pat71

mon ordi était infecté par personal shield pro, j'ai lancé COMBOFIX, voici le rapport d'erreurs dites moi s'il y a autre chose à faire. merci ComboFix 11-07-15.03 - Home 16/07/2011 23:51:27.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1516 [GMT 2:00] Running from: c:\documents and settings\Home\Bureau\ComboFix.exe AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\eM09801EmInM09801 c:\documents and settings\All Users\Application Data\eM09801EmInM09801\eM09801EmInM09801 c:\documents and settings\All Users\Application Data\eM09801EmInM09801\eM09801EmInM09801.exe c:\documents and settings\Home\Application Data\Adobe\plugs c:\documents and settings\Home\Application Data\Adobe\plugs\mmc17605312.txt c:\documents and settings\Home\Application Data\Adobe\plugs\mmc215.exe c:\documents and settings\Home\Application Data\Adobe\plugs\mmc91.exe c:\documents and settings\Home\Application Data\Adobe\shed c:\documents and settings\Home\Application Data\Adobe\shed\thr1.chm c:\documents and settings\Home\Application Data\alot c:\documents and settings\Home\Application Data\alot\Button_0\Button_0.xml c:\documents and settings\Home\Application Data\alot\Button_0\Button_0.xml.backup c:\documents and settings\Home\Application Data\alot\Button_1\Button_1.xml c:\documents and settings\Home\Application Data\alot\Button_1\Button_1.xml.backup c:\documents and settings\Home\Application Data\alot\Button_2\Button_2.xml c:\documents and settings\Home\Application Data\alot\Button_2\Button_2.xml.backup c:\documents and settings\Home\Application Data\alot\Button_3\Button_3.xml c:\documents and settings\Home\Application Data\alot\Button_3\Button_3.xml.backup c:\documents and settings\Home\Application Data\alot\Button_4\Button_4.xml c:\documents and settings\Home\Application Data\alot\Button_4\Button_4.xml.backup c:\documents and settings\Home\Application Data\alot\Button_5\Button_5.xml c:\documents and settings\Home\Application Data\alot\Button_5\Button_5.xml.backup c:\documents and settings\Home\Application Data\alot\Button_6\Button_6.xml c:\documents and settings\Home\Application Data\alot\Button_6\Button_6.xml.backup c:\documents and settings\Home\Application Data\alot\Button_7\Button_7.xml c:\documents and settings\Home\Application Data\alot\Button_7\Button_7.xml.backup c:\documents and settings\Home\Application Data\alot\Button_8\Button_8.xml c:\documents and settings\Home\Application Data\alot\Button_8\Button_8.xml.backup c:\documents and settings\Home\Application Data\alot\Button_9\Button_9.xml c:\documents and settings\Home\Application Data\alot\Button_9\Button_9.xml.backup c:\documents and settings\Home\Application Data\alot\configurator\configurator.xml c:\documents and settings\Home\Application Data\alot\configurator\configurator.xml.backup c:\documents and settings\Home\Application Data\alot\contextMenu\contextMenu.xml c:\documents and settings\Home\Application Data\alot\contextMenu\contextMenu.xml.backup c:\documents and settings\Home\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml c:\documents and settings\Home\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml.backup c:\documents and settings\Home\Application Data\alot\postInstallLayout\postInstallLayout.xml c:\documents and settings\Home\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup c:\documents and settings\Home\Application Data\alot\products\products.xml c:\documents and settings\Home\Application Data\alot\products\products.xml.backup c:\documents and settings\Home\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html c:\documents and settings\Home\Application Data\alot\Resources\BrowserSearch\images\favicon.ico c:\documents and settings\Home\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_0\images\alot_logo_button.png c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_image_search.png c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_news_search.png c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_search_button.png c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_shop_search.png c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_videos_search.png c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_1\images\alot_web_search.png c:\documents and settings\Home\Application Data\alot\Resources\Button_2\images\alot_configure.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_2\images\alot_configure.png c:\documents and settings\Home\Application Data\alot\Resources\Button_3\images\default_5119_alot_weather_widget.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_3\images\default_5119_alot_weather_widget.png c:\documents and settings\Home\Application Data\alot\Resources\Button_4\images\3321_icon.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_4\images\3321_icon.png c:\documents and settings\Home\Application Data\alot\Resources\Button_5\images\3320_icon.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_5\images\3320_icon.png c:\documents and settings\Home\Application Data\alot\Resources\Button_6\images\3319_icon.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_6\images\3319_icon.png c:\documents and settings\Home\Application Data\alot\Resources\Button_7\images\4001_icon.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_7\images\4001_icon.png c:\documents and settings\Home\Application Data\alot\Resources\Button_8\images\4352_icon.