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Avril 2009 02:20:03

Voici un rapport de Combofix j'ai besoin d'aide d'un pro pour supprimer d'éventuels virus présent dans mon PC merci d'avance



ComboFix 09-04-28.02 - Administrateur 29/04/2009 0:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.958.576 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090428-0] *On-access scanning disabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Administrateur\Application Data\.#
c:\documents and settings\Administrateur\Application Data\.#\MBX@1B0@3941E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@1B0@394218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@1B0@394248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@228@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@228@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@228@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@688@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@688@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@688@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@6C8@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@6C8@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@6C8@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@79C@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@79C@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@79C@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@868@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@868@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@868@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@990@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@990@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@990@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@9EC@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@9EC@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@9EC@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@A04@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@A04@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@A04@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@A58@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@A58@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@A58@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@AC0@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@AC0@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@AC0@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@BE0@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@BE0@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@BE0@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@CA0@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@CA0@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@CA0@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@D9C@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@D9C@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@D9C@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@EE0@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@EE0@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@EE0@B24248.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@F1C@B241E8.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@F1C@B24218.###
c:\documents and settings\Administrateur\Application Data\.#\MBX@F1C@B24248.###
c:\windows\system32\mpg4c32.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-4-28 ))))))))))))))))))))))))))))))))))))
.

