Bagle ou poster les rapports
gnark
-
gnark -
gnark -
Bonjour,
je vous contacte car j'ai besoin d'un expert pour vérifier certains rapports comme celui de combofix au sujet du virus bagle.
Sachant que j'ai déjà utilisé findykill, et depuis beaucoup de choses sont revenues à la normale.
Mais j'aimerais être sur de l'avoir complètement supprimé.
Donc ma question: où puis-je poster mon rapport pour qu'il puisse être analysé par un connaisseur?
Merci.
je vous contacte car j'ai besoin d'un expert pour vérifier certains rapports comme celui de combofix au sujet du virus bagle.
Sachant que j'ai déjà utilisé findykill, et depuis beaucoup de choses sont revenues à la normale.
Mais j'aimerais être sur de l'avoir complètement supprimé.
Donc ma question: où puis-je poster mon rapport pour qu'il puisse être analysé par un connaisseur?
Merci.
A voir également:
- Bagle ou poster les rapports
- Comment poster une vidéo sur tiktok - Guide
- Easy poster printer - Télécharger - Divers Photo & Graphisme
- Site pour poster des photos - Guide
- Poster razor - Télécharger - Divers Photo & Graphisme
- Comment poster plusieurs photos sur instagram - Guide
1 réponse
Bon et bien je poste le rapport de combofix et on verra si quelqu'un me donne une réponse.
ComboFix 09-01-11.04 - gnark 2009-01-13 10:02:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1163 [GMT 3:00]
Lancé depuis: c:\users\gnark\Desktop\bibitte.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-13 au 2009-01-13 ))))))))))))))))))))))))))))))))))))
.
2009-01-13 09:24 . 2009-01-13 09:24 <REP> d-------- C:\PerfLogs
2009-01-11 16:00 . 2009-01-11 16:00 56 --ah----- c:\windows\System32\ezsidmv.dat
2009-01-11 12:26 . 2009-01-11 13:12 <REP> d-------- c:\windows\BDOSCAN8
2009-01-10 15:40 . 2009-01-10 20:41 <REP> d-------- c:\users\gnark\Tracing
2009-01-10 15:38 . 2009-01-10 15:38 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-10 15:38 . 2009-01-10 15:38 <REP> d-------- c:\program files\Microsoft
2009-01-10 15:22 . 2009-01-10 15:22 <REP> d-------- c:\program files\Common Files\Windows Live
2009-01-09 12:32 . 2009-01-09 12:32 <REP> d-------- c:\program files\AviSynth 2.5
2009-01-09 12:31 . 2009-01-09 12:31 <REP> d-------- c:\program files\eRightSoft
2009-01-09 12:03 . 2009-01-09 12:03 <REP> d-------- c:\program files\Search Settings
2009-01-09 12:02 . 2009-01-09 12:02 <REP> d-------- c:\program files\Dealio
2009-01-09 12:00 . 2009-01-09 12:00 <REP> d-------- c:\program files\Free Audio Pack
2009-01-09 12:00 . 2004-03-08 23:00 662,288 --a------ c:\windows\System32\MSCOMCT2.OCX
2009-01-08 19:38 . 2009-01-08 19:38 96,976 --a------ c:\windows\System32\drivers\klin.dat
2009-01-08 19:38 . 2009-01-08 19:38 87,855 --a------ c:\windows\System32\drivers\klick.dat
2009-01-08 19:37 . 2009-01-13 09:37 <REP> d-------- c:\users\All Users\Kaspersky Lab
2009-01-08 19:37 . 2009-01-13 09:37 <REP> d-------- c:\programdata\Kaspersky Lab
2009-01-08 19:37 . 2009-01-08 19:37 <REP> d-------- c:\program files\Kaspersky Lab
2009-01-08 19:37 . 2009-01-13 09:38 3,222,048 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-01-08 19:37 . 2009-01-13 09:38 434,208 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-01-08 19:37 . 2009-01-13 09:37 27,300 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-01-08 19:37 . 2009-01-13 09:35 3,612 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-01-08 15:43 . 2009-01-08 15:43 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2009-01-08 14:36 . 2009-01-08 14:36 <REP> d-------- c:\program files\Trend Micro
2009-01-08 14:32 . 2009-01-11 11:13 <REP> d-------- c:\program files\FindyKill
2009-01-08 14:06 . 2009-01-08 14:06 <REP> d-------- c:\users\gnark\AppData\Roaming\Malwarebytes
2009-01-08 14:06 . 2009-01-08 14:06 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-08 14:06 . 2009-01-08 14:06 <REP> d-------- c:\programdata\Malwarebytes
2009-01-08 14:06 . 2009-01-08 14:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 14:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-08 14:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-08 13:59 . 2009-01-08 13:59 <REP> d-------- C:\VundoFix Backups
2009-01-08 13:05 . 2009-01-08 13:05 <REP> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-01-08 13:05 . 2009-01-08 13:05 <REP> d-------- c:\programdata\Kaspersky Lab Setup Files
