Se connecter / S'enregistrer
Votre question

Virus cle usb,HDD ext.... "autorun"

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Décembre 2008 12:13:40

bonjour, mon HDD externe (et d'autre périphérique usb) est infecté par le fameux virus "autorun", quelqu'un pourais m'aider pour les choses à faire pour le suprimer?

Autres pages sur : virus cle usb hdd ext autorun

a b 8 Sécurité
23 Décembre 2008 17:18:12

Bonjour,

Branche tous tes périphériques infectés.

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    23 Décembre 2008 18:10:40

    ComboFix 08-12-21.04 - enfant 2008-12-23 18:00:37.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.627 [GMT 1:00]
    Lancé depuis: c:\documents and settings\enfant\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-22 23:11 . 2008-12-23 12:22 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-22 23:11 . 2008-12-22 23:11 1,409 --a------ c:\windows\QTFont.for
    2008-12-22 23:00 . 2008-12-22 23:00 <REP> d-------- c:\program files\Bonjour
    2008-12-22 22:50 . 2008-12-22 22:50 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
    2008-12-22 14:55 . 2008-12-22 14:55 <REP> d-------- c:\program files\uTorrent
    2008-12-22 14:55 . 2008-12-22 19:23 <REP> d-------- c:\documents and settings\enfant\Application Data\uTorrent
    2008-12-22 00:03 . 2008-12-22 00:03 528 -r-hs---- c:\windows\PCGWIN32.LI4
    2008-12-21 12:09 . 2008-12-21 12:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodata Limited
    2008-12-21 12:06 . 2008-12-21 12:06 <REP> d-------- c:\program files\Fichiers communs\Autodata Limited Shared
    2008-12-21 12:06 . 2008-12-21 12:06 <REP> d-------- C:\ADCDTEMP
    2008-12-21 12:06 . 2008-12-22 00:03 <REP> d-------- C:\ADCDA2
    2008-12-21 12:02 . 2008-12-21 12:02 <REP> d-------- c:\program files\PowerISO
    2008-12-12 22:47 . 2008-12-12 22:47 3,751,995 --a------ c:\windows\system32\GPhotos.scr
    2008-12-12 15:27 . 2008-12-12 15:27 <REP> d-------- c:\program files\Fichiers communs\PCSuite
    2008-12-12 15:26 . 2008-12-12 15:26 <REP> d-------- c:\program files\PC Connectivity Solution
    2008-12-12 15:26 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
    2008-12-09 11:43 . 2008-12-09 11:43 <REP> d-------- c:\documents and settings\All Users\Application Data\ArcSoft
    2008-12-03 13:07 . 2008-12-03 13:07 259 --a------ c:\windows\p
    2008-12-03 12:31 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
    2008-12-03 12:31 . 2008-12-03 12:31 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2008-12-03 12:31 . 2008-12-03 12:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
    2008-12-03 12:27 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
    2008-12-03 12:27 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
    2008-12-03 12:27 . 2008-09-15 08:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
    2008-12-03 12:27 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
    2008-12-03 12:27 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
    2008-12-03 12:27 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
    2008-12-03 12:26 . 2008-02-01 16:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys
    2008-12-03 12:26 . 2008-02-01 16:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys
    2008-12-03 12:19 . 2008-04-13 20:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
    2008-12-03 12:19 . 2008-04-13 20:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
    2008-12-03 12:19 . 2008-12-03 12:19 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-12-03 12:19 . 2008-12-03 12:19 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-12-02 19:21 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-23 16:48 --------- d-----w c:\program files\Mozilla Thunderbird
    2008-12-22 22:01 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-12-22 18:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-22 18:25 --------- d-----w c:\program files\CCleaner
    2008-12-20 16:47 --------- d-----w c:\program files\Java
    2008-12-20 12:41 --------- d-----w c:\program files\SpywareBlaster
    2008-12-19 06:58 --------- d-----w c:\program files\Google
    2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-12-12 14:27 --------- d-----w c:\program files\Nokia
    2008-12-12 14:27 --------- d-----w c:\program files\Fichiers communs\Nokia
    2008-12-12 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
    2008-12-09 10:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-12-03 11:29 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
    2008-11-15 14:20 91,744 ----a-w c:\windows\BPMNT.dll
    2008-11-15 14:20 1,213,784 ----a-w c:\windows\vsapi32.dll
    2008-11-15 14:18 71,749 ----a-w c:\windows\hcextoutput.dll
    2008-11-15 14:18 348,229 ----a-w c:\windows\tsc.exe
    2008-11-15 14:16 69,689 ----a-w c:\windows\UNZIP.DLL
    2008-11-15 14:16 507,904 ----a-w c:\windows\TMUPDATE.DLL
    2008-11-15 14:16 286,720 ----a-w c:\windows\PATCH.EXE
    2008-11-10 11:46 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-01-10 19:07 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
    "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-27 86016]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-02 185632]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 c:\windows\system32\CHDAudPropShortcut.exe]
    "nwiz"="nwiz.exe" [2006-09-27 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-08-03 102400]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
    --a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    --a------ 2008-10-02 07:00 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-11-02 18:20 185632 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 09:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-03 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-03 8320]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a138de-d056-11dd-81ba-001636b95a4e}]
    \Shell\AutoRun\command - G:\WDSetup.exe