2009-04-28 22:46 . 1999-06-15 10:31 96768 ----a-w c:\windows\SlantAdj.dll
2009-04-28 22:46 . 1999-04-26 23:17 3136 ----a-w c:\windows\Ade001.bin
2009-04-28 22:46 . 1999-12-07 01:03 73216 ----a-w c:\windows\ADE.DLL
2009-04-28 22:46 . 2009-04-28 22:50 -------- d-----w c:\program files\Smart Panel
2009-04-28 22:40 . 2003-06-30 23:00 22528 ----a-w c:\windows\system32\esccmd.dll
2009-04-28 22:40 . 2003-06-30 23:00 46080 ----a-w c:\windows\system32\escimgd.dll
2009-04-28 22:40 . 2003-08-05 23:00 29184 ----a-w c:\windows\system32\escwiadn.dll
2009-04-28 22:09 . 2009-04-28 22:09 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-28 19:24 . 2009-04-28 19:24 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\BVRP Software
2009-04-28 19:22 . 2009-04-28 20:29 -------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-04-28 19:20 . 2009-04-28 19:20 -------- d-----w c:\program files\Motorola
2009-04-21 17:30 . 2001-08-23 16:04 12288 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-04-21 17:30 . 2001-08-17 21:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-21 07:57 . 2009-04-21 07:57 -------- d-----w c:\documents and settings\Administrateur\Application Data\iLike
2009-04-19 17:39 . 2009-04-19 19:02 -------- d-----w c:\windows\system32\NtmsData
2009-04-18 22:04 . 2009-04-21 07:58 65536 ----a-w c:\windows\IFinst27.exe
2009-04-18 20:42 . 2009-04-20 10:30 -------- d-----w c:\documents and settings\Administrateur\Application Data\IDM
2009-04-18 20:42 . 2009-04-28 22:37 -------- d-----w c:\documents and settings\Administrateur\Application Data\DMCache
2009-04-18 11:29 . 2008-11-19 08:41 16640 ----a-w c:\windows\system32\drivers\WsAudioDevice_383.sys
2009-04-16 19:37 . 2009-04-16 19:37 -------- d-----w c:\documents and settings\Administrateur\Application Data\GlarySoft
2009-04-16 15:41 . 2009-04-16 19:14 -------- d-----w c:\windows\BDOSCAN8
2009-04-14 12:42 . 2006-11-03 09:59 48128 ----a-w c:\windows\system32\Remove.exe
2009-04-14 12:42 . 2009-04-14 12:42 -------- d-----w c:\windows\PixArt
2009-04-14 12:42 . 2009-04-14 12:42 -------- d-----w c:\program files\Fichiers communs\PAC207
2009-04-14 12:42 . 2009-04-14 12:42 -------- d-----w c:\program files\PC Camera
2009-04-14 12:36 . 2009-04-14 12:36 -------- d-----w c:\windows\PAC207
2009-04-14 12:35 . 2006-12-05 10:34 507136 ----a-w c:\windows\system32\drivers\PFC027.SYS
2009-04-13 21:41 . 2007-06-01 17:02 258048 ----a-w c:\windows\system32\s3iset32_2_00_58.dll
2009-04-13 21:41 . 2007-05-22 15:54 1769472 ----a-r c:\windows\system32\VTROM.bin
2009-04-13 21:41 . 2008-10-10 15:12 161280 ----a-w c:\windows\system32\drivers\ucb_xp32.sys
2009-04-13 21:39 . 2002-12-24 12:52 39040 ----a-w c:\windows\system32\drivers\ousbehci.sys
2009-04-13 21:39 . 2002-12-24 12:52 54016 ----a-w c:\windows\system32\drivers\ousb2hub.sys
2009-04-13 21:39 . 2009-04-13 21:39 -------- d-----w c:\windows\Drivers
2009-04-13 14:50 . 2009-04-13 15:38 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-13 14:18 . 2009-04-13 14:18 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-04-13 14:18 . 2009-04-13 14:18 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\eSupport.com
2009-04-13 13:24 . 2004-06-14 13:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-04-09 12:19 . 2008-05-08 17:56 2097152 ----a-w c:\temp\autorun.bin
2009-04-09 12:19 . 2008-05-20 09:59 1570816 ----a-w c:\temp\TSDNWIN.exe
2009-04-09 12:18 . 2008-12-16 14:48 21144 ----a-w c:\windows\system32\drivers\xfilt.sys
2009-04-08 21:59 . 2006-10-27 15:26 69632 ----a-w c:\windows\system32\vuins32.dll
2009-04-08 21:55 . 2009-04-08 21:55 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-04-05 17:01 . 2004-08-03 22:53 97280 ----a-w c:\windows\system32\dllcache\dpcdll.dll
2009-04-05 17:01 . 2009-04-09 13:25 -------- d-----w c:\windows\l2schemas
2009-04-05 17:01 . 2009-04-09 13:26 -------- d-----w c:\windows\system32\fr
2009-04-05 17:01 . 2009-04-09 13:26 -------- d-----w c:\windows\system32\bits
2009-04-05 16:53 . 2004-08-03 22:54 39424 ----a-w c:\windows\system32\dllcache\cfgbkend.dll
2009-04-02 13:43 . 2009-04-02 13:43 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Sun
2009-04-02 11:18 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-04-01 21:04 . 2009-04-01 21:04 -------- d-----w c:\program files\Fichiers communs\Java
2009-04-01 19:32 . 2009-04-01 19:32 -------- d-----w c:\documents and settings\NetworkService\Bureau
2009-03-31 13:09 . 2009-03-31 13:09 -------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-03-31 11:09 . 2009-03-31 11:09 -------- d-----w c:\documents and settings\Rasmol
2009-03-31 11:09 . 1996-09-25 13:33 284064 ----a-w c:\documents and settings\Rasmol\RASWIN.EXE
2009-03-30 18:23 . 2003-06-23 01:44 1415680 ----a-w c:\windows\system32\WMV9VCM.dll
2009-03-30 18:23 . 2001-05-16 15:54 309616 ----a-w c:\windows\system32\WMV8DMOD.DLL
2009-03-30 18:23 . 2002-01-05 12:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-03-30 18:23 . 2001-09-17 12:20 19968 ----a-w c:\windows\system32\cpuinf32.dll
2009-03-30 17:55 . 2009-03-30 18:46 10 ----a-w c:\windows\evypaths.bin
2009-03-30 17:43 . 2009-03-30 17:43 -------- d-----w c:\documents and settings\Administrateur\WINDOWS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 22:50 . 2009-01-18 12:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-28 22:49 . 2009-01-18 17:58 -------- d-----w c:\program files\epson
2009-04-28 16:00 . 2009-01-18 18:44 37640 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 15:28 . 2009-01-19 05:59 737280 ----a-w c:\windows\iun6002.exe
2009-04-18 07:21 . 2001-08-24 12:00 500872 ----a-w c:\windows\system32\perfh00C.dat
2009-04-18 07:21 . 2001-08-24 12:00 80748 ----a-w c:\windows\system32\perfc00C.dat
2009-04-16 12:57 . 2009-01-18 20:12 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-16 12:49 . 2009-01-18 16:53 -------- d-----w c:\program files\Foxit Software
2009-04-16 12:43 . 2009-01-18 16:59 -------- d-----w c:\program files\Java
2009-04-13 14:22 . 2009-01-18 20:24 -------- d-----w c:\program files\Google
2009-04-09 13:25 . 2009-01-18 11:58 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 15:48 . 2009-01-19 05:58 -------- d-----w c:\program files\Athan
2009-04-01 20:23 . 2009-01-27 18:06 290816 ------w c:\windows\Setup1.exe
2009-03-29 18:22 . 2009-03-29 18:22 -------- d-----w c:\program files\Supersonic Download Accelerator
2009-03-28 17:05 . 2009-03-28 17:05 -------- d-----w c:\program files\PDFtoWordConverterTrial
2009-03-26 12:45 . 2009-03-26 12:45 -------- d-----w c:\program files\uTorrent
2009-03-26 12:35 . 2009-02-17 22:00 165237 ----a-w c:\windows\Zac Browser Francais Uninstaller.exe
2009-03-20 13:27 . 2009-03-20 13:27 45 ---h--w c:\windows\dsez8401.dat
2009-03-16 12:13 . 2009-03-16 12:13 -------- d-----w c:\program files\BearShare Applications
2009-03-09 04:19 . 2009-01-18 16:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-16 22:07 . 2009-02-16 22:07 30816 ---ha-w c:\windows\system32\mlfcache.dat
2009-02-08 13:29 . 2009-02-18 22:38 303104 ----a-w c:\windows\Uninstall_tkexe.exe
2009-02-06 18:39 . 2009-02-06 18:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-02 16:12 . 2009-01-23 12:59 74752 ------w c:\windows\ST6UNST.EXE
2009-02-01 11:49 . 2009-02-01 11:49 37080 ----a-w c:\documents and settings\aniche\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2004-08-18 07:09 359040 7B11118B078B88F87183FE69EDA43137 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-19 185872]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Athan"="d:\program files\Athan\Athan.exe" [2009-01-18 1081344]
"CTFMON"="c:\windows\system32\wscript.exe" [2004-08-03 114688]
"EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2009-1-18 929870]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"NoTaskGrouping"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Photo Gallery\\WLXPhotoGallery.exe"=
"c:\\Program Files\\TuneUp Utilities 2009\\DiskDoctor.exe"=
"c:\\Program Files\\TuneUp Utilities 2009\\DiskExplorer.exe"=
"c:\\Program Files\\TuneUp Utilities 2009\\Integrator.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 gupdate1c9bc411413ae20;Google Update Service (gupdate1c9bc411413ae20);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
R3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-12-16 21144]
S1 aswSP;avast! Self Protection; [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe [2004-08-03 14336]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-18 603904]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\pfc027.sys [2006-12-05 507136]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-10-17 532480]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c39c86a-164d-11de-8e8c-007304468464}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40255895-f42f-11dd-8dd1-007304468464}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46d75e10-3271-11de-a158-007304468464}]
\Shell\AutoRun\command - f.bat
\Shell\explore\Command - f.bat
\Shell\open\Command - f.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bdb6015-0be0-11de-8e52-007304468464}]
\Shell\1\Command - Recycled.exe
\Shell\2\Command - Recycled.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8031a4d2-e78d-11dd-8d82-007304468464}]
\Shell\AUtOplay\Command - byido.pif
\Shell\AutoRun\command - byido.pif
\Shell\explORE\ComManD - byido.pif
\Shell\OPeN\COmmaND - byido.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a30d3c27-f53f-11dd-8ddb-007304468464}]
\Shell\AUtopLAy\CoMMaNd - mxnd.exe
\Shell\AutoRun\command - mxnd.exe
\Shell\exploRE\CommANd - mxnd.exe
\Shell\oPen\CoMmanD - mxnd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a953c777-284e-11de-a11b-007304468464}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
\Shell\Explore\command - explorer.exe
\Shell\Open\command - explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6798580-e615-11dd-8d7e-007304468464}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
\Shell\Explore\command - explorer.exe
\Shell\Open\command - explorer.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-25 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-regdiit - c:\windows\system32\winxp.exe
Notify-dimsntfy - (no file)


.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with SupersonicDownloadAccelerator! - d:\program files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - d:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: free.fr\d.ruze
Trusted Zone: google.fr\picasaweb
TCP: {7CF37B6F-99D5-4245-B6BE-282C1CB41CBB} = 41.221.20.4 193.251.169.165
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\glny4yc8.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - component: c:\documents and settings\Administrateur\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\glny4yc8.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\ma-config.com\nphardwaredetection.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 00:16
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1390067357-57989841-839522115-500\Software\Microsoft\Windows\CurrentVersion\UnreadMail\ajjagou@hotmail.fr]
@Denied: (Full) (Administrator)
"MessageCount"=dword:00000000
"TimeStamp"=hex:98,47,27,b9,64,8d,c9,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-1390067357-57989841-839522115-500\Software\Microsoft\Windows\CurrentVersion\UnreadMail\aniche93@hotmail.com]
@Denied: (Full) (Administrator)
"MessageCount"=dword:00000000
"TimeStamp"=hex:9c,90,71,af,df,89,c9,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-1390067357-57989841-839522115-500\Software\Microsoft\Windows\CurrentVersion\UnreadMail\argaz5591@hotmail.com]
@Denied: (Full) (Administrator)
"MessageCount"=dword:00000000
"TimeStamp"=hex:1e,8d,73,28,71,81,c9,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-1390067357-57989841-839522115-500\Software\Microsoft\Windows\CurrentVersion\UnreadMail\argaz5591@hotmail.fr]
@Denied: (Full) (Administrator)
"MessageCount"=dword:00000000
"TimeStamp"=hex:88,20,a4,27,71,81,c9,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-1390067357-57989841-839522115-500\Software\Microsoft\Windows\CurrentVersion\UnreadMail\mela-2891@hotmail.com]
@Denied: (Full) (Administrator)
"MessageCount"=dword:00000000
"TimeStamp"=hex:e6,45,48,49,1c,8d,c9,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-1390067357-57989841-839522115-500\Software\Microsoft\Windows\CurrentVersion\UnreadMail\simma1986@hotmail.fr]
@Denied: (Full) (Administrator)
"MessageCount"=dword:00000000
"TimeStamp"=hex:32,a4,81,4d,d9,8d,c9,01
"Application"="http://www.hotmail.com/"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{13a691b9-e8c6-4592-8bd2-0b1dbdf9e707}]
@Denied: (Full) (Everyone)
"Model"=dword:00000075
"Therad"=dword:0000000b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ad,14,46,39,9f,0e,36,0e,fc,dd,37,a7,93,10,d5,03,1b,44,2a,28,36,
44,2d,1d,18,b8,fe,d2,d9,12,7a,e5,ff,1b,d8,91,f0,7a,3d,a7,00,00,00,00,00,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1048)
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\browselc.dll
d:\program files\Internet Download Manager\IDMIECC.dll
d:\program files\Spybot - Search & Destroy\SDHelper.dll
d:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\documents and settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-04-28 0:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-28 23:17

