bsr
j'ai suivis les instruction de combofix et voila le rappor
ComboFix 09-05-02.3 - Administrateur 01/05/2009 23:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.741 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:16 . 2006-06-29 12:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-01 22:14 . 2009-05-01 22:16 -------- d-----w c:\windows\system32\XPSViewer
2009-05-01 22:14 . 2009-05-01 22:14 -------- d-----w c:\program files\MSBuild
2009-05-01 22:14 . 2009-05-01 22:14 -------- d-----w c:\program files\Reference Assemblies
2009-05-01 22:13 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-01 22:13 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-01 22:13 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-01 22:13 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-01 22:13 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-01 22:13 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-01 22:13 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-01 22:13 . 2009-05-01 22:13 -------- d-----w C:\a4f9d9f034bd12460ec78e5a9c
2009-05-01 19:14 . 2009-05-01 20:16 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 09:39 . 2009-05-01 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 09:39 . 2009-05-01 16:39 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-01 09:01 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 09:01 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 09:01 . 2009-05-01 09:01 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\program files\Avira
2009-04-30 15:33 . 2009-04-30 15:33 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-30 12:07 . 2009-04-30 12:07 -------- d-----w c:\program files\Lavasoft
2009-04-30 12:07 . 2009-04-30 12:07 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-30 09:43 . 2009-04-30 15:25 -------- d-----w c:\windows\LastGood
2009-04-29 20:15 . 2009-04-29 20:16 -------- d-----w c:\windows\LastGood.Tmp
2009-04-29 19:34 . 2009-04-29 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\Martau
2009-04-29 19:33 . 2009-04-29 19:33 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Martau
2009-04-29 19:33 . 2009-04-29 19:33 -------- d-----w c:\program files\Total Uninstall 4
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\windows\srchasst
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\windows\system32\xircom
2009-04-29 16:59 . 2009-04-29 16:59 -------- d-----w c:\program files\microsoft frontpage
2009-04-29 16:55 . 2009-04-29 16:55 -------- d-----w c:\windows\ServicePackFiles
2009-04-29 16:44 . 2009-04-29 16:44 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-28 16:44 . 2008-08-02 10:58 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-26 20:44 . 2007-11-30 11:18 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-26 20:44 . 2009-04-26 20:44 -------- d-----w c:\program files\MSXML 6.0
2009-04-26 16:35 . 2009-04-26 16:35 -------- d-----w c:\program files\WinEdt Team
2009-04-26 16:25 . 2009-04-26 20:50 -------- d-----w C:\a6a85916e420d51a50e17516f31662
2009-04-26 15:50 . 2009-04-26 16:23 -------- d-----w C:\2cdf034a13e4531fb5940a082f
2009-04-23 19:36 . 2009-04-23 19:36 -------- d-----w C:\RMD
2009-04-23 11:32 . 2001-08-17 20:56 7552 ----a-w c:\windows\system32\drivers\SONYPVU1.SYS
2009-04-16 18:29 . 2009-04-16 18:29 -------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2009-04-16 18:20 . 2009-04-16 18:20 -------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-04-10 10:07 . 2001-08-23 16:47 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-10 10:07 . 2001-08-23 16:47 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-10 10:07 . 2001-08-17 21:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-10 10:07 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-09 23:05 . 2009-04-09 23:05 -------- d-----w c:\program files\Fichiers communs\Skype
2009-04-09 10:00 . 2009-04-09 10:02 -------- d-----w c:\program files\EPSON