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

    2008-01-12 c:\windows\Tasks\Connexion facile à Internet.job
    - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 10:55]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

    c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
    c:\windows\Downloaded Program Files\live.ini
    c:\windows\Downloaded Program Files\scanoptions.tsi
    c:\windows\Downloaded Program Files\lang.ini
    c:\windows\Downloaded Program Files\ipsupd.dll
    c:\windows\Downloaded Program Files\bdupd.dll
    c:\windows\Downloaded Program Files\libfn.dll
    c:\windows\Downloaded Program Files\bdcore.dll
    c:\windows\Downloaded Program Files\oscan8.ocx
    O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    c:\windows\Downloaded Program Files\oscan8.inf

    O16 -: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-23 18:04:45
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-23 18:05:40
    ComboFix-quarantined-files.txt 2008-12-23 17:05:26

    Avant-CF: 39 808 094 208 octets libres
    Après-CF: 41,831,043,072 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    231 --- E O F --- 2008-12-18 11:34:25
    Contenus similaires
    a b 8 Sécurité
    24 Décembre 2008 17:19:12

    Re,

    C'est mieux ?

    Télécharge puis installe Hijackthis (Trend Micro)
    Poste ensuite un rapport dans ta prochaine réponse.
    AIDE : Comment utiliser Hijackthis v2.0.2
    24 Décembre 2008 17:38:55

    voila , je n'ai pas réessayé depuis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:37:35, on 24/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Documents and Settings\enfant\Bureau\HJTInstall.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/24.11/uploader2.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 10486 bytes
    28 Décembre 2008 23:10:31

    je n'était pas sur mon pc et le propriétaire du pc ne voulait pas mettre antivir donc j'ai refait le procédure sur mon pc voila le rapport de combofix:

    ComboFix 08-12-28.01 - quentin 2008-12-28 23:07:07.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2810 [GMT 1:00]
    Lancé depuis: c:\documents and settings\quentin\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1296 [VPS 081228-0] *On-access scanning disabled* (Outdated)
    * Un nouveau point de restauration a été créé
    .
    Les fichiers ci-dessous ont été désactivés pendant l'exécution:
    c:\program files\SuperCopier2\SC2Hook.dll


