Virus Win32/Ramnit.A virus [Résolu/Fermé]

Signaler
Messages postés
23
Date d'inscription
samedi 2 mai 2009
Statut
Membre
Dernière intervention
28 février 2012
-
 mourad27 -
Bonjour,
Un virus s'est déclaré sur mon PC hier, il est plutôt coriace !
Tout d'abord, Avira m'a signalé un virus HTML/RCE.gen, plusieurs dizaine de notifications par minute pour des fichiers différents, et des fermetures toutes les dix secondes du service Windows Process Host.
Avira ne m'apportant aucune solution malgré de nombreuses tentatives (mise en quarantaine, suppression, refus d'accès), j'ai ensuite installé ESET Nod32. Un scan m'apprend que plus de 1600 fichiers sont infectés, et 99% le sont par le fameux Win32/Ramnit.A virus, qui infecte certains types de fichiers (html, js, exe, et dll). Ils sont actuellement tous en quarantaine, et NOD32 continue d'en trouver 1 toutes les 2 minutes environ.
Cet ordinateur est mon PC professionnel, et je n'ai pas de sauvegarde récente.

Comment m'en débarrasser, sans formater si possible, ou alors comment effectuer une sauvegarde sans risque de mes documents Word et Open Office !
Merci !

Pour info, voici un rapport HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:25, on 24/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
Z:\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/7
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/7
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F3 - REG:win.ini: load=C:\DOCUME~1\spie\LOCALS~1\Temp\dwm.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe,c:\program files\real\realupgrade\realupgradesrv.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Dell ControlPoint
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD54BDD-4376-446C-82AA-651143BA07F7}: NameServer = 10.32.20.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r213367\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11625 bytes

17 réponses

Messages postés
13415
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 154
Hello,

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.

? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
2
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 86849 internautes nous ont dit merci ce mois-ci

merçiii mon respect a touts
Messages postés
23
Date d'inscription
samedi 2 mai 2009
Statut
Membre
Dernière intervention
28 février 2012

Voici mon rapport :
ComboFix 10-10-23.01 - spie 24/10/2010  14:34:23.2.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.2003.1313 [GMT 2:00]
Lancé depuis: c:\documents and settings\spie\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft\DesktopLayer.exe
.
---- Exécution préalable -------
.
c:\documents and settings\spie\Application Data\download2
c:\documents and settings\spie\Application Data\download2\svcnost.exe
c:\documents and settings\spie\Application Data\Microsoft\stor.cfg
c:\documents and settings\spie\Application Data\Microsoft\svchostSrv.exe
c:\documents and settings\spie\Local Settings\Application Data\70256255.exe
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files\Microsoft\DesktopLayer.exe
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
c:\program files\QuickTime\PictureViewer.Resources\PictureViewer.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
c:\program files\QuickTime\QTSystem\QTMLClient.dll
c:\program files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.dll

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-09-24 au 2010-10-24  ))))))))))))))))))))))))))))))))))))
.

2010-10-23 21:15 . 2010-10-23 21:15	--------	d-----w-	c:\documents and settings\spie\Application Data\Malwarebytes
2010-10-23 21:14 . 2010-10-23 21:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-23 21:14 . 2010-10-24 11:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-23 20:53 . 2010-10-23 20:53	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-10-23 20:53 . 2010-10-23 20:53	--------	d-----w-	c:\documents and settings\spie\Local Settings\Application Data\ESET
2010-10-23 20:52 . 2010-10-23 20:52	--------	d-----w-	c:\program files\ESET
2010-10-23 20:52 . 2010-10-23 20:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2010-10-23 20:47 . 2010-10-23 20:47	--------	d-----w-	c:\documents and settings\spie\Application Data\qfmadhr
2010-10-22 09:59 . 2010-10-22 09:59	--------	d-----w-	c:\documents and settings\spie\Application Data\Roxio
2010-10-17 06:26 . 2010-10-17 06:27	--------	d-----w-	c:\documents and settings\spie\Application Data\moovida-1
2010-10-16 13:10 . 2010-10-16 13:11	--------	d-----w-	C:\Temp
2010-10-16 13:08 . 2010-10-23 21:03	--------	d-----w-	c:\documents and settings\spie\Local Settings\Application Data\moovida Air
2010-10-16 13:06 . 2010-10-24 09:46	--------	d-----w-	c:\documents and settings\spie\Application Data\OfferBox
2010-10-15 19:24 . 2010-10-23 19:24	102400	----a-w-	c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
2010-10-15 19:24 . 2010-10-15 19:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Zylom
2010-10-13 12:19 . 2010-09-18 06:53	974848	-c----w-	c:\windows\system32\dllcache\mfc42.dll
2010-10-13 12:19 . 2010-09-18 06:53	954368	-c----w-	c:\windows\system32\dllcache\mfc40.dll
2010-10-13 12:19 . 2010-09-18 06:53	953856	-c----w-	c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 12:19 . 2010-08-23 16:12	617472	-c----w-	c:\windows\system32\dllcache\comctl32.dll
2010-10-10 06:42 . 2010-10-10 06:43	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-10-10 06:42 . 2010-10-10 06:42	--------	d-----w-	c:\documents and settings\spie\Mes documents
2010-10-07 18:01 . 2010-10-24 10:55	--------	d-----w-	c:\documents and settings\spie\Application Data\skypePM
2010-10-07 18:00 . 2010-10-24 11:01	--------	d-----w-	c:\documents and settings\spie\Application Data\Skype
2010-10-07 17:58 . 2010-10-07 18:00	--------	d-----r-	c:\program files\Skype
2010-10-07 17:58 . 2010-10-07 17:58	--------	d-----w-	c:\program files\Fichiers communs\Skype
2010-10-07 17:58 . 2010-10-07 17:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 12:28 . 2009-09-11 08:24	0	----a-w-	c:\documents and settings\spie\Local Settings\Application Data\WavXMapDrive.bat
2010-09-18 10:23 . 2008-04-25 12:46	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-25 12:46	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-25 12:46	954368	----a-w-	c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-25 12:46	953856	----a-w-	c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2008-04-25 12:46	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2008-04-25 12:46	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-10 05:50 . 2008-04-25 12:46	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2008-04-25 12:46	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2008-04-25 12:46	1862016	----a-w-	c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-25 12:46	119808	----a-w-	c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2008-04-25 12:46	99840	----a-w-	c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-25 12:46	357248	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-25 12:46	617472	----a-w-	c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-25 12:46	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2008-04-25 12:46	590848	----a-w-	c:\windows\system32\rpcrt4.dll
2010-08-10 03:15 . 2010-08-10 03:15	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-08-10 03:15 . 2010-08-10 03:15	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-08-04 09:50 . 2010-08-04 09:50	140752	----a-w-	c:\windows\system32\drivers\eamon.sys
2010-08-03 11:28 . 2010-08-03 11:28	95896	----a-w-	c:\windows\system32\drivers\epfwtdir.sys
2010-07-29 11:31 . 2010-07-29 11:31	115008	----a-w-	c:\windows\system32\drivers\ehdrv.sys
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 09:24	40960	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 09:24	40960	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1998-07-24 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2010-10-23 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-05-26 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-26 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint
Dell ControlPoint.lnk - c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2009-1-19 667648]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Connection Manager
Dell ControlPoint Connection Manager.lnk - c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [2009-3-1 1810432]
readme.rtf.LNK - c:\program files\Dell\Dell ControlPoint\Connection Manager\readme.rtf [2009-5-26 233917]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Gestionnaire de s'curit'\Avanc'
Assistant d'installation de la s'curit'.lnk - c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecuritySetupWizard.exe [2009-1-16 255288]
EMBASSY Security Center.lnk - c:\program files\Wave Systems Corp\EMBASSY Security Center\EmbassySecurityCenter.exe [2009-1-16 271672]
Enregistrer des empreintes digitales.lnk - c:\program files\Wave Systems Corp\Authentication Manager\UEW.exe [2008-12-11 933888]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Gestionnaire de s'curit'\Avanc'\Avanc'
Document Manager.lnk - c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\explorevault.exe [2008-12-22 1249280]
Lisez-moi Embassy Trust Suite.lnk - c:\program files\Wave Systems Corp\Services Manager\readme.txt [2009-1-16 10819]
Private Information Manager.lnk - c:\program files\Wave Systems Corp\Services Manager\Private Information Manager\Private Information Manager.exe [2009-1-16 3286328]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Gestionnaire de s'curit'\Avanc'\Avanc'\Assistants S'curit' avanc'e
Assistant Configuration de l'authentification 802.1x.lnk - c:\program files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe [2008-9-19 638976]
Assistant SystSme de cryptage de fichiers.lnk - c:\program files\Wave Systems Corp\Security Wizards\bin\Secure EFS.exe [2009-1-16 623928]
Assistant S'curisation du courrier 'lectronique.lnk - c:\program files\Wave Systems Corp\Security Wizards\bin\Secure Email.exe [2008-9-19 557056]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Security Manager
Security Manager.lnk - c:\windows\Installer\{8E1E6C75-D67B-48B0-B539-EDCA99C29C9E}\SecurityManager_930B666D06024FE492AEDB0643C04177.exe [2009-5-26 50512]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\System Manager
Gestionnaire de l'alimentation.lnk - c:\windows\Installer\{62F29D1C-D526-40F4-B4D0-840F043C2CC1}\NewShortcut1_7F0C44578E64491B8D7B991504365D1E.exe [2009-5-26 266240]
Gestionnaire de l''cran et des p'riph'riques.lnk - c:\windows\Installer\{62F29D1C-D526-40F4-B4D0-840F043C2CC1}\NewShortcut4_7F0C44578E64491B8D7B991504365D1E.exe [2009-5-26 266240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 21:08	166912	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 21:08	134656	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 21:08	134656	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-22 15:05	202256	----a-w-	c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/07/2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [03/08/2010 13:28 95896]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 14:47 1664248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 12:07 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [06/02/2009 21:06 443168]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/08/2010 14:16 810144]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [01/03/2009 19:09 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [27/05/2009 02:49 112512]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [27/05/2009 02:49 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [26/05/2009 18:31 232744]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [20/04/2010 14:17 16896]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-05-26 c:\windows\Tasks\Install.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-05-25 18:23]

2010-10-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3695875810-2940095390-3776284017-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3695875810-2940095390-3776284017-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
TCP: {3DD54BDD-4376-446C-82AA-651143BA07F7} = 10.32.20.4
FF - ProfilePath - c:\documents and settings\spie\Application Data\Mozilla\Firefox\Profiles\gq9veeht.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 14:38
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\wvauth.dll
.
Heure de fin: 2010-10-24  14:40:02
ComboFix-quarantined-files.txt  2010-10-24 12:40

Avant-CF: 45 165 047 808 octets libres
Après-CF: 45 127 245 824 octets libres

- - End Of File - - DDC634B0B95CE078FA6AF490F5AD62E9
Messages postés
13415
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 154
Il va falloir analyser un ou des fichier(s) suspect(s) !

Il se peut qu'il se trouvent dans les " dossiers cachés " du systeme.
Il faut donc les rendre visibles pour le scan.

Pour afficher les dossiers et fichiers cachés:

Panneau de configuration > Options des dossiers > onglet Affichage.

Coche Afficher les fichiers et dossiers cachés,
Décoche Masquer les extensions de fichiers connus
Décoche Masquer les fichiers protégés du Système.
Un message de mise en garde va apparaitre. Clique sur OK pour confirmer ton choix.
Les fichiers et dossiers cachés du système apparaitront alors dans l'explorateur Windows en transparence.

Rends toi sur ce site :

http://www.virustotal.com/

Clique sur parcourir et cherche ces fichiers :

c:\windows\System32\TdmNetworkProvider.dll
c:\program files\Wave Systems Corp\EMBASSY Security Center\EmbassySecurityCenter.exe


Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.
Messages postés
23
Date d'inscription
samedi 2 mai 2009
Statut
Membre
Dernière intervention
28 février 2012

Fichier : TdmNetworkProvider.dll
Antivirus 	Version 	Last update 	Result
AhnLab-V3 	2010.10.24.00 	2010.10.23 	-
AntiVir 	7.10.13.27 	2010.10.22 	-
Antiy-AVL 	2.0.3.7 	2010.10.24 	-
Authentium 	5.2.0.5 	2010.10.23 	-
Avast 	4.8.1351.0 	2010.10.24 	-
Avast5 	5.0.594.0 	2010.10.24 	-
AVG 	9.0.0.851 	2010.10.24 	-
BitDefender 	7.2 	2010.10.24 	-
CAT-QuickHeal 	11.00 	2010.10.22 	-
ClamAV 	0.96.2.0-git 	2010.10.23 	-
Comodo 	6488 	2010.10.23 	-
DrWeb 	5.0.2.03300 	2010.10.24 	-
Emsisoft 	5.0.0.50 	2010.10.24 	-
eSafe 	7.0.17.0 	2010.10.21 	-
eTrust-Vet 	36.1.7929 	2010.10.22 	-
F-Prot 	4.6.2.117 	2010.10.23 	-
F-Secure 	9.0.16160.0 	2010.10.24 	-
Fortinet 	4.2.249.0 	2010.10.24 	-
GData 	21 	2010.10.24 	-
Ikarus 	T3.1.1.90.0 	2010.10.24 	-
Jiangmin 	13.0.900 	2010.10.24 	-
K7AntiVirus 	9.66.2813 	2010.10.22 	-
Kaspersky 	7.0.0.125 	2010.10.24 	-
McAfee 	5.400.0.1158 	2010.10.24 	-
McAfee-GW-Edition 	2010.1C 	2010.10.23 	-
Microsoft 	1.6301 	2010.10.24 	-
NOD32 	5559 	2010.10.24 	-
Norman 	6.06.10 	2010.10.24 	-
nProtect 	2010-10-24.01 	2010.10.24 	-
Panda 	10.0.2.7 	2010.10.24 	-
PCTools 	7.0.3.5 	2010.10.24 	-
Prevx 	3.0 	2010.10.24 	-
Rising 	22.70.05.00 	2010.10.24 	-
Sophos 	4.58.0 	2010.10.24 	-
Sunbelt 	7131 	2010.10.24 	-
SUPERAntiSpyware 	4.40.0.1006 	2010.10.24 	-
Symantec 	20101.2.0.161 	2010.10.24 	-
TheHacker 	6.7.0.1.065 	2010.10.24 	-
TrendMicro 	9.120.0.1004 	2010.10.24 	-
TrendMicro-HouseCall 	9.120.0.1004 	2010.10.24 	-
VBA32 	3.12.14.1 	2010.10.22 	-
ViRobot 	2010.10.24.4110 	2010.10.24 	-
VirusBuster 	12.70.2.0 	2010.10.24 	-
MD5: e53bc86efe340364ab5ec307a3a7cf17
SHA1: 1b36962668aa44fdd0646283fdc38dabe0ca146d
SHA256: 8a06b645ac556a267d97a98b7af93884052de936f213b1d103e141ef1f0f1ef3
File size: 716800 bytes
Scan date: 2010-10-24 13:44:43 (UTC)


Fichier : c:\program files\Wave Systems Corp\EMBASSY Security Center\EmbassySecurityCenter.exe
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2010.10.24.00	2010.10.23	-
AntiVir	7.10.13.27	2010.10.22	-
Antiy-AVL	2.0.3.7	2010.10.24	-
Authentium	5.2.0.5	2010.10.23	-
Avast	4.8.1351.0	2010.10.24	-
Avast5	5.0.594.0	2010.10.24	-
AVG	9.0.0.851	2010.10.24	-
BitDefender	7.2	2010.10.24	-
CAT-QuickHeal	11.00	2010.10.22	-
ClamAV	0.96.2.0-git	2010.10.23	-
Comodo	6488	2010.10.23	-
DrWeb	5.0.2.03300	2010.10.24	-
Emsisoft	5.0.0.50	2010.10.24	-
eSafe	7.0.17.0	2010.10.21	-
eTrust-Vet	36.1.7929	2010.10.22	-
F-Prot	4.6.2.117	2010.10.23	-
F-Secure	9.0.16160.0	2010.10.24	-
Fortinet	4.2.249.0	2010.10.24	-
GData	21	2010.10.24	-
Ikarus	T3.1.1.90.0	2010.10.24	-
Jiangmin	13.0.900	2010.10.24	-
K7AntiVirus	9.66.2813	2010.10.22	-
Kaspersky	7.0.0.125	2010.10.24	-
McAfee	5.400.0.1158	2010.10.24	-
McAfee-GW-Edition	2010.1C	2010.10.23	-
Microsoft	1.6301	2010.10.24	-
NOD32	5559	2010.10.24	-
Norman	6.06.10	2010.10.24	-
nProtect	2010-10-24.01	2010.10.24	-
Panda	10.0.2.7	2010.10.24	-
PCTools	7.0.3.5	2010.10.24	-
Prevx	3.0	2010.10.24	-
Rising	22.70.05.00	2010.10.24	-
Sophos	4.58.0	2010.10.24	-
Sunbelt	7131	2010.10.24	-
SUPERAntiSpyware	4.40.0.1006	2010.10.24	-
Symantec	20101.2.0.161	2010.10.24	-
TheHacker	6.7.0.1.065	2010.10.24	-
TrendMicro	9.120.0.1004	2010.10.24	-
TrendMicro-HouseCall	9.120.0.1004	2010.10.24	-
VBA32	3.12.14.1	2010.10.22	-
ViRobot	2010.10.24.4110	2010.10.24	-
VirusBuster	12.70.2.0	2010.10.24	-
Additional information
Show all
MD5   : c5c814a8bd0efc7f00504f5034316bf9
SHA1  : 111962bf2947d98010f6fdd03f6aa2d92ab1c250
SHA256: 8756d9deac79713c9b0314ceb6d77e72bf5730d7ed9e146649636069fc1cac5e
Messages postés
13415
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 154
Télécharge ZhpDiag de Nicolas Coolman .

Une fois le téléchargement achevé, double clique sur ZHPDiag.exe(clic droit ,"éxécuter en tant qu'administrateur" pour Vista).

Une fois installé le programme s'ouvre automatiquement .

Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse, clique sur la "disquette" (enregistrer sous..) .

Rend toi sur ce site : http://www.cijoint.fr/index.php

Clique sur parcourir et sélectionne le fichier ZhpDiag.txt .

Un lien va etre créer ,poste ce lien dans ta prochaine réponse.

Messages postés
23
Date d'inscription
samedi 2 mai 2009
Statut
Membre
Dernière intervention
28 février 2012

Voici le lien :
http://www.cijoint.fr/cjlink.php?file=cj201010/cijsWzUfQJ.txt
Merci de t'intéresser à mon problème, en tout cas !
Messages postés
13415
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 154
Relance Combofix une seconde fois et colle moi le nouveau rapport .
Messages postés
23
Date d'inscription
samedi 2 mai 2009
Statut
Membre
Dernière intervention
28 février 2012

ComboFix 10-10-23.02 - spie 24/10/2010  20:47:40.3.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.2003.1151 [GMT 2:00]
Lancé depuis: c:\documents and settings\spie\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((   Fichiers créés du 2010-09-24 au 2010-10-24  ))))))))))))))))))))))))))))))))))))
.

2010-10-24 15:50 . 2010-10-24 15:55	--------	d-----w-	c:\program files\ZHPDiag
2010-10-23 21:15 . 2010-10-23 21:15	--------	d-----w-	c:\documents and settings\spie\Application Data\Malwarebytes
2010-10-23 21:14 . 2010-10-23 21:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-23 21:14 . 2010-10-24 11:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-23 20:53 . 2010-10-23 20:53	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-10-23 20:53 . 2010-10-23 20:53	--------	d-----w-	c:\documents and settings\spie\Local Settings\Application Data\ESET
2010-10-23 20:52 . 2010-10-23 20:52	--------	d-----w-	c:\program files\ESET
2010-10-23 20:52 . 2010-10-23 20:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2010-10-23 20:47 . 2010-10-23 20:47	--------	d-----w-	c:\documents and settings\spie\Application Data\qfmadhr
2010-10-22 09:59 . 2010-10-22 09:59	--------	d-----w-	c:\documents and settings\spie\Application Data\Roxio
2010-10-17 06:26 . 2010-10-17 06:27	--------	d-----w-	c:\documents and settings\spie\Application Data\moovida-1
2010-10-16 13:10 . 2010-10-16 13:11	--------	d-----w-	C:\Temp
2010-10-16 13:08 . 2010-10-23 21:03	--------	d-----w-	c:\documents and settings\spie\Local Settings\Application Data\moovida Air
2010-10-16 13:06 . 2010-10-24 09:46	--------	d-----w-	c:\documents and settings\spie\Application Data\OfferBox
2010-10-15 19:24 . 2010-10-23 19:24	102400	----a-w-	c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
2010-10-15 19:24 . 2010-10-15 19:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Zylom
2010-10-13 12:19 . 2010-09-18 06:53	974848	-c----w-	c:\windows\system32\dllcache\mfc42.dll
2010-10-13 12:19 . 2010-09-18 06:53	954368	-c----w-	c:\windows\system32\dllcache\mfc40.dll
2010-10-13 12:19 . 2010-09-18 06:53	953856	-c----w-	c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 12:19 . 2010-08-23 16:12	617472	-c----w-	c:\windows\system32\dllcache\comctl32.dll
2010-10-10 06:42 . 2010-10-10 06:43	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-10-10 06:42 . 2010-10-10 06:42	--------	d-----w-	c:\documents and settings\spie\Mes documents
2010-10-07 18:01 . 2010-10-24 10:55	--------	d-----w-	c:\documents and settings\spie\Application Data\skypePM
2010-10-07 18:00 . 2010-10-24 11:01	--------	d-----w-	c:\documents and settings\spie\Application Data\Skype
2010-10-07 17:58 . 2010-10-07 18:00	--------	d-----r-	c:\program files\Skype
2010-10-07 17:58 . 2010-10-07 17:58	--------	d-----w-	c:\program files\Fichiers communs\Skype
2010-10-07 17:58 . 2010-10-07 17:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 12:28 . 2009-09-11 08:24	0	----a-w-	c:\documents and settings\spie\Local Settings\Application Data\WavXMapDrive.bat
2010-09-18 10:23 . 2008-04-25 12:46	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-25 12:46	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-25 12:46	954368	----a-w-	c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-25 12:46	953856	----a-w-	c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2008-04-25 12:46	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2008-04-25 12:46	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-10 05:50 . 2008-04-25 12:46	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2008-04-25 12:46	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2008-04-25 12:46	1862016	----a-w-	c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-25 12:46	119808	----a-w-	c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2008-04-25 12:46	99840	----a-w-	c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-25 12:46	357248	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-25 12:46	617472	----a-w-	c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-25 12:46	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2008-04-25 12:46	590848	----a-w-	c:\windows\system32\rpcrt4.dll
2010-08-10 03:15 . 2010-08-10 03:15	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-08-10 03:15 . 2010-08-10 03:15	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-08-04 09:50 . 2010-08-04 09:50	140752	----a-w-	c:\windows\system32\drivers\eamon.sys
2010-08-03 11:28 . 2010-08-03 11:28	95896	----a-w-	c:\windows\system32\drivers\epfwtdir.sys
2010-07-29 11:31 . 2010-07-29 11:31	115008	----a-w-	c:\windows\system32\drivers\ehdrv.sys
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 09:24	40960	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 09:24	40960	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1998-07-24 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2010-10-23 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-05-26 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-26 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint
Dell ControlPoint.lnk - c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2009-1-19 667648]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Connection Manager
Dell ControlPoint Connection Manager.lnk - c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [2009-3-1 1810432]
readme.rtf.LNK - c:\program files\Dell\Dell ControlPoint\Connection Manager\readme.rtf [2009-5-26 233917]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Gestionnaire de s'curit'\Avanc'
Assistant d'installation de la s'curit'.lnk - c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecuritySetupWizard.exe [2009-1-16 255288]
EMBASSY Security Center.lnk - c:\program files\Wave Systems Corp\EMBASSY Security Center\EmbassySecurityCenter.exe [2009-1-16 271672]
Enregistrer des empreintes digitales.lnk - c:\program files\Wave Systems Corp\Authentication Manager\UEW.exe [2008-12-11 933888]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Gestionnaire de s'curit'\Avanc'\Avanc'
Document Manager.lnk - c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\explorevault.exe [2008-12-22 1249280]
Lisez-moi Embassy Trust Suite.lnk - c:\program files\Wave Systems Corp\Services Manager\readme.txt [2009-1-16 10819]
Private Information Manager.lnk - c:\program files\Wave Systems Corp\Services Manager\Private Information Manager\Private Information Manager.exe [2009-1-16 3286328]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Gestionnaire de s'curit'\Avanc'\Avanc'\Assistants S'curit' avanc'e
Assistant Configuration de l'authentification 802.1x.lnk - c:\program files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe [2008-9-19 638976]
Assistant SystSme de cryptage de fichiers.lnk - c:\program files\Wave Systems Corp\Security Wizards\bin\Secure EFS.exe [2009-1-16 623928]
Assistant S'curisation du courrier 'lectronique.lnk - c:\program files\Wave Systems Corp\Security Wizards\bin\Secure Email.exe [2008-9-19 557056]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\Security Manager
Security Manager.lnk - c:\windows\Installer\{8E1E6C75-D67B-48B0-B539-EDCA99C29C9E}\SecurityManager_930B666D06024FE492AEDB0643C04177.exe [2009-5-26 50512]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\Dell ControlPoint\System Manager
Gestionnaire de l'alimentation.lnk - c:\windows\Installer\{62F29D1C-D526-40F4-B4D0-840F043C2CC1}\NewShortcut1_7F0C44578E64491B8D7B991504365D1E.exe [2009-5-26 266240]
Gestionnaire de l''cran et des p'riph'riques.lnk - c:\windows\Installer\{62F29D1C-D526-40F4-B4D0-840F043C2CC1}\NewShortcut4_7F0C44578E64491B8D7B991504365D1E.exe [2009-5-26 266240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 21:08	166912	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 21:08	134656	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 21:08	134656	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-22 15:05	202256	----a-w-	c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/07/2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [03/08/2010 13:28 95896]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 14:47 1664248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 12:07 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [06/02/2009 21:06 443168]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/08/2010 14:16 810144]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [01/03/2009 19:09 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [27/05/2009 02:49 112512]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [27/05/2009 02:49 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [26/05/2009 18:31 232744]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [20/04/2010 14:17 16896]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-05-26 c:\windows\Tasks\Install.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-05-25 18:23]

2010-10-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3695875810-2940095390-3776284017-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3695875810-2940095390-3776284017-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
TCP: {3DD54BDD-4376-446C-82AA-651143BA07F7} = 10.32.20.4
FF - ProfilePath - c:\documents and settings\spie\Application Data\Mozilla\Firefox\Profiles\gq9veeht.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 20:50
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\wvauth.dll

- - - - - - - > 'explorer.exe'(3480)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmUserInterface.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2010-10-24  20:51:23
ComboFix-quarantined-files.txt  2010-10-24 18:51
ComboFix2.txt  2010-10-24 12:40

Avant-CF: 45 115 760 640 octets libres
Après-CF: 45 107 306 496 octets libres

- - End Of File - - 41F6DA871E28FD674FE4B1A2A9E20006
Messages postés
13415
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 154
Toujours des alertes avec ton antivirus ?
Messages postés
23
Date d'inscription
samedi 2 mai 2009
Statut
Membre
Dernière intervention
28 février 2012

Non, je n'ai plus rien ! Ce serait donc ok ? Parfait ! Merci beaucoup en tout cas !
Messages postés
13415
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 154
==*Nettoyage des outils*==
Pour Xp : Double clique sur l'icône ZHPFix.exe sur ton Bureau.

Pour Vista : Clique droit sur l'icône ZHPFix.exe sur ton Bureau,
puis sélectionne 'Exécuter en tant qu'administrateur'.

Relance ZHPFix sur ton Bureau.

Clique sur le A rouge (Nettoyeur de Tools).

Clique sur Nettoyer.

Fais redémarrer l'ordi pour terminer le nettoyage.

==============

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain.

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

Si jamais un soucis reviendrais ,n'hésites pas a poster ici .

Bonne continuation sur la toile .
Messages postés
23
Date d'inscription
samedi 2 mai 2009
Statut
Membre
Dernière intervention
28 février 2012

Merci beaucoup !
Bonjour à tous, j'ai exactement le même virus sur mon PC professionnel.
Puis-je suivre la démarche indiquée par "jfkpresident" ou est-elle spécifique à chaque situation ?
Merci d'avance pour votre aide !
Chère JFK,merci beaucoup j'ai réussie à nettoyer cette saleté de mon PC grâce à toi

PS: je t'aimes <3 =D
bonjour,
heu j'ai eu le même problème mais je n'ai pas réussi à retrouver les fameux dossiers cachés même après avoir décoché les cases pour les dossiers masqués!
Que dois-je faire?
Merci
Bonjour,

J'ai depuis hier le même problème sur mon PC. Il s'agit du virus Win32:Ramnit-F.
Je reçois constamment des messages d'avast m'indiquant qu'il y a un virus sur les fichiers exe, ddl, ...

Je ne suis pas très pro en informatique, je voulais donc savoir si je peux appliquer la démarche de jfkpresident sur mon PC, si cela fonctionnera comme pour orowyn. Combien de temps prends à peu près ces manipulations?

Avec cette solution, rien ne sera supprimé de mon PC?

Merci de me répondre assez rapidement, si quelqu'un a une solution ou quelques conseils pour mon problème.
Messages postés
13415
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 154
@Marie-sophie: ouvre ton propre sujet sur Virus/sécu ,merci ;)
ComboFix 13-01-14.01 - Administrateur 16/01/2013 12:13:06.1.4 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2871.1294 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\microsoft\watermark.exe
c:\program files\Smiley Bar for Facebook\ScRIpthost.dll
c:\program files\sss
c:\program files\sss\MSCOMM32.OCX
c:\program files\sss\S.S.S._log.txt
c:\program files\sss\SSS.exe
c:\windows\system\VB40032.DLL
c:\windows\system32\dmlconf.dat
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\Xprotector.sys
c:\windows\system32\roboot.exe
c:\windows\system32\ShellExt\CmdOpen.dll
D:\AUTORUN.INF
D:\install.exe
D:\setup.exe
D:\video.lnk
D:\WINRAR.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XPROTECTOR
-------\Service_usnjsvc
-------\Service_XPROTECTOR
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-12-16 au 2013-01-16 ))))))))))))))))))))))))))))))))))))
.
.
2013-01-15 20:56 . 2013-01-15 20:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Avira
2013-01-15 20:56 . 2013-01-15 20:56 -------- d-----w- c:\program files\Avira
2013-01-15 20:56 . 2013-01-15 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2013-01-15 20:56 . 2011-10-11 14:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-15 20:56 . 2011-10-11 14:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-15 20:56 . 2011-10-11 14:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-14 20:47 . 2013-01-14 20:47 -------- d-----w- c:\program files\Haali
2013-01-14 20:46 . 2012-04-08 23:40 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2013-01-14 20:44 . 2013-01-14 20:44 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Babylon
2013-01-14 20:44 . 2013-01-14 20:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\StatusWinks
2013-01-14 20:44 . 2013-01-14 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2013-01-14 20:44 . 2013-01-14 20:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Babylon
2013-01-14 20:44 . 2013-01-15 21:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PerformerSoft
2013-01-14 20:43 . 2013-01-16 11:16 -------- d-----w- c:\program files\Smiley Bar for Facebook
2013-01-14 20:42 . 2013-01-14 20:42 -------- d-----w- c:\program files\File Scout
2013-01-14 20:42 . 2013-01-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2013-01-08 18:45 . 2013-01-16 11:17 -------- d-----w- c:\program files\Microsoft
2013-01-08 12:36 . 2013-01-08 12:37 -------- d-----w- C:\Multi-box
2013-01-04 15:23 . 2013-01-04 15:23 380928 ----a-w- c:\windows\system32\aggtyvilani.ocx
2012-12-29 12:51 . 2012-12-29 12:51 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Symbian-Toys.com
2012-12-27 16:21 . 2012-12-27 16:32 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
2012-12-26 18:28 . 2012-12-26 18:31 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GetRightToGo
2012-12-26 18:04 . 2012-12-26 18:05 -------- d-----r- c:\program files\Skype
2012-12-26 18:04 . 2012-12-26 18:04 -------- d-----w- c:\program files\Fichiers communs\Skype
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-09-27 10:24 . 0F350F1870E65C510FFFF60D7EE14BA8 . 1504256 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-09-27 . 4BB6301D634C857A5089E8B24C5555E4 . 593408 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-09-27 . AAC42FD16A1976DE9A0773E740597644 . 693248 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-09-27 . B6BC3773B01BF85B880F56C198EEA90B . 3774464 . . [7.00.6000.20861] . . c:\windows\system32\mshtml.dll
.
[-] 2008-09-27 . EF31A8266AF7996746392E4F45502536 . 517632 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-09-27 . 90B16FF3ACEC94B95BA95AA686442A47 . 879616 . . [7.00.6000.20861] . . c:\windows\system32\wininet.dll
.
[-] 2008-09-27 . BFBBBFE0913E6C9706F97598A6588B8F . 1573888 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . AAF8E9C2CF1DB93C3EE5C12BC6A7ACEA . 282624 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-09-27 . B3D95BCB6D0B033BEBFB81FADDA8B8AC . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-09-27 . 36FA7DAFA6C2658D9F48C69FB812943B . 2165760 . . [5.1.2600.5586] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2008-09-27 . 928F1D57DD79B2EDDE517B2FFEB570C9 . 2287104 . . [5.1.2600.5586] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ------w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMover"="c:\program files\WinMover\WinMover.exe" [2005-12-02 10240]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-03 18789408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-25 144920]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TWCU"="c:\program files\TP-LINK\TL-WN820N_821N\TWCU.exe" [2008-06-17 557176]
"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2013-01-15 487892]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"JkDefrag"="advpack.dll" [2008-08-28 124928]
"SweetRegistry"="advpack.dll" [2008-08-28 124928]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15/01/2013 21:56 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/01/2013 21:56 86224]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [01/10/2012 12:00 33404]
R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [01/10/2012 12:00 12768]
R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [01/10/2012 12:00 16314]
R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [01/10/2012 12:00 8344]
R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [01/10/2012 12:00 32666]
R2 IBUpdaterService;Updater Service;c:\documents and settings\All Users\Application Data\IBUpdaterService\ibsvc.exe [14/01/2013 21:42 608032]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 12:13 3064000]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [02/10/2012 19:33 2320920]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [19/05/2006 09:22 15328]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [19/05/2006 09:22 13440]
R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [01/10/2012 12:26 12800]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/09/2012 20:20 1691480]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [19/10/2012 11:45 25856]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [01/10/2012 17:37 30312]
S3 csstusb;TI CSST USB Driver;c:\windows\system32\drivers\csstusb.sys [13/01/2012 14:03 51712]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [01/10/2012 17:37 64320]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [12/11/2003 18:38 18880]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [01/10/2012 17:37 16896]
S3 FLSUSB;NMP FLS USB Driver (flsusb.sys);c:\windows\system32\drivers\FLSUSB.SYS [01/10/2012 12:00 51798]
S3 FTCSER2K;FTCSER2K.SYS USB Serial Port Driver;c:\windows\system32\drivers\ftcser2k.sys [13/01/2012 15:25 56031]
S3 FTCUSB;FTCUSB.SYS FT2232C IO test driver;c:\windows\system32\drivers\ftcusb.sys [13/01/2012 15:25 43206]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [01/10/2012 12:21 34639]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13/01/2012 16:55 13224]
S3 gxdlusb;gxdlusb;c:\windows\system32\drivers\gxdlusb.sys [02/10/2012 19:46 10240]
S3 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys --> c:\windows\system32\DRIVERS\idmtdi.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [17/06/2011 18:33 237008]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmumdm.sys [07/11/2012 18:17 101120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [01/10/2012 12:51 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [01/10/2012 12:51 8576]
S3 ntportio;ntportio;\??\d:\usb smart cracked\USB-SMART-FULLY-CRACKED\Sony-Ericsson\ntportio.sys --> d:\usb smart cracked\USB-SMART-FULLY-CRACKED\Sony-Ericsson\ntportio.sys [?]
S3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [15/12/2012 12:06 105984]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [01/10/2012 12:25 89256]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [01/10/2012 12:25 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [01/10/2012 12:26 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [01/10/2012 12:26 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [01/10/2012 12:25 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [01/10/2012 12:26 100008]
S3 SamUsb;MTBox Device;c:\windows\system32\drivers\mtbox.sys [07/09/2005 20:11 31452]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [01/10/2012 17:36 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [01/10/2012 17:36 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [01/10/2012 17:36 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [01/10/2012 17:37 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [01/10/2012 17:37 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [01/10/2012 17:37 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [01/10/2012 17:37 98152]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [01/10/2012 17:37 179520]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [01/10/2012 17:37 179520]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [01/10/2012 17:37 179520]
S3 token;USB Token Service;c:\windows\system32\drivers\eps2kt1.sys [01/10/2012 12:26 21888]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [21/11/2004 09:10 29292]
S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;c:\windows\system32\drivers\usbgx_2.sys [06/09/2004 23:32 24080]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - HELPSVC
*NewlyCreated* - SRSERVICE
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
2008-08-28 14:35 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 23:44]
.
2013-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
ucustomizesearch = hxxp://www.google.com/ie
usearchassistant = hxxp://www.google.com/ie
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/?pc=UP21&ocid=UP21DHP&dt=122612
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=122612&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 12:18
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-746137067-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A878B50B-E91E-A412-60A0-CD72C26676F6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kagcbkmmblhahmgmckbpip"=hex:62,61,69,66,00,02
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9d,7b,6a,f4,45,6b,5e,ce,58,f3,a4,0d,08,e9,14,56,c2,ee,8d,40,76,
53,0e,d1,f2,15,d4,6d,61,e1,bd,7c,1e,d1,6d,5e,61,cb,e5,08,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d67df41a-1dec-41c3-97a6-af0a1f11f530}]
@Denied: (Full) (Everyone)
"Model"=dword:00000119
"Therad"=dword:00000008
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1280)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1336)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
- - - - - - - > 'explorer.exe'(2404)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\WinMover\WinMover.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Fichiers communs\SmartCom\DragnDropCopyHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\acs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2013-01-16 12:21:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-01-16 11:21
.
Avant-CF: 72 191 041 536 octets libres
Après-CF: 72 425 492 480 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 27594CA444CFBEB1D503C45461FA5756