2009-01-08 11:45 . 2009-01-08 11:45 <REP> d-------- c:\windows\Sun
2009-01-08 11:34 . 2009-01-08 11:38 <REP> d-------- C:\Combo-Fix
2009-01-08 08:58 . 2005-02-27 21:48 356,352 --a------ c:\windows\System32\RealMediaSplitter.ax
2009-01-08 08:40 . 2009-01-08 08:40 <REP> d-------- c:\program files\Real
2009-01-08 08:40 . 2009-01-08 08:40 <REP> d-------- c:\program files\Common Files\xing shared
2009-01-08 08:40 . 2009-01-08 08:40 <REP> d-------- c:\program files\Common Files\Real
2008-12-26 10:24 . 2008-12-26 10:23 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-25 18:01 . 2008-12-25 18:10 <REP> d-------- c:\users\gnark\AppData\Roaming\Mp3tag
2008-12-25 18:01 . 2008-12-25 18:01 <REP> d-------- c:\program files\Mp3tag
2008-12-25 16:04 . 2009-01-09 11:43 <REP> d-------- c:\program files\bwin
2008-12-25 14:37 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-12-25 14:36 . 2008-12-25 14:36 <REP> d-------- c:\program files\SanDisk
2008-12-25 14:36 . 2008-10-14 12:01 14,608 --a------ c:\windows\System32\iviaspi.sys
2008-12-25 13:53 . 2008-12-25 13:53 <REP> d-------- c:\users\gnark\AppData\Roaming\SanDisk
2008-12-14 13:49 . 2009-01-11 22:15 <REP> d-------- c:\users\gnark\AppData\Roaming\BSW
2008-12-14 13:48 . 2008-12-14 13:48 <REP> d-------- c:\program files\Sun
2008-12-14 13:46 . 2008-12-26 10:23 <REP> d-------- c:\program files\Java
2008-12-14 13:40 . 2008-12-14 13:40 <REP> d-------- c:\program files\Common Files\Java
2008-12-13 09:52 . 2007-06-25 12:00 2,076 --a------ C:\ASUS_94520049.icm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 06:34 174 --sha-w c:\program files\desktop.ini
2009-01-13 06:25 --------- d-----w c:\program files\Windows Sidebar
2009-01-13 06:25 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-13 06:25 --------- d-----w c:\program files\Windows Mail
2009-01-13 06:25 --------- d-----w c:\program files\Windows Journal
2009-01-13 06:25 --------- d-----w c:\program files\Windows Defender
2009-01-13 06:25 --------- d-----w c:\program files\Windows Collaboration
2009-01-13 06:25 --------- d-----w c:\program files\Windows Calendar
2009-01-13 06:11 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-13 06:11 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-11 19:14 --------- d-----w c:\users\gnark\AppData\Roaming\Skype
2009-01-11 13:00 --------- d-----w c:\users\gnark\AppData\Roaming\skypePM
2009-01-10 12:37 --------- d-----w c:\program files\Windows Live
2009-01-09 09:45 --------- d-----w c:\users\gnark\AppData\Roaming\dvdcss
2009-01-08 10:11 --------- d-----w c:\programdata\Symantec
2008-12-25 11:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 00:08 --------- d-----w c:\programdata\Microsoft Help
2008-12-11 11:54 --------- d-----w c:\program files\WinamaxPoker
2008-12-02 19:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-23 11:49 --------- d-----w c:\program files\MSBuild
2008-11-23 11:49 --------- d-----w c:\program files\Microsoft Works
2008-11-23 11:47 --------- d-----w c:\program files\Microsoft.NET
2008-11-23 11:45 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-11-22 16:49 --------- d-----w c:\program files\7-Zip
2008-11-14 05:13 --------- d-----w c:\program files\Common Files\Adobe
2008-11-13 17:00 --------- d-----w c:\users\gnark\AppData\Roaming\vlc
2008-11-13 12:14 --------- d-----w c:\programdata\eMule
2008-11-13 06:39 --------- d-----w c:\program files\VideoLAN
2008-11-13 06:31 --------- d-----w c:\program files\eMule
2008-11-13 06:15 269,312 ----a-w c:\windows\System32\es.dll
2008-11-13 06:15 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2008-11-13 06:14 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-11-13 06:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2008-11-13 06:14 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-13 06:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2008-11-13 06:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-11-11 20:26 606,848 ----a-w c:\windows\flashax.exe
2008-11-11 20:26 503,808 ----a-w c:\windows\Asus_Camera_ScreenSaver.scr
2008-11-11 20:26 4,814,371 ----a-w c:\windows\ASUS Camera ScreenSaver.exe
2008-11-11 20:26 37,232 ----a-w c:\windows\ASScrProlog.exe
2008-11-11 20:26 33,136 ----a-w c:\windows\ASScrPro.exe
2008-11-11 20:26 274,800 ----a-w c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-11-11 20:26 12,288 ----a-w c:\windows\impborl.dll