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-28 22:46 . 2008-12-28 22:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Innovative Solutions
    2008-12-28 22:32 . 2008-12-28 22:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Agendis
    2008-12-28 22:24 . 2008-12-28 22:54 <REP> d-------- c:\program files\Rapidown
    2008-12-28 22:08 . 2008-12-28 22:08 <REP> d-------- c:\program files\Xilisoft
    2008-12-28 21:40 . 2008-12-28 21:40 <REP> d-------- c:\documents and settings\quentin\Application Data\Xilisoft Corporation
    2008-12-19 20:56 . 2008-12-19 20:56 <REP> d-------- c:\documents and settings\quentin\Application Data\Thinstall
    2008-12-19 20:55 . 2008-12-19 20:55 <REP> d-------- c:\program files\VMware
    2008-12-15 14:46 . 2008-12-15 14:46 1,700,352 --a------ c:\windows\system32\gdiplus.dll
    2008-12-12 17:56 . 2008-12-12 17:56 <REP> d-------- c:\program files\ElcomSoft
    2008-12-12 17:56 . 2008-12-12 18:04 1,077 --a------ c:\windows\ARCHPR.INI
    2008-12-12 07:19 . 2008-12-12 07:19 <REP> dr-h----- c:\documents and settings\quentin\Application Data\SecuROM
    2008-12-12 07:18 . 2008-12-12 07:19 107,888 --a------ c:\windows\system32\CmdLineExt.dll
    2008-12-12 07:16 . 2008-12-12 18:11 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
    2008-12-12 07:03 . 2008-12-12 07:03 <REP> d-------- c:\program files\Rockstar Games
    2008-12-11 18:44 . 2008-12-11 18:46 1,393 --a------ c:\windows\imsins.BAK
    2008-12-11 06:39 . 2008-10-03 11:03 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
    2008-12-08 21:32 . 2008-12-08 21:32 <REP> d-------- c:\documents and settings\quentin\Application Data\FLV Extract
    2008-12-08 21:30 . 2008-12-08 21:30 <REP> d-------- c:\documents and settings\quentin\Application Data\FMZilla
    2008-12-08 21:09 . 2008-12-09 18:10 <REP> d-------- c:\program files\Unlocker
    2008-12-08 21:08 . 2008-12-08 21:08 <REP> d--h----- c:\windows\PIF
    2008-12-08 21:08 . 2008-12-08 21:08 <REP> d-------- C:\PHP
    2008-12-07 09:45 . 2008-12-07 09:45 528 -r-hs---- c:\windows\PCGWIN32.LI4
    2008-12-07 09:32 . 2008-12-07 09:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodata Limited
    2008-12-07 09:31 . 2008-12-07 09:31 <REP> d-------- c:\program files\Fichiers communs\Autodata Limited Shared
    2008-12-07 09:31 . 2008-12-07 09:31 <REP> d-------- C:\ADCDTEMP
    2008-12-07 09:31 . 2008-12-08 15:30 <REP> d-------- C:\ADCDA2
    2008-12-03 17:23 . 2008-12-03 17:23 <REP> d-------- c:\program files\MSXML 4.0
    2008-12-03 12:36 . 2008-12-03 12:36 4,767 --a------ c:\windows\Irremote.ini
    2008-12-03 12:35 . 2008-12-03 12:35 <REP> d-------- c:\program files\Windows Sidebar
    2008-12-03 12:30 . 2008-12-03 12:36 <REP> d-------- c:\program files\Nero
    2008-12-03 12:30 . 2008-12-03 12:42 <REP> d-------- c:\program files\Fichiers communs\Nero
    2008-12-03 12:30 . 2008-12-03 12:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
    2008-12-02 21:41 . 2008-12-02 21:41 410,976 --a------ c:\windows\system32\deploytk.dll
    2008-11-30 16:51 . 2008-11-30 16:51 <REP> d-------- c:\windows\Sun
    2008-11-30 16:33 . 2008-11-30 16:33 22,328 --a------ c:\documents and settings\quentin\Application Data\PnkBstrK.sys
    2008-11-30 15:44 . 2008-11-30 15:44 <REP> d--hs---- c:\windows\ftpcache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-28 22:05 --------- d-----w c:\program files\SuperCopier2
    2008-12-28 21:00 --------- d-----w c:\program files\Mozilla Thunderbird
    2008-12-28 20:39 --------- d-----w c:\documents and settings\quentin\Application Data\Azureus
    2008-12-17 21:52 --------- d-----w c:\program files\IEPro
    2008-12-14 12:02 --------- d-----w c:\program files\TubeMaster
    2008-12-13 19:51 --------- d-----w c:\documents and settings\quentin\Application Data\U3
    2008-12-12 06:03 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-11 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-06 10:47 --------- d-----w c:\program files\Azureus
    2008-12-02 20:41 --------- d-----w c:\program files\Java
    2008-11-23 13:34 --------- d-----w c:\program files\StuffPlug3
    2008-11-21 17:12 --------- d-----w c:\documents and settings\quentin\Application Data\vlc
    2008-11-21 17:11 --------- d-----w c:\program files\VideoLAN
    2008-11-19 12:48 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
    2008-11-18 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
    2008-11-18 17:52 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-11-18 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
    2008-11-18 17:37 --------- d-----w c:\program files\Adobe Media Player
    2008-11-18 17:36 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
    2008-11-18 17:32 --------- d-----w c:\program files\Fichiers communs\Macrovision Shared
    2008-11-15 16:36 --------- d-----w c:\documents and settings\quentin\Application Data\MiniDm
    2008-11-15 16:00 --------- d-----w c:\documents and settings\quentin\Application Data\IEPro
    2008-11-15 13:52 --------- d-----w c:\program files\PowerISO
    2008-11-15 12:17 --------- d-----w c:\program files\Gemalto
    2008-11-14 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
    2008-11-14 21:22 --------- d-----w c:\program files\Microsoft Works
    2008-11-14 21:21 --------- d-----w c:\program files\Microsoft.NET
