ArtVie

Bonjour, J'ai été infecté par le Antivirus Studio 2010, et tel que j'ai vu sur les forums j'ai téléchargé Combofix.exe qui m'a sorti le rapport que je vous envoi ci-après pour avoir du conseil sur ce que je dois faire par la suite. Dans l'attente d'une réponse, j'envoi toute ma gratitude par avance à tous ceux qui prennent du temps pour aider ceux qui, comme moi, ne sont pas trop à la page en informatique. A bientôt. ComboFix 10-11-30.09 - compaq customer 01/12/2010 15:09:04.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.280 [GMT 1:00] Lancé depuis: c:\documents and settings\compaq customer\Bureau\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documents\Ma musique\Échantillons de musique\Desktop_.ini c:\documents and settings\All Users\Documents\Ma musique\Desktop_.ini c:\documents and settings\All Users\Documents\Ma musique\My Playlists\Desktop_.ini c:\documents and settings\All Users\Documents\Ma musique\Sample Playlists\000943D3\Desktop_.ini c:\documents and settings\All Users\Documents\Ma musique\Sample Playlists\Desktop_.ini c:\documents and settings\All Users\Documents\Mes images\Échantillons d'images\Desktop_.ini c:\documents and settings\All Users\Documents\Mes images\Desktop_.ini c:\documents and settings\All Users\Documents\Mes vidéos\Desktop_.ini c:\documents and settings\All Users\Documents\microsoft\Desktop_.ini c:\documents and settings\All Users\Documents\microsoft\IdentityCRL\Desktop_.ini c:\documents and settings\All Users\Documents\microsoft\IdentityCRL\production\Desktop_.ini c:\documents and settings\All Users\Documents\Pinnacle Studio\Data\Desktop_.ini c:\documents and settings\All Users\Documents\Pinnacle Studio\Data\Media\Desktop_.ini c:\documents and settings\All Users\Documents\Pinnacle Studio\Desktop_.ini c:\documents and settings\Artur\Application Data\AntiVirus 2010 c:\documents and settings\Artur\Application Data\AntiVirus 2010\AntiVirus_Studio_2010.exe c:\documents and settings\Artur\Application Data\AntiVirus 2010\securityhelper.exe c:\documents and settings\Artur\Application Data\completescan c:\documents and settings\Artur\Application Data\install c:\documents and settings\Artur\Application Data\jkdhk.bat c:\documents and settings\Artur\Application Data\MSA c:\documents and settings\Artur\Application Data\MSA\bbzzkzz16.exe c:\documents and settings\Artur\Application Data\MSA\userid.dat c:\documents and settings\Artur\Menu Démarrer\Programmes\AntiVirus 2010 c:\documents and settings\Artur\Menu Démarrer\Programmes\AntiVirus 2010\Activate AntiVirus 2010.lnk c:\documents and settings\Artur\Menu Démarrer\Programmes\AntiVirus 2010\AntiVirus 2010.lnk c:\documents and settings\Artur\Menu Démarrer\Programmes\AntiVirus 2010\Help AntiVirus 2010.lnk c:\documents and settings\Artur\Menu Démarrer\Programmes\AntiVirus 2010\How to Activate AntiVirus 2010.lnk c:\program files\\setup.exe c:\program files\Setup.exe c:\windows\system\Color c:\windows\system32\KGyGaAvL.sys c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-11-01 au 2010-12-01 )))))))))))))))))))))))))))))))))))) . 2010-11-29 16:33 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-11-29 16:33 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-11-29 16:33 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-11-29 16:33 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-11-29 16:33 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-11-29 16:33 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-11-29 16:33 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-11-29 16:33 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2010-11-29 16:33 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-11-29 16:33 . 2010-11-29 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-11-29 10:24 . 2010-11-29 10:24 -------- d-----w- C:\ARTVIE2 2010-11-29 08:13 . 2010-11-29 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-11-29 08:13 . 2010-11-29 16:20 -------- d-----w- c:\documents and settings\compaq customer\Local Settings\Application Data\NPE 2010-11-29 08:09 . 2010-11-29 08:13 5719408 ----a-w- c:\program files\NPE.exe 2010-11-29 07:53 . 2010-11-29 07:53 -------- d-----w- c:\documents and settings\compaq customer\Local Settings\Application Data\ApplicationHistory 2010-11-26 15:42 . 2010-11-26 15:42 -------- d-----w- c:\documents and settings\compaq customer\Application Data\NCH Swift Sound 2010-11-26 15:16 . 2010-11-26 15:16 -------- d-sh--w- c:\documents and settings\compaq customer\IECompatCache 2010-11-26 14:18 . 2010-11-26 14:18 -------- d-----w- c:\documents and settings\compaq customer\Application Data\SUPERAntiSpyware.com 2010-11-22 15:39 . 2010-11-22 15:39 -------- d-----w- c:\documents and settings\compaq customer\Application Data\OpenOffice.org 2010-11-22 15:39 . 2010-11-30 15:59 -------- d-----w- c:\documents and settings\compaq customer\Local Settings\Application Data\Adobe 2010-11-22 13:53 . 2010-11-22 13:53 -------- d-----w- c:\documents and settings\Artur\Local Settings\Application Data\Threat Expert 2010-11-22 13:48 . 2010-11-22 13:48 -------- d-----w- c:\documents and settings\compaq customer\Local Settings\Application Data\Threat Expert 2010-11-22 13:48 . 2010-11-22 13:48 -------- d-sh--w- c:\documents and settings\compaq customer\PrivacIE 2010-11-22 13:48 . 2010-11-22 13:48 -------- d-----w- c:\documents and settings\compaq customer\Local Settings\Application Data\Google 2010-11-22 11:45 . 2010-11-22 11:45 -------- d-----w- c:\documents and settings\compaq customer\Local Settings\Application Data\Apple Computer 2010-11-22 11:45 . 2010-11-22 11:45 -------- d-sh--w- c:\documents and settings\compaq customer\IETldCache 2010-11-22 11:39 . 2010-11-29 07:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-11-22 11:38 . 2010-11-22 13:42 -------- d-----w- c:\documents and settings\Administrateur 2010-11-22 07:20 . 2010-11-22 07:20 -------- d-sh--w- c:\documents and settings\Invité\PrivacIE 2010-11-22 07:19 . 2010-11-22 07:20 -------- d-----w- c:\documents and settings\Invité\Local Settings\Application Data\Google 2010-11-22 07:19 . 2010-11-22 07:19 -------- d-----w- c:\documents and settings\Invité\Local Settings\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 10:23 . 2004-08-05 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-05 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-05 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-05 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:50 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:50 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:50 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-02-08 10:57 . 2010-02-08 10:57 87349 ----a-w- c:\program files\msfoxact80.exe 2009-11-07 11:00 . 2009-07-18 15:49 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe 2009-11-06 18:52 . 2009-11-06 18:51 445088 ----a-w- c:\program files\msgr9fr.exe 2009-09-09 16:42 . 2009-09-09 16:41 20256208 ----a-w- c:\program files\installation_ie8msn-xp.exe 2009-08-20 09:03 . 2009-08-20 09:03 9817600 ----a-w- c:\program files\openofficeorg31.msi 2009-07-22 08:03 . 2009-07-22 08:03 1299975 ----a-w- c:\program files\wrar380fr.exe 2009-05-23 08:35 . 2009-05-23 08:35 359672 ----a-w- c:\program files\PartyPokerSetup.exe 2009-03-12 14:25 . 2009-03-12 14:23 26436040 ----a-w- c:\program files\SweetHome3D-1.6-windows.exe 2009-03-09 14:10 . 2009-03-09 14:09 434832 ----a-w- c:\program files\switchsetup.exe 2009-02-22 13:51 . 2008-09-15 16:20 15271226 ----a-w- c:\program files\Setup FASTCOMPTA.exe 2009-02-22 13:35 . 2009-02-26 09:00 6702664 ----a-w- c:\program files\Firebird-2.1.0.17798_0_Win32.exe 2008-09-24 11:46 . 2008-09-24 11:45 26596640 ----a-w- c:\program files\AdbeRdr90_fr_FR.exe 2008-09-11 14:11 . 2008-09-11 14:11 2928600 ----a-w- c:\program files\ccsetup211.exe 2008-09-11 11:46 . 2008-09-11 11:46 22847677 ----a-w- c:\program files\install.exe 2008-09-11 11:35 . 2008-09-11 11:35 600658 ----a-w- c:\program files\MILEC_CGWSetup.exe 2008-09-02 11:26 . 2008-09-02 11:25 9325024 ----a-w- c:\program files\winamp5541_full_emusic-7plus_fr-fr.exe 2008-07-22 09:52 . 2008-07-22 09:51 234062 ----a-w- c:\program files\imtranslatorie3.exe 2008-07-08 18:24 . 2008-07-09 06:24 134290536 ----a-w- c:\program files\OOo_2.4.1_Win32Intel_install_wJRE_fr.exe 2008-06-18 08:55 . 2006-01-17 14:45 24354672 ----a-w- c:\program files\setupfre.exe 2008-03-25 20:24 . 2008-03-25 20:24 59163944 ----a-w- c:\program files\iTunesSetup.exe 2008-03-25 20:06 . 2008-03-25 20:06 9085384 ----a-w- c:\program files\winamp552_full_emusic-7plus_fr-fr.exe 2006-01-23 09:55 . 2006-01-23 11:02 11648839 ----a-w- c:\program files\2.0.0.9-e20.exe 2004-10-01 14:00 . 2006-01-10 16:32 40960 ----a-w- c:\program files\Uninstall_CDS.exe 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-15 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Artur\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\compaq customer\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:cd6cd2264 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/11/2010 17:33 165584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/11/2010 17:33 17744] R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [15/09/2006 15:31 29156] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 09:23 135664] S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [09/11/2006 10:42 200320] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408] . Contenu du dossier 'Tâches planifiées' 2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:23] 2010-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:23] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.rue89.com/ mStart Page = search.net-studio.org IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Bricsys\Bricscad V10\BrxProtIE.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-12-01 15:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(852) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(4540) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\RUNDLL32.EXE c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Protexis\License Service\PSIService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wdfmgr.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\logitech\logitech webcam software\lu\lulnchr.exe c:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe . ************************************************************************** . Heure de fin: 2010-12-01 15:29:27 - La machine a redémarré ComboFix-quarantined-files.txt 2010-12-01 14:29 Avant-CF: 55 680 069 632 octets libres Après-CF: 60 336 623 616 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 215570A7371A9F14F9B96BFE9B20C20D