2008-11-11 19:53 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-11-11 19:52 315,392 ----a-w c:\windows\HideWin.exe
2008-11-11 17:00 218,376 ----a-w c:\windows\System32\klogon.dll
2008-11-11 14:14 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-11-11 14:14 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-11-11 14:14 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-11-11 14:14 272,896 ----a-w c:\windows\System32\polstore.dll
2008-11-11 14:13 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-11-11 14:13 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-11-11 14:09 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-11-11 14:09 293,376 ----a-w c:\windows\System32\psisdecd.dll
2008-11-11 14:02 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-11-11 14:02 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-11-11 13:53 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-11-11 13:52 988,216 ----a-w c:\windows\System32\winload.exe
2008-11-11 13:52 927,288 ----a-w c:\windows\System32\winresume.exe
2008-11-11 13:52 615,992 ----a-w c:\windows\System32\ci.dll
2008-11-11 13:52 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-11-11 13:52 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-11-11 13:52 40,960 ----a-w c:\windows\System32\srclient.dll
2008-11-11 13:52 378,368 ----a-w c:\windows\System32\srcore.dll
2008-11-11 13:52 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-11-11 13:52 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-11-11 13:52 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-11-11 13:47 443,392 ----a-w c:\windows\System32\win32spl.dll
2008-11-11 13:47 37,888 ----a-w c:\windows\System32\printcom.dll
2008-11-11 13:47 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-11-11 13:45 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-11-11 13:45 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-11-11 13:45 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-11-11 13:44 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-11-11 13:44 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 11:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 10:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\System32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 04:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 630784]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-11-11 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-11 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-08 185872]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-13 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1941368856-446697905-1059776350-1000]
"EnableNotificationsRef"=dword:00000005
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3FBE21ED-C92E-4BAC-8F14-42E7D290101B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A607FA2-38A7-4538-BB92-B8B6E95D6A52}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{82613CF0-B6C2-438A-929C-202141A9CBEF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D752D059-B346-4938-842D-C6C81A279A8C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0310231D-B08C-4D69-B905-EA040E69AC50}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{2EB7FF9A-7F41-4342-8A4C-C2600DEE047C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [2008-11-11 46592]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2008-11-11 212280]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
IE: Compare Prices with &Dealio - c:\users\gnark\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\users\gnark\AppData\Roaming\Mozilla\Firefox\Profiles\h5rjf2b2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 10:20:42
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\ADSM_PData_0150
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2009-01-13 10:23:03
ComboFix-quarantined-files.txt 2009-01-13 07:23:00
Avant-CF: 26 237 997 056 octets libres
Après-CF: 25,452,093,440 octets libres
Current=2 Default=2 Failed=1 LastKnownGood=2 Sets=1,2,3,4
285 --- E O F --- 2009-01-13 06:15:00
Merci à celui qui m'aidera.
ComboFix 09-01-11.04 - gnark 2009-01-13 10:02:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1163 [GMT 3:00]
Lancé depuis: c:\users\gnark\Desktop\bibitte.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-13 au 2009-01-13 ))))))))))))))))))))))))))))))))))))
.
2009-01-13 09:24 . 2009-01-13 09:24 <REP> d-------- C:\PerfLogs
2009-01-11 16:00 . 2009-01-11 16:00 56 --ah----- c:\windows\System32\ezsidmv.dat
2009-01-11 12:26 . 2009-01-11 13:12 <REP> d-------- c:\windows\BDOSCAN8
2009-01-10 15:40 . 2009-01-10 20:41 <REP> d-------- c:\users\gnark\Tracing
2009-01-10 15:38 . 2009-01-10 15:38 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-10 15:38 . 2009-01-10 15:38 <REP> d-------- c:\program files\Microsoft
2009-01-10 15:22 . 2009-01-10 15:22 <REP> d-------- c:\program files\Common Files\Windows Live
2009-01-09 12:32 . 2009-01-09 12:32 <REP> d-------- c:\program files\AviSynth 2.5
2009-01-09 12:31 . 2009-01-09 12:31 <REP> d-------- c:\program files\eRightSoft
2009-01-09 12:03 . 2009-01-09 12:03 <REP> d-------- c:\program files\Search Settings
2009-01-09 12:02 . 2009-01-09 12:02 <REP> d-------- c:\program files\Dealio
2009-01-09 12:00 . 2009-01-09 12:00 <REP> d-------- c:\program files\Free Audio Pack
2009-01-09 12:00 . 2004-03-08 23:00 662,288 --a------ c:\windows\System32\MSCOMCT2.OCX
2009-01-08 19:38 . 2009-01-08 19:38 96,976 --a------ c:\windows\System32\drivers\klin.dat
2009-01-08 19:38 . 2009-01-08 19:38 87,855 --a------ c:\windows\System32\drivers\klick.dat
2009-01-08 19:37 . 2009-01-13 09:37 <REP> d-------- c:\users\All Users\Kaspersky Lab
2009-01-08 19:37 . 2009-01-13 09:37 <REP> d-------- c:\programdata\Kaspersky Lab
2009-01-08 19:37 . 2009-01-08 19:37 <REP> d-------- c:\program files\Kaspersky Lab
2009-01-08 19:37 . 2009-01-13 09:38 3,222,048 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-01-08 19:37 . 2009-01-13 09:38 434,208 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-01-08 19:37 . 2009-01-13 09:37 27,300 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-01-08 19:37 . 2009-01-13 09:35 3,612 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-01-08 15:43 . 2009-01-08 15:43 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2009-01-08 14:36 . 2009-01-08 14:36 <REP> d-------- c:\program files\Trend Micro
2009-01-08 14:32 . 2009-01-11 11:13 <REP> d-------- c:\program files\FindyKill
2009-01-08 14:06 . 2009-01-08 14:06 <REP> d-------- c:\users\gnark\AppData\Roaming\Malwarebytes
2009-01-08 14:06 . 2009-01-08 14:06 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-08 14:06 . 2009-01-08 14:06 <REP> d-------- c:\programdata\Malwarebytes
2009-01-08 14:06 . 2009-01-08 14:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 14:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-08 14:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-08 13:59 . 2009-01-08 13:59 <REP> d-------- C:\VundoFix Backups
2009-01-08 13:05 . 2009-01-08 13:05 <REP> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-01-08 13:05 . 2009-01-08 13:05 <REP> d-------- c:\programdata\Kaspersky Lab Setup Files
2009-01-08 11:45 . 2009-01-08 11:45 <REP> d-------- c:\windows\Sun
2009-01-08 11:34 . 2009-01-08 11:38 <REP> d-------- C:\Combo-Fix
2009-01-08 08:58 . 2005-02-27 21:48 356,352 --a------ c:\windows\System32\RealMediaSplitter.ax
2009-01-08 08:40 . 2009-01-08 08:40 <REP> d-------- c:\program files\Real
2009-01-08 08:40 . 2009-01-08 08:40 <REP> d-------- c:\program files\Common Files\xing shared
2009-01-08 08:40 . 2009-01-08 08:40 <REP> d-------- c:\program files\Common Files\Real
2008-12-26 10:24 . 2008-12-26 10:23 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-25 18:01 . 2008-12-25 18:10 <REP> d-------- c:\users\gnark\AppData\Roaming\Mp3tag
2008-12-25 18:01 . 2008-12-25 18:01 <REP> d-------- c:\program files\Mp3tag
2008-12-25 16:04 . 2009-01-09 11:43 <REP> d-------- c:\program files\bwin
2008-12-25 14:37 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-12-25 14:36 . 2008-12-25 14:36 <REP> d-------- c:\program files\SanDisk
2008-12-25 14:36 . 2008-10-14 12:01 14,608 --a------ c:\windows\System32\iviaspi.sys
2008-12-25 13:53 . 2008-12-25 13:53 <REP> d-------- c:\users\gnark\AppData\Roaming\SanDisk
2008-12-14 13:49 . 2009-01-11 22:15 <REP> d-------- c:\users\gnark\AppData\Roaming\BSW
2008-12-14 13:48 . 2008-12-14 13:48 <REP> d-------- c:\program files\Sun
2008-12-14 13:46 . 2008-12-26 10:23 <REP> d-------- c:\program files\Java
2008-12-14 13:40 . 2008-12-14 13:40 <REP> d-------- c:\program files\Common Files\Java
2008-12-13 09:52 . 2007-06-25 12:00 2,076 --a------ C:\ASUS_94520049.icm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 06:34 174 --sha-w c:\program files\desktop.ini
2009-01-13 06:25 --------- d-----w c:\program files\Windows Sidebar
2009-01-13 06:25 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-13 06:25 --------- d-----w c:\program files\Windows Mail
2009-01-13 06:25 --------- d-----w c:\program files\Windows Journal
2009-01-13 06:25 --------- d-----w c:\program files\Windows Defender
2009-01-13 06:25 --------- d-----w c:\program files\Windows Collaboration
2009-01-13 06:25 --------- d-----w c:\program files\Windows Calendar
