Merci pour la rapidité et la clareté de vos conseils :) comme d'hab j'ai un peu merdé, en mode sans echec, comme je voyais rien j'ai cliqué sur combo fix au lieu de sdfix... du coup j'ai repassé un coup de sdfix et un second coup de combofix apres, cela dit pour le moment pas de signe de l'iimportun virus (je croise le doigts et vais faire un ptit scan d'avast). Je vous joint les differents rapports :
premier rapport de combo fix :
ComboFix 08-07-11.1 - Nico 2 2008-07-12 13:40:01.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1807 [GMT 2:00]
Endroit: C:\Documents and Settings\Nico 2\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp0_549835618164.bk
C:\WINDOWS\system32\tmp0_621287139065.bk
C:\WINDOWS\system32\tmp1_78640586871.bk
C:\WINDOWS\system32\WServing.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))))))
.
2008-07-11 21:27 . 2008-07-11 21:29 <REP> d-------- C:\Documents and Settings\Nico 2\Application Data\vlc
2008-07-11 21:21 . 2008-07-11 21:22 <REP> d-------- C:\Documents and Settings\All Users\utilitaires
2008-07-11 21:20 . 2008-07-11 21:20 <REP> d-------- C:\Documents and Settings\All Users\film
2008-07-11 21:17 . 2008-07-11 21:17 <REP> d-------- C:\Program Files\Freeplayer
2008-07-11 18:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-11 18:10 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-11 18:10 . 2008-07-11 18:10 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-07-11 18:10 . 2008-07-11 18:10 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2008-07-11 18:10 . 2008-07-11 18:10 30 --a------ C:\WINDOWS\system32\brss01a.ini
2008-07-11 18:10 . 2008-07-11 18:10 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-07-11 18:09 . 2001-02-05 11:16 258,048 --a------ C:\WINDOWS\system32\bsplmf01.dll
2008-07-11 18:09 . 2003-12-24 00:00 131,072 --a------ C:\WINDOWS\system32\bsplmf01.exe
2008-07-11 18:09 . 2005-03-02 11:35 121,856 --a------ C:\WINDOWS\system32\BrWia05a.dll
2008-07-11 18:09 . 2002-04-12 00:00 57,344 --a------ C:\WINDOWS\system32\brsvc01a.exe
2008-07-11 18:09 . 2005-05-09 10:34 55,296 --------- C:\WINDOWS\system32\brinsstr.dll
2008-07-11 18:09 . 2001-12-13 00:01 45,056 --a------ C:\WINDOWS\system32\brss01a.exe
2008-07-11 18:09 . 2005-03-02 13:14 37,888 --a------ C:\WINDOWS\system32\BrUSi05a.dll
2008-07-11 18:09 . 2004-10-15 12:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2008-07-11 18:09 . 2008-07-11 18:09 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2008-07-11 18:08 . 2008-07-11 18:08 <REP> d-------- C:\Program Files\Common Files
2008-07-11 18:08 . 2008-07-11 18:09 <REP> d-------- C:\Program Files\Brother
2008-07-11 18:08 . 2008-07-11 18:08 <REP> d-------- C:\Brother
2008-07-11 18:08 . 2004-12-03 01:26 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2008-07-11 18:08 . 2004-12-10 16:35 147,456 --------- C:\WINDOWS\brunin03.dll
2008-07-11 18:08 . 2002-10-31 01:09 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2008-07-11 18:08 . 2003-07-03 01:08 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2008-07-11 18:08 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-07-11 18:07 . 2008-07-11 18:07 <REP> d-------- C:\Program Files\ScanSoft
2008-07-11 18:07 . 2008-07-11 18:07 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-07-11 18:07 . 2008-07-11 18:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-11 18:07 . 2008-07-11 18:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-11 18:07 . 2003-09-24 11:37 27,279 --a------ C:\WINDOWS\maxlink.ini
2008-07-11 18:06 . 2008-07-11 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-07-05 17:28 . 2008-07-05 17:30 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-05 17:24 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-05 17:24 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-05 17:19 . 2008-07-05 17:19 <REP> d-------- C:\Program Files\Creative
2008-07-05 17:19 . 2005-08-16 12:23 38,422 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 16:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-23 18:47 --------- d-----w C:\Documents and Settings\Nico 2\Application Data\LG Electronics
2008-05-23 18:45 --------- d-----w C:\Program Files\LG PC Suite
2008-05-23 18:45 --------- d-----w C:\Program Files\LG Electronics
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NOBICYT;NOBICYT Service;C:\WINDOWS\system32\Nobicyt.exe [2001-08-28 14:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dca4d42-1071-11dd-9b35-806d6172696f}]
\Shell\AutoRun\command - D:\SETUP.EXE /AUTORUN
\Shell\configure\command - D:\SETUP.EXE
\Shell\install\command - D:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9195d1c6-1073-11dd-bda8-0011d89573df}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-05 17:48:45 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.Nico 2+Runs ErrorSmart to optimize your registry.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 13:42:28
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-12 13:45:12 - machine was rebooted [Nico 2]
ComboFix-quarantined-files.txt 2008-07-12 11:45:07
Pre-Run: 70,273,351,680 octets libres
Post-Run: 70,261,354,496 octets libres
157 --- E O F --- 2008-07-05 15:30:10
ensuite rapport de sdfix :
[b]SDFix: Version 1.204 /b
Run by Administrateur on 12/07/2008 at 13:56
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
Trojan Files Found:
C:\WINDOWS\system32\comsa32.sys - Deleted
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 14:00:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files /b:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
Thu 3 Jul 2008 251,597 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f5d704509135a88d58a6d4154bc19d41\BIT2.tmp"
[b]Finished!/b
ensuite second rapport de combo fix :
ComboFix 08-07-11.1 - Nico 2 2008-07-12 14:07:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1666 [GMT 2:00]
Endroit: C:\Documents and Settings\Nico 2\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))))))
.
2008-07-12 13:54 . 2008-07-12 13:54 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-12 13:53 . 2008-07-12 13:53 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-11 21:27 . 2008-07-11 21:29 <REP> d-------- C:\Documents and Settings\Nico 2\Application Data\vlc
2008-07-11 21:21 . 2008-07-11 21:22 <REP> d-------- C:\Documents and Settings\All Users\utilitaires
2008-07-11 21:20 . 2008-07-11 21:20 <REP> d-------- C:\Documents and Settings\All Users\film
2008-07-11 21:17 . 2008-07-11 21:17 <REP> d-------- C:\Program Files\Freeplayer
2008-07-11 18:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-11 18:10 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-11 18:10 . 2008-07-11 18:10 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-07-11 18:10 . 2008-07-11 18:10 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2008-07-11 18:10 . 2008-07-11 18:10 30 --a------ C:\WINDOWS\system32\brss01a.ini
2008-07-11 18:10 . 2008-07-11 18:10 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-07-11 18:09 . 2001-02-05 11:16 258,048 --a------ C:\WINDOWS\system32\bsplmf01.dll
2008-07-11 18:09 . 2003-12-24 00:00 131,072 --a------ C:\WINDOWS\system32\bsplmf01.exe
2008-07-11 18:09 . 2005-03-02 11:35 121,856 --a------ C:\WINDOWS\system32\BrWia05a.dll
2008-07-11 18:09 . 2002-04-12 00:00 57,344 --a------ C:\WINDOWS\system32\brsvc01a.exe
2008-07-11 18:09 . 2005-05-09 10:34 55,296 --------- C:\WINDOWS\system32\brinsstr.dll
2008-07-11 18:09 . 2001-12-13 00:01 45,056 --a------ C:\WINDOWS\system32\brss01a.exe
2008-07-11 18:09 . 2005-03-02 13:14 37,888 --a------ C:\WINDOWS\system32\BrUSi05a.dll
2008-07-11 18:09 . 2004-10-15 12:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2008-07-11 18:09 . 2008-07-11 18:09 50 --a------ C:\WINDOWS\system32\bridf05a.dat
2008-07-11 18:08 . 2008-07-11 18:08 <REP> d-------- C:\Program Files\Common Files
2008-07-11 18:08 . 2008-07-11 18:09 <REP> d-------- C:\Program Files\Brother
2008-07-11 18:08 . 2008-07-11 18:08 <REP> d-------- C:\Brother
2008-07-11 18:08 . 2004-12-03 01:26 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2008-07-11 18:08 . 2004-12-10 16:35 147,456 --------- C:\WINDOWS\brunin03.dll
2008-07-11 18:08 . 2002-10-31 01:09 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2008-07-11 18:08 . 2003-07-03 01:08 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2008-07-11 18:08 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-07-11 18:07 . 2008-07-11 18:07 <REP> d-------- C:\Program Files\ScanSoft
2008-07-11 18:07 . 2008-07-11 18:07 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-07-11 18:07 . 2008-07-11 18:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-11 18:07 . 2008-07-11 18:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-11 18:07 . 2003-09-24 11:37 27,279 --a------ C:\WINDOWS\maxlink.ini
2008-07-11 18:06 . 2008-07-11 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-07-05 17:28 . 2008-07-05 17:30 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-05 17:24 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-05 17:24 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-05 17:19 . 2008-07-05 17:19 <REP> d-------- C:\Program Files\Creative
2008-07-05 17:19 . 2005-08-16 12:23 38,422 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 16:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-23 18:47 --------- d-----w C:\Documents and Settings\Nico 2\Application Data\LG Electronics
2008-05-23 18:45 --------- d-----w C:\Program Files\LG PC Suite
2008-05-23 18:45 --------- d-----w C:\Program Files\LG Electronics
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-12_13.44.56.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 11:42:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-12 11:59:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 09:52:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-12 11:54:58 372,736 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT
+ 2008-07-12 11:54:58 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
+ 2008-07-09 09:52:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-12 11:54:57 372,736 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\NTUSER.DAT
+ 2008-07-12 11:54:57 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
+ 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\TEMP\mta56201.dll
- 2008-07-12 11:42:08 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_658.dat
+ 2008-07-12 11:59:54 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_658.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur d'‚tat.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-07-11 18:09:11 802816]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NOBICYT;NOBICYT Service;C:\WINDOWS\system32\Nobicyt.exe [2001-08-28 14:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dca4d42-1071-11dd-9b35-806d6172696f}]
\Shell\AutoRun\command - D:\SETUP.EXE /AUTORUN
\Shell\configure\command - D:\SETUP.EXE
\Shell\install\command - D:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9195d1c6-1073-11dd-bda8-0011d89573df}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-05 17:48:45 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.Nico 2+Runs ErrorSmart to optimize your registry.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 14:07:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-12 14:09:21
ComboFix-quarantined-files.txt 2008-07-12 12:08:58
Pre-Run: 70,213,283,840 octets libres
Post-Run: 70,205,054,976 octets libres
132 --- E O F --- 2008-07-05 15:30:10
et pour finir un petit coup d'hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:44, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
End of file - 5264 bytes
voila, merci pour tout (et bon app pour les tartines de rapports :) )
Antivirus pour sality win 32