2009-04-08 12:02 . 2000-06-06 11:01 34304 ----a-w c:\windows\system32\EBPCHP.DLL
2009-04-08 12:02 . 2003-05-20 12:27 64000 ----a-w c:\windows\system32\ECBTEG.DLL
2009-04-08 11:36 . 2009-04-08 11:36 -------- d-----w c:\documents and settings\All Users\Application Data\UDL
2009-04-08 11:36 . 2003-07-02 00:00 131072 ----a-r c:\windows\system32\Epcmlib.dll
2009-04-06 20:41 . 2009-04-06 20:41 -------- d-----w C:\TreeTagger
2009-04-06 18:55 . 2003-07-15 23:14 31744 ----a-w c:\windows\system32\E_DCINST.DLL
2009-04-06 18:55 . 2001-09-03 12:04 182 ----a-w c:\windows\system32\EBPPORT4.DAT
2009-04-06 18:55 . 2003-09-25 11:12 76045 ----a-w c:\windows\system32\EBPMON24.DLL
2009-04-04 15:54 . 2009-04-29 21:46 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-04-03 12:56 . 2009-04-03 12:57 -------- d-----w c:\documents and settings\Administrateur\Application Data\XnView
2009-04-03 10:20 . 2004-06-14 12:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-04-03 08:35 . 2009-04-03 08:35 -------- d-----w c:\documents and settings\Administrateur\Application Data\Search Settings
2009-04-03 08:35 . 2009-04-03 08:36 -------- d-----w c:\documents and settings\Administrateur\Application Data\pdfforge
2009-04-02 23:29 . 2009-05-01 20:15 -------- d-----w c:\program files\pdfforge Toolbar
2009-04-02 23:24 . 2001-10-28 14:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-04-02 23:24 . 1998-07-12 23:08 119568 ----a-w c:\windows\system32\VB6FR.DLL
2009-04-02 23:24 . 1998-07-12 23:08 141312 ----a-w c:\windows\system32\MSCMCFR.DLL
2009-04-02 23:24 . 1998-07-12 23:08 59904 ----a-w c:\windows\system32\MSCC2FR.DLL
2009-04-02 23:24 . 1998-07-05 22:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-04-02 23:24 . 2009-04-02 23:29 -------- d-----w c:\program files\PDFCreator
2009-04-02 21:26 . 2009-04-02 21:26 -------- d-----w c:\program files\Ghostgum
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:15 . 2002-09-07 00:00 79930 ----a-w c:\windows\system32\perfc00C.dat
2009-05-01 22:15 . 2002-09-07 00:00 500790 ----a-w c:\windows\system32\perfh00C.dat
2009-04-30 13:45 . 2009-03-29 11:18 45488 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 07:25 . 2009-03-29 11:00 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-16 18:32 . 2009-03-29 11:02 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-09 23:05 . 2009-03-30 16:26 -------- d-----r c:\program files\Skype
2009-04-08 22:01 . 2009-03-30 16:28 -------- d-----w c:\program files\EasyPHP1-8
2009-04-08 12:03 . 2009-03-29 11:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 12:10 . 2009-04-01 12:10 -------- d-----w c:\program files\CCleaner
2009-03-31 18:28 . 2009-03-31 10:59 -------- d-----w c:\program files\LimeWire
2009-03-31 18:28 . 2009-03-31 10:50 -------- d-----w c:\program files\eMule
2009-03-31 12:57 . 2009-03-31 12:57 -------- d-----w c:\program files\Smallvideosoft
2009-03-31 12:54 . 2009-03-31 12:54 -------- d-----w c:\program files\BenQ
2009-03-31 12:48 . 2009-03-31 12:48 -------- d-----w c:\program files\ScanDrv6
2009-03-31 12:48 . 2009-03-29 11:08 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-03-31 11:16 . 2009-03-29 11:09 -------- d-----w c:\program files\QuickTime Alternative
2009-03-31 11:11 . 2009-03-31 11:11 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-03-31 11:11 . 2009-03-31 11:10 -------- d-----w c:\program files\Fichiers communs\Real
2009-03-31 11:10 . 2009-03-31 11:10 -------- d-----w c:\program files\Real
2009-03-30 21:26 . 2009-03-30 21:24 -------- d-----w c:\program files\madkit 3.1b4
2009-03-30 16:32 . 2009-03-30 16:30 -------- d-----w c:\program files\Weka-3-6
2009-03-30 16:32 . 2009-03-29 11:06 -------- d-----w c:\program files\Java
2009-03-30 16:29 . 2009-03-30 16:29 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-30 16:18 . 2009-03-30 15:55 -------- d--h--w c:\program files\Zero G Registry
2009-03-30 13:07 . 2009-03-29 11:10 -------- d-----w c:\program files\Winamp
2009-03-30 09:19 . 2009-03-29 10:57 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 21:27 . 2009-03-29 21:26 -------- d-----w c:\program files\Ontrack
2009-03-29 19:57 . 2009-03-29 11:08 -------- d-----w c:\program files\CyberLink
2009-03-29 19:56 . 2009-03-29 11:03 -------- d-----w c:\program files\SlySoft
2009-03-29 19:56 . 2009-03-29 11:02 -------- d-----w c:\program files\Fichiers communs\ACD Systems
2009-03-29 19:45 . 2009-03-29 19:44 26 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-03-29 19:44 . 2009-03-29 19:44 -------- d-----w c:\program files\Huawei Technologies
2009-03-29 11:45 . 2009-03-29 11:45 -------- d-----w c:\program files\Alwil Software
2009-03-29 11:14 . 2009-03-29 11:14 -------- d-----w c:\program files\Microsoft Works
2009-03-29 11:13 . 2009-03-29 11:13 -------- d-----w c:\program files\Microsoft.NET
2009-03-29 11:10 . 2009-03-29 11:10 -------- d-----w c:\program files\Media Player Classic
2009-03-29 11:09 . 2009-03-29 11:09 -------- d-----w c:\program files\Real Alternative
2009-03-29 11:06 . 2009-03-29 11:06 -------- d-----w c:\program files\Fichiers communs\Java
2009-03-29 11:04 . 2009-03-29 11:04 -------- d-----w c:\program files\MSN Messenger
2009-03-29 11:03 . 2009-03-29 11:03 -------- d-----w c:\program files\Nero
2009-03-29 11:03 . 2009-03-29 11:03 -------- d-----w c:\program files\Fichiers communs\Ahead
2009-03-29 11:02 . 2009-03-29 11:02 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-29 10:58 . 2009-03-29 10:58 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-29 10:57 . 2002-09-07 00:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-29 10:57 . 2009-03-29 10:57 -------- d-----w c:\program files\Services en ligne
2009-03-29 10:55 . 2009-03-29 10:55 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-29 10:55 . 2009-03-29 10:55 -------- d-----w c:\program files\Desktop
2009-03-29 10:54 . 2009-03-29 10:54 -------- d-----w c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
[7] 2004-08-03 22:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-06-26 20:18 360576 C7BE59B07C6EB74BEA6FD67C1B164015 c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\icon_TMP\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\LastGood.Tmp\explorer.exe
[-] 2004-08-19 15:09 1227264 FB535EC44E40469149A18BC55D6A8587 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 04:54 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows\system_backup\explorer.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\icon_TMP\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\LastGood.Tmp\system32\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2007-06-14 14:31 80216 C7BCEA1533BE5C9E15884D6C39B667F1 c:\windows\system32\wuauclt.exe
[7] 2007-06-14 14:31 53080 3A83A45E7DD5276315AA20245E7C32BF c:\windows\system_backup\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-06-26 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FONTCACHE3.0.0.0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2005c73f-25b6-11de-801a-007304445857}]
\Shell\AutoRun\command - sasyg1y8.com
\Shell\explore\Command - sasyg1y8.com
\Shell\open\Command - sasyg1y8.com
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {EE5B006C-C76F-4CA9-B135-42F788DC22A3} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Vous devez être
connecté pour voir les liens.
Rootkit scan 2009-05-01 23:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D786AE-0BAD-5981-8AF6-8A48DE8BC981}\InProcServer32*]
"oaggneeplefabdmbegkegedfmnjleg"=hex:6a,61,61,6c,67,68,68,64,6d,69,67,64,6b,67,
6e,61,65,66,68,65,00,00
"nagghfmjnlglkcokajkbkhefjepm"=hex:6a,61,61,6c,67,68,68,64,6d,69,67,64,6b,67,
6e,61,65,66,68,65,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
.
Heure de fin: 2009-05-01 23:47
ComboFix-quarantined-files.txt 2009-05-01 22:46
Avant-CF: 76 638 576 640 octets libres
Après-CF: 76 733 755 392 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
237
merci