2009-01-13 06:11 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-13 06:11 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-11 19:14 --------- d-----w c:\users\gnark\AppData\Roaming\Skype
2009-01-11 13:00 --------- d-----w c:\users\gnark\AppData\Roaming\skypePM
2009-01-10 12:37 --------- d-----w c:\program files\Windows Live
2009-01-09 09:45 --------- d-----w c:\users\gnark\AppData\Roaming\dvdcss
2009-01-08 10:11 --------- d-----w c:\programdata\Symantec
2008-12-25 11:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 00:08 --------- d-----w c:\programdata\Microsoft Help
2008-12-11 11:54 --------- d-----w c:\program files\WinamaxPoker
2008-12-02 19:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-23 11:49 --------- d-----w c:\program files\MSBuild
2008-11-23 11:49 --------- d-----w c:\program files\Microsoft Works
2008-11-23 11:47 --------- d-----w c:\program files\Microsoft.NET
2008-11-23 11:45 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-11-22 16:49 --------- d-----w c:\program files\7-Zip
2008-11-14 05:13 --------- d-----w c:\program files\Common Files\Adobe
2008-11-13 17:00 --------- d-----w c:\users\gnark\AppData\Roaming\vlc
2008-11-13 12:14 --------- d-----w c:\programdata\eMule
2008-11-13 06:39 --------- d-----w c:\program files\VideoLAN
2008-11-13 06:31 --------- d-----w c:\program files\eMule
2008-11-13 06:15 269,312 ----a-w c:\windows\System32\es.dll
2008-11-13 06:15 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2008-11-13 06:14 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-11-13 06:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2008-11-13 06:14 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-13 06:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2008-11-13 06:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-11-11 20:26 606,848 ----a-w c:\windows\flashax.exe
2008-11-11 20:26 503,808 ----a-w c:\windows\Asus_Camera_ScreenSaver.scr
2008-11-11 20:26 4,814,371 ----a-w c:\windows\ASUS Camera ScreenSaver.exe
2008-11-11 20:26 37,232 ----a-w c:\windows\ASScrProlog.exe
2008-11-11 20:26 33,136 ----a-w c:\windows\ASScrPro.exe
2008-11-11 20:26 274,800 ----a-w c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-11-11 20:26 12,288 ----a-w c:\windows\impborl.dll
2008-11-11 19:53 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-11-11 19:52 315,392 ----a-w c:\windows\HideWin.exe
2008-11-11 17:00 218,376 ----a-w c:\windows\System32\klogon.dll
2008-11-11 14:14 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-11-11 14:14 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-11-11 14:14 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-11-11 14:14 272,896 ----a-w c:\windows\System32\polstore.dll
2008-11-11 14:13 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-11-11 14:13 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-11-11 14:09 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-11-11 14:09 293,376 ----a-w c:\windows\System32\psisdecd.dll
2008-11-11 14:02 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-11-11 14:02 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-11-11 13:53 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-11-11 13:52 988,216 ----a-w c:\windows\System32\winload.exe
2008-11-11 13:52 927,288 ----a-w c:\windows\System32\winresume.exe
2008-11-11 13:52 615,992 ----a-w c:\windows\System32\ci.dll
2008-11-11 13:52 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-11-11 13:52 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-11-11 13:52 40,960 ----a-w c:\windows\System32\srclient.dll
2008-11-11 13:52 378,368 ----a-w c:\windows\System32\srcore.dll
2008-11-11 13:52 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-11-11 13:52 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-11-11 13:52 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-11-11 13:47 443,392 ----a-w c:\windows\System32\win32spl.dll
2008-11-11 13:47 37,888 ----a-w c:\windows\System32\printcom.dll
2008-11-11 13:47 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-11-11 13:45 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-11-11 13:45 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-11-11 13:45 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-11-11 13:44 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-11-11 13:44 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 11:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 10:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\System32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 04:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 630784]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-03 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-11-11 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-11 33136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-08 185872]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-13 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1941368856-446697905-1059776350-1000]
"EnableNotificationsRef"=dword:00000005
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3FBE21