Avant-CF: 77 075 828 736 octets libres
Après-CF: 77 335 896 064 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
387
pport

Autres pages sur : rapport combofix

a c 267 8 Sécurité
29 Avril 2009 11:03:55

Bonjour,

  • Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    29 Avril 2009 18:52:29

    Salut et un grand merci pour votre aide précieuse voila le rapport de Usbfix




    ############################## [ UsbFix V3.014 ]

    # User : Administrateur (Administrateurs) # ORDI-XPSP2
    # Update on 27/04/09 by C_XX & Chiquitine29
    # Start at: 17:47:59 | 29/04/2009

    # Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    # Internet Explorer 7.0.5730.13
    # Windows Firewall Status : Disabled
    # AV : avast! antivirus 4.8.1335 [VPS 090428-0] 4.8.1335 [ Enabled | Updated ]

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 80,4 Go (71,98 Go free) # NTFS
    # D:\ # Disque fixe local # 72,98 Go (72,68 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque amovible # 123 Mo (120,01 Mo free) [ANICHE] # FAT32

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    D:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
    HKCU_Main: "Window Title"=""
    HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    HKLM_logon: "DefaultUserName"=""
    HKLM_logon: "AltDefaultUserName"="Administrateur"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    HKLM_Run: Monitor=C:\WINDOWS\PixArt\PAC207\Monitor.exe
    HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
    HKLM_Run: Athan=D:\Program Files\Athan\Athan.exe
    HKLM_Run: EPSON Stylus CX3600 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    HKCU_Run: SpybotSD TeaTimer=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    ################## [ Informations ]

    # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

    ################## [ Fichiers # Dossiers infectieux ]


    ################## [ Registre # Clés Run infectieuses ]


    ################## [ Registre # Mountpoints2 ]

    # -> Not Found !

    ################## [ ! Fin du rapport # UsbFix V3.014 ! ]

    a c 267 8 Sécurité
    29 Avril 2009 18:54:22

    Tu as fait l'option 2 d'après ce que je vois ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS