analyse rapport combofix

[sooprano]

salut bon quoi dire bon mon pc s'est infecté par virus autrun ainsi mon antivirus ne peut pas le supprimer s'il vous plait aidez moi

voila mon rapport ComboFix

ComboFix 09-03-31.01 - mehdi 2009-03-31 22:17:28.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.1.1036.18.2047.1680 [GMT 2:00]
Lancé depuis: c:\documents and settings\mehdi\Bureau\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((   Fichiers créés du 2009-02-28 au 2009-03-31  ))))))))))))))))))))))))))))))))))))
.

2009-03-29 23:13 . 2009-03-29 23:13	<REP>	d--------	c:\program files\Java
2009-03-29 23:13 . 2009-03-29 23:13	410,984	--a------	c:\windows\system32\deploytk.dll
2009-03-29 23:13 . 2009-03-29 23:13	73,728	--a------	c:\windows\system32\javacpl.cpl
2009-03-29 14:41 . 2009-03-29 14:50	<REP>	d--------	c:\program files\EasyPHP1-8
2009-03-29 14:39 . 2009-03-29 14:39	<REP>	d--------	c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-29 13:40 . 2008-04-07 05:38	45,392	-ra------	c:\windows\system32\AdobePDF.dll
2009-03-29 13:40 . 2008-04-07 05:38	22,872	-ra------	c:\windows\system32\AdobePDFUI.dll
2009-03-29 13:11 . 2009-03-29 13:11	<REP>	d--------	c:\program files\Fichiers communs\Macrovision Shared
2009-03-29 02:22 . 2009-03-29 02:22	<REP>	d--------	C:\ATI
2009-03-29 00:14 . 2009-03-29 00:14	<REP>	d--------	c:\program files\VIA
2009-03-29 00:08 . 2008-12-21 00:46	6,066,688	-----c---	c:\windows\system32\dllcache\ieframe.dll
2009-03-29 00:08 . 2007-04-17 11:32	2,455,488	-----c---	c:\windows\system32\dllcache\ieapfltr.dat
2009-03-29 00:08 . 2007-03-08 07:10	1,048,576	-----c---	c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-29 00:08 . 2008-12-21 00:46	459,264	-----c---	c:\windows\system32\dllcache\msfeeds.dll
2009-03-29 00:08 . 2008-12-21 00:46	383,488	-----c---	c:\windows\system32\dllcache\ieapfltr.dll
2009-03-29 00:08 . 2008-12-21 00:46	267,776	-----c---	c:\windows\system32\dllcache\iertutil.dll
2009-03-29 00:08 . 2008-12-21 00:46	63,488	-----c---	c:\windows\system32\dllcache\icardie.dll
2009-03-29 00:08 . 2008-12-21 00:46	52,224	-----c---	c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-29 00:08 . 2008-12-19 11:10	13,824	-----c---	c:\windows\system32\dllcache\ieudinit.exe
2009-03-28 23:29 . 2009-03-29 00:08	<REP>	d--------	c:\windows\system32\fr-fr
2009-03-28 23:29 . 2009-03-28 23:29	<REP>	d--------	c:\windows\system32\fr
2009-03-28 23:29 . 2009-03-28 23:29	<REP>	d--------	c:\windows\system32\bits
2009-03-28 23:29 . 2009-03-28 23:29	<REP>	d--------	c:\windows\l2schemas
2009-03-28 23:26 . 2009-03-28 23:26	<REP>	d--------	c:\windows\ServicePackFiles
2009-03-28 23:21 . 2009-03-28 23:21	<REP>	d--------	c:\program files\ma-config.com
2009-03-28 23:21 . 2009-03-28 23:21	<REP>	d--------	c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-28 20:37 . 2004-08-03 23:41	1,309,184	---------	c:\windows\system32\drivers\mtlstrm.sys
2009-03-28 20:36 . 2009-03-28 20:36	<REP>	d--------	c:\program files\Fichiers communs\Adobe AIR
2009-03-28 20:36 . 2009-03-28 20:36	<REP>	d--------	c:\program files\AdobeSupportAdvisor
2009-03-28 20:36 . 2009-03-28 20:36	<REP>	d--------	c:\documents and settings\mehdi\Application Data\AdobeSupportAdvisor.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-28 19:58 . 2004-03-02 10:56	50,007	-ra------	c:\windows\system32\drivers\adildr.sys
2009-03-28 19:33 . 2008-06-14 19:33	272,768	-----c---	c:\windows\system32\dllcache\bthport.sys
2009-03-28 19:31 . 2008-10-16 03:01	1,499,648	-----c---	c:\windows\system32\dllcache\shdocvw.dll
2009-03-28 19:31 . 2008-12-21 00:47	1,160,192	-----c---	c:\windows\system32\dllcache\urlmon.dll
2009-03-28 19:31 . 2008-12-21 00:47	826,368	-----c---	c:\windows\system32\dllcache\wininet.dll
2009-03-28 19:28 . 2009-03-28 19:28	<REP>	d--------	c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-28 19:24 . 2008-08-14 15:23	2,191,232	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-28 19:24 . 2008-08-14 15:23	2,147,328	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-28 19:24 . 2008-08-14 15:23	2,068,096	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-28 19:24 . 2008-08-14 15:23	2,025,984	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-28 19:23 . 2009-01-16 21:15	3,594,752	-----c---	c:\windows\system32\dllcache\mshtml.dll
2009-03-28 19:21 . 2009-03-28 19:21	<REP>	d---s----	c:\documents and settings\mehdi\UserData
2009-03-28 19:18 . 2008-05-08 16:02	203,136	-----c---	c:\windows\system32\dllcache\rmcast.sys
2009-03-28 19:17 . 2008-10-24 13:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys
2009-03-28 19:17 . 2008-12-11 12:57	333,952	-----c---	c:\windows\system32\dllcache\srv.sys
2009-03-28 19:16 . 2009-03-28 19:16	<REP>	d--------	c:\program files\VideoLAN
2009-03-28 19:16 . 2009-03-28 19:16	<REP>	d--------	c:\documents and settings\mehdi\Application Data\vlc
2009-03-28 19:16 . 2008-04-11 21:05	691,712	-----c---	c:\windows\system32\dllcache\inetcomm.dll
2009-03-28 19:16 . 2008-05-01 16:36	331,776	-----c---	c:\windows\system32\dllcache\msadce.dll
2009-03-28 19:15 . 2008-09-04 19:16	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll
2009-03-28 19:15 . 2008-10-15 18:35	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll
2009-03-28 19:14 . 2009-03-28 19:14	<REP>	d--------	c:\program files\Real
2009-03-28 19:14 . 2009-03-28 19:14	<REP>	d--------	c:\program files\Fichiers communs\xing shared
2009-03-28 19:14 . 2009-03-28 19:14	<REP>	d--------	c:\program files\Fichiers communs\Real
2009-03-28 19:14 . 2009-03-28 19:14	499,712	--a------	c:\windows\system32\msvcp71.dll
2009-03-28 19:14 . 2009-03-28 19:14	348,160	--a------	c:\windows\system32\msvcr71.dll
2009-03-28 19:13 . 2009-03-30 01:31	<REP>	d--h-----	c:\windows\$hf_mig$
2009-03-28 19:13 . 2007-08-10 09:18	26,488	--a------	c:\windows\system32\spupdsvc.exe
2009-03-28 19:10 . 2009-03-28 19:11	<REP>	d--------	c:\program files\DivX
2009-03-28 19:10 . 2009-03-28 19:10	<REP>	d--------	c:\program files\Ares
2009-03-28 19:06 . 2009-03-31 22:03	3	--a------	C:\data.ini
2009-03-28 19:05 . 2009-03-28 19:28	<REP>	d--------	c:\windows\nview
2009-03-28 19:05 . 2006-10-22 06:22	7,700,480	-ra------	c:\windows\system32\nvcpl.bak
2009-03-28 19:05 . 2007-04-02 06:40	1,011,712	-ra------	c:\windows\system32\nvcpluir.dll
2009-03-28 19:05 . 2006-08-26 09:29	481,792	-ra------	c:\windows\system32\Rscmpt.exe
2009-03-28 19:05 . 2006-10-22 06:22	208,896	--a------	c:\windows\system32\nvudisp.exe
2009-03-28 19:05 . 2009-03-29 01:57	88,566	--a------	c:\windows\system32\nvapps.xml
2009-03-28 19:05 . 2008-12-03 11:57	57,425	-ra------	c:\windows\system32\vdesk32.exe
2009-03-28 19:05 . 2007-11-05 06:38	38,580	-ra------	c:\windows\system32\sys_en.xsl
2009-03-28 19:05 . 2006-10-22 06:22	17,056	--a------	c:\windows\system32\nvdisp.nvu
2009-03-28 19:01 . 2008-04-14 04:31	13,463,552	--a--c---	c:\windows\system32\dllcache\hwxjpn.dll
2009-03-28 17:58 . 2009-03-28 17:58	0	--a------	c:\windows\nsreg.dat
2009-03-28 17:57 . 2009-03-28 17:57	<REP>	d--------	c:\windows\system32\Adobe
2009-03-28 17:57 . 2009-03-28 17:57	<REP>	d--------	c:\program files\Fichiers communs\Vbox
2009-03-28 17:57 . 2001-11-14 21:19	16,384	--a------	c:\windows\system32\FileOps.exe
2009-03-28 17:56 . 2009-03-28 17:56	<REP>	d--------	c:\windows\Adobe Illustrator CS
2009-03-28 17:53 . 2009-03-28 17:53	<REP>	d--------	c:\windows\system32\QuickTime
2009-03-28 17:52 . 2009-03-28 17:54	<REP>	d--------	c:\windows\Downloaded Installations
2009-03-28 17:52 . 2009-03-28 17:54	<REP>	d--------	c:\program files\Macromedia
2009-03-28 17:52 . 2009-03-28 17:54	<REP>	d--------	c:\program files\Fichiers communs\Macromedia
2009-03-28 17:46 . 2009-03-28 17:46	<REP>	d--------	c:\program files\Fichiers communs\Adobe Systems Shared
2009-03-28 17:46 . 2009-03-28 17:46	<REP>	d--------	c:\documents and settings\All Users\Application Data\Adobe Systems
2009-03-28 17:44 . 2009-03-31 22:04	<REP>	d--------	c:\program files\ESET
2009-03-28 17:44 . 2009-03-28 17:44	512,096	--a------	c:\windows\system32\drivers\amon.sys
2009-03-28 17:44 . 2009-03-28 17:44	298,104	--a------	c:\windows\system32\imon.dll
2009-03-28 17:44 . 2009-03-28 17:44	15,424	--a------	c:\windows\system32\drivers\nod32drv.sys

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 12:15	---------	d-----w	c:\program files\Fichiers communs\Adobe
2009-03-29 00:22	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-28 15:55	---------	d-----w	c:\program files\Fichiers communs\InstallShield
2009-03-28 14:42	---------	d-----w	c:\program files\Menara
2009-03-28 13:49	---------	d-----w	c:\program files\microsoft frontpage
2009-03-28 13:47	---------	d-----w	c:\program files\Services en ligne
2009-02-09 14:05	1,846,912	----a-w	c:\windows\system32\win32k.sys
2008-12-20 22:47	826,368	----a-w	c:\windows\system32\wininet.dll
2008-12-05 06:57	144,896	----a-w	c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-26 893440]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-28 949376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-28 185896]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe_ID0ENQBO"="c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\mehdi\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

c:\documents and settings\mehdi\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

c:\documents and settings\mehdi\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 110592]
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2009-03-28 966756]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-03-28 15424]
S2 Display Desktop 32 Service;Display Desktop 32 Service;c:\windows\system32\vdesk32.exe [2009-03-28 57425]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.menara.ma
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
LSP: c:\windows\system32\imon.dll
TCP: {558706D2-516A-4526-B5E2-8B512AD3899B} = 62.251.229.237 62.251.229.223
FF - ProfilePath - c:\documents and settings\mehdi\Application Data\Mozilla\Firefox\Profiles\w7p1c786.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - plugin: c:\documents and settings\mehdi\Application Data\Mozilla\Firefox\Profiles\w7p1c786.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 22:18:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Heure de fin: 2009-03-31 22:19:55
ComboFix-quarantined-files.txt  2009-03-31 20:19:52

Avant-CF: 19,214,114,816 octets libres
Après-CF: 19,861,282,816 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

203	--- E O F ---	2009-03-29 23:31:32

[Gof]

Bonjour sooprano

 

ComboFix a traité ton infection. Mais elle est certainement présente sur un de tes supports externes : disque dur externe, clé usb, cartes flash, lecteur MP3, etc.

 

Il te faut donc brancher tous tes supports sans les ouvrir. Puis, relancer Combofix. Poste à la suite le rapport généré.