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_8\images\4352_icon.png c:\documents and settings\Home\Application Data\alot\Resources\Button_9\images\4131_icon.bmp c:\documents and settings\Home\Application Data\alot\Resources\Button_9\images\4131_icon.png c:\documents and settings\Home\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp c:\documents and settings\Home\Application Data\alot\Resources\contextMenu\images\alot_icon.png c:\documents and settings\Home\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp c:\documents and settings\Home\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png c:\documents and settings\Home\Application Data\alot\Resources\Shared\domains.dat c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\alot_brand.png c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\alot_splitter.png c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\discover.png c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\intro_popup.png c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\spinner.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_bottom.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_caption.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_error_close.bmp c:\documents and settings\Home\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp c:\documents and settings\Home\Application Data\alot\TimerManager\TimerManager.xml c:\documents and settings\Home\Application Data\alot\TimerManager\TimerManager.xml.backup c:\documents and settings\Home\Application Data\alot\toolbar.xml c:\documents and settings\Home\Application Data\alot\toolbar.xml.backup c:\documents and settings\Home\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml c:\documents and settings\Home\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup c:\documents and settings\Home\Application Data\alot\ToolbarSearch\ToolbarSearch.xml c:\documents and settings\Home\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup c:\documents and settings\Home\Application Data\alot\Updater\Updater.xml c:\documents and settings\Home\Application Data\alot\Updater\Updater.xml.backup c:\documents and settings\Home\Application Data\dwm.exe c:\documents and settings\Home\Application Data\Microsoft\conhost.exe c:\documents and settings\Home\WINDOWS c:\windows\ejederot.dll c:\windows\gne2pan.dll c:\windows\system32\crt.dat c:\windows\system32\cryptnet32.dll c:\windows\system32\Dll.dll c:\windows\system32\drivers\str.sys c:\windows\system32\shimg.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 ))))))))))))))))))))))))))))))) . . 2011-07-16 21:26 . 2011-07-16 21:33 -------- d-----w- C:\32788R22FWJFW 2011-07-16 14:04 . 2011-07-16 14:04 0 ---ha-w- c:\documents and settings\Home\Local Settings\Application Data\BITB.tmp 2011-07-16 11:44 . 2011-07-16 11:44 189 ----a-w- c:\documents and settings\Home\Application Data\Microsoft\gb_61937.bat 2011-07-15 21:11 . 2011-07-15 21:11 0 ---ha-w- c:\documents and settings\Home\Local Settings\Application Data\BIT9.tmp 2011-07-15 17:23 . 2011-07-15 17:23 0 ---ha-w- c:\documents and settings\Home\Local Settings\Application Data\BIT6.tmp 2011-06-25 15:49 . 2011-06-25 15:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-15 39408] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "Face-Plus"="c:\program files\faceplus\pre_faceplus.exe" [2010-07-21 32768] "BlackBerryAutoUpdate"="c:\program files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960] "RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] . c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] . c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] . c:\documents and settings\Home\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [16/02/2010 21:22 234304] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [26/07/2010 18:23 27632] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [26/01/2010 17:02 468768] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2010 18:35 135664] S2 wtmstmsxbt;wtmstmsxbt;"c:\docume~1\Home\LOCALS~1\Temp\DAT1C3.tmp.exe" --SERVICE --> c:\docume~1\Home\LOCALS~1\Temp\DAT1C3.tmp.exe [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [26/07/2010 18:23 13224] S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2010 18:35 135664] . Contents of the 'Scheduled Tasks' folder . 2011-07-16 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43] . 2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 16:34] . 2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.orange.fr/ uInternet Settings,ProxyServer = http=127.0.0.1:53717 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Power2GoExpress - (no file) HKCU-Run-uTYNEsbrvPE - c:\documents and settings\All Users\Application Data\uTYNEsbrvPE.exe HKCU-Run-Mpico - c:\windows\gne2pan.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-17 00:37 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4668) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\faceplus\faceplus.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\eHome\ehmsas.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Internet Explorer\IEXPLORE.EXE . ************************************************************************** . Completion time: 2011-07-17 00:52:47 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-16 22:52 . Pre-Run: 235 502 510 080 octets libres Post-Run: 236 267 696 128 octets libres . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 1B3C9E4F8D88AC3EF0098FE74FF842B1