    2008-11-14 21:20 --------- d-----w c:\program files\Microsoft Visual Studio 8
    2008-11-14 20:53 --------- d-----w c:\program files\Messenger Plus! Live
    2008-11-14 20:08 --------- d-----w c:\program files\Windows Live
    2008-11-14 20:07 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-11-14 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-11-14 19:49 --------- d-----w c:\documents and settings\quentin\Application Data\Thunderbird
    2008-11-14 19:13 --------- d-----w c:\program files\Windows Desktop Search
    2008-11-14 19:12 --------- d-----w c:\program files\Alwil Software
    2008-11-14 19:07 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
    2008-11-14 19:04 --------- d-----w c:\program files\CCleaner
    2008-11-14 19:01 --------- d-----w c:\documents and settings\quentin\Application Data\Windows Search
    2008-11-14 18:16 --------- d-----w c:\program files\Microsoft Silverlight
    2008-11-14 18:14 --------- d-----w c:\program files\Windows Media Connect 2
    2008-11-14 17:30 --------- d-----w c:\documents and settings\quentin\Application Data\CyberLink
    2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
    2008-10-31 00:29 --------- d-----w c:\program files\Analog Devices
    2008-10-30 20:25 4,576 ----a-w c:\windows\system32\drivers\1028_Dell_OPT_960.mrk
    2008-10-30 12:39 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI
    2008-10-30 12:39 --------- d-----w c:\documents and settings\quentin\Application Data\ATI
    2008-10-30 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
    2008-10-30 12:39 --------- d-----w c:\documents and settings\Administrateur\Application Data\ATI
    2008-10-30 12:38 --------- d-----w c:\program files\CyberLink
    2008-10-30 12:38 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
    2008-10-30 12:37 --------- d-----w c:\program files\Intel
    2008-10-30 12:37 --------- d-----w c:\program files\Fichiers communs\Intel
    2008-10-30 12:37 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2008-10-30 12:37 --------- d-----w c:\program files\Common Files
    2008-10-30 12:37 --------- d-----w c:\program files\ATI Technologies
    2008-10-30 12:37 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
    2008-10-30 12:37 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
    2008-10-30 12:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield
    2008-10-30 12:36 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\InstallShield
    2008-10-30 12:36 --------- d-----w c:\program files\Fichiers communs\Java
    2008-10-30 12:36 --------- d-----w c:\documents and settings\quentin\Application Data\InstallShield
    2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
    2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "Thinstall Setup Capture Continue"="c:\program files\VMware\VMware ThinApp\Setup Capture.exe" [2008-06-23 6469738]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-08-27 1044480]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-02 136600]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-08-06 182808]
    "picon"="c:\program files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-17 773144]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    --a------ 2008-06-11 22:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    --a------ 2008-06-12 02:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    --a------ 2008-08-14 07:58 611712 c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
    --a------ 2008-08-15 05:46 378224 c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    --a------ 2008-12-13 17:52 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\IEPro\\MiniDM.exe"=
    "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-10-30 24064]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-14 111184]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-14 20560]
    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-08-29 935208]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe [2008-10-30 2054680]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k5132.sys [2008-10-30 144480]
    R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2008-10-30 62048]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;"c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [2008-08-15 284016]

    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    MSConfigStartUp-PDVDDXSrv - c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Download with Rapget - d:\logiciel\rapget1.41ByBBD\rapget.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-28 23:07:46
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\quentin\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(832)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Heure de fin: 2008-12-28 23:08:14
    ComboFix-quarantined-files.txt 2008-12-28 22:08:02

    Avant-CF: 108 617 146 368 octets libres
    Après-CF: 108,755,181,568 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    235 --- E O F --- 2008-12-18 15:02:08
    a b 8 Sécurité
    29 Décembre 2008 14:44:31

    Pourquoi avoir refais un scan Combofix :/ 
    29 Décembre 2008 16:20:04

    je ne suis pas sur le meme pc et je pense que celui est aussi infecté
    a b 8 Sécurité
    29 Décembre 2008 19:41:01

    Nan il est propre.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS