J’ai pris l’initiative d’éxecuter combofix, voici le rapport. Il semble que le problème avast soit résolu.
ComboFix 10-09-30.03 - emilie 01/10/2010 11:13:05.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.398 [GMT 2:00]
Lancé depuis: c:\documents and settings\emilie\Bureau\ComboFix.exe
AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\emilie\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
c:\documents and settings\emilie\Recent\cb.dll
c:\documents and settings\emilie\Recent\DBOLE.drv
c:\documents and settings\emilie\Recent\delfile.drv
c:\documents and settings\emilie\Recent\delfile.sys
c:\documents and settings\emilie\Recent\eb.sys
c:\documents and settings\emilie\Recent\fan.dll
c:\documents and settings\emilie\Recent\fan.drv
c:\documents and settings\emilie\Recent\grid.dll
c:\documents and settings\emilie\Recent\grid.tmp
c:\documents and settings\emilie\Recent\kernel32.exe
c:\documents and settings\emilie\Recent\pal.sys
c:\documents and settings\emilie\Recent\PE.dll
c:\documents and settings\emilie\Recent\PE.drv
c:\documents and settings\emilie\Recent\PE.sys
c:\documents and settings\emilie\Recent\PE.tmp
c:\documents and settings\emilie\Recent\tjd.drv
c:\documents and settings\emilie\Recent\tjd.exe
c:\documents and settings\emilie\Recent\tjd.sys
c:\windows\fprotect.dll
c:\windows\system32\drivers\mckpqunm.sys
c:\windows\system32\drivers\ooajsoiq.sys
c:\windows\system32\fprotect.dll
c:\windows\system32\tmp.reg
c:\windows\system32\utjmman.dll
c:\windows\system32\vmjkxxj.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CCDYBDMU
-------\Legacy_OOAJSOIQ
-------\Service_ccdybdmu
-------\Service_ooajsoiq
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-01 au 2010-10-01 ))))))))))))))))))))))))))))))))))))
.
2010-09-30 21:17 . 2010-10-01 06:32 -------- d-----w- c:\program files\Carifred
2010-09-30 20:26 . 2010-09-30 20:39 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2010-09-30 20:24 . 2010-09-30 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-09-30 16:13 . 2010-09-30 16:13 -------- d-----w- c:\windows\system32\Atheros_L1e
2010-09-30 15:57 . 2010-09-30 15:57 0 ----a-w- c:\windows\nsreg.dat
2010-09-30 15:57 . 2010-09-30 15:57 -------- d-----w- c:\documents and settings\emilie\Local Settings\Application Data\Mozilla
2010-09-30 14:13 . 2010-09-30 14:21 -------- d-----w- c:\program files\trend micro
2010-09-30 14:13 . 2010-09-30 14:13 -------- dc----w- C:\rsit
2010-09-30 10:59 . 2010-09-30 10:59 -------- d-----w- c:\program files\CCleaner
2010-09-30 07:39 . 2010-09-30 07:39 -------- d-----w- c:\documents and settings\emilie\Application Data\Malwarebytes
2010-09-30 07:38 . 2010-09-30 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-29 14:42 . 2010-09-29 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 14:42 . 2010-09-29 14:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-29 14:18 . 2010-09-29 14:18 -------- d-----w- c:\program files\Enigma Software Group
2010-09-29 14:17 . 2010-09-29 14:40 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-09-29 14:17 . 2010-09-29 14:17 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-09-29 13:59 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-29 13:59 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-29 13:59 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-29 13:59 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-29 13:59 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-29 13:59 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-29 13:59 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-29 13:59 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-29 13:59 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-25 17:57 . 2010-09-30 17:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-25 16:16 . 2010-09-25 16:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-09-25 14:36 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-09-25 14:08 . 2010-09-25 14:08 -------- d-----w- c:\windows\ServicePackFiles
2010-09-25 14:07 . 2010-09-30 13:36 -------- d-----w- c:\windows\EHome
2010-09-25 13:09 . 2010-09-25 13:09 -------- d-sh–w- c:\documents and settings\All Users\Application Data\MSFIS
2010-09-25 13:06 . 2010-09-25 13:06 -------- d-----w- c:\program files\Uniblue
2010-09-16 14:01 . 2010-09-16 14:01 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-16 14:00 . 2010-09-16 14:00 -------- d-sh–w- c:\documents and settings\LocalService\PrivacIE
2010-09-16 14:00 . 2010-09-16 14:00 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-09-16 14:00 . 2010-09-16 14:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-16 13:58 . 2010-09-16 14:01 -------- d-----w- c:\program files\Microsoft
2010-09-14 13:53 . 2010-09-14 13:53 -------- d-sh–w- c:\documents and settings\NetworkService\PrivacIE
2010-09-09 18:26 . 2010-09-09 18:26 -------- d-sh–w- c:\documents and settings\LocalService\IETldCache
2010-09-03 13:39 . 2010-09-03 13:39 -------- d-----r- c:\documents and settings\NetworkService\Favoris
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 07:17 . 2009-08-01 13:28 85834 ----a-w- c:\windows\system32\perfc00C.dat
2010-10-01 07:17 . 2009-08-01 13:28 512530 ----a-w- c:\windows\system32\perfh00C.dat
2010-10-01 06:24 . 2009-08-01 07:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-30 21:59 . 2009-08-01 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-30 16:13 . 2009-08-01 06:36 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-09-30 16:12 . 2009-11-13 15:43 49664 ----a-w- c:\windows\system32\drivers\l1c51x86.sys
2010-09-30 16:07 . 2009-08-01 06:40 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-30 14:59 . 2010-09-30 15:06 152984 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1036.dat
2010-09-30 12:33 . 2009-08-01 06:45 -------- d-----w- c:\program files\Packard Bell
2010-09-30 12:20 . 2009-12-25 20:41 -------- d-----w- c:\program files\WalterShop.com
2010-09-30 12:14 . 2009-08-01 06:46 -------- d-----w- c:\program files\Google
2010-09-29 14:50 . 2009-09-18 02:45 -------- d-----w- c:\program files\Video Web Camera
2010-09-29 13:59 . 2010-01-20 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-29 13:37 . 2010-09-14 13:40 112 ----a-w- c:\documents and settings\All Users\Application Data\kXoG1L3.dat
2010-09-24 09:44 . 2009-12-25 07:11 -------- d-----w- c:\program files\eMule
2010-09-24 09:34 . 2010-03-27 11:11 -------- d-----w- c:\documents and settings\emilie\Application Data\vlc
2010-09-17 15:44 . 2009-08-01 04:47 -------- d-----w- c:\program files\Services en ligne
2010-09-16 14:01 . 2009-08-01 07:06 -------- d-----w- c:\program files\Windows Live
2010-08-17 13:17 . 2009-08-01 13:28 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 10:23 . 2009-08-01 06:58 -------- d-----w- c:\program files\Microsoft Works
2010-08-14 10:17 . 2010-08-14 10:17 -------- d-----w- c:\program files\Fichiers communs\Java
2010-08-14 10:17 . 2010-04-28 14:59 -------- d-----w- c:\program files\Java
2010-08-12 19:34 . 2010-08-12 19:34 503808 ----a-w- c:\documents and settings\emilie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-31df2dce-n\msvcp71.dll
2010-08-12 19:34 . 2010-08-12 19:34 499712 ----a-w- c:\documents and settings\emilie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-31df2dce-n\jmc.dll
2010-08-12 19:34 . 2010-08-12 19:34 348160 ----a-w- c:\documents and settings\emilie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-31df2dce-n\msvcr71.dll
2010-08-12 19:34 . 2010-08-12 19:34 61440 ----a-w- c:\documents and settings\emilie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2abf09d3-n\decora-sse.dll
2010-08-12 19:34 . 2010-08-12 19:34 12800 ----a-w- c:\documents and settings\emilie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2abf09d3-n\decora-d3d.dll
2010-07-22 15:48 . 2009-08-01 13:28 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-04-28 15:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Fichiers communs\Java\Java Update\jusched .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA .exe
c:\program files\Realtek\Audio\Drivers\AzMixerSel .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Video Web Camera\traybar .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
</pre>
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” [2008-04-14 208952]
“PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2008-04-14 455168]
“PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2008-04-14 455168]
“avast5”=“c:\program files\Alwil Software\Avast5\avastUI.exe” [2010-09-07 2838912]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“FlashPlayerUpdate”=“c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe” [2010-08-14 232912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-02-15 04:45 208896 ----a-w- c:\windows\system32\igfxdev.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Messenger\msmsgs.exe”=
“c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
R0 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [30/09/2010 22:26 53248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/09/2010 15:59 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/09/2010 15:59 17744]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [13/11/2009 17:43 49664]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [18/09/2009 04:42 145152]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/08/2009 08:44 1684736]
S3 esgiguard;esgiguard;??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/12/2009 12:45 135664]
— Autres Services/Pilotes en mémoire —
NewlyCreated - OOAJSOIQ
Deregistered - ooajsoiq
.
Contenu du dossier ‘Tâches planifiées’
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 10:45]
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 10:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.fr…
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\emilie\Application Data\Mozilla\Firefox\Profiles\ncb1xzyl.default
FF - plugin: c:\documents and settings\emilie\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.السعودية”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled”, false);
.
-
-
-
- ORPHELINS SUPPRIMES - - - -
ShellIconOverlayIdentifiers-{5165526E-D165-4C81-900F-6D6A96A4D820} - (no file)
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2010-10-01 11:21
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
Scan terminé avec succès
Fichiers cachés: 0
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe”
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
[HKEY_LOCAL_MACHINE\software\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”
.
--------------------- DLLs chargées dans les processus actifs ---------------------
-
-
-
-
-
-
-
‘explorer.exe’(2164)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
.
Heure de fin: 2010-10-01 11:24:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-01 09:24
Avant-CF: 129 830 526 976 octets libres
Après-CF: 130 276 106 240 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP dition familiale” /noexecute=optin /fastdetect
-
- End Of File - - 44F7329A4C0C1EED97D58819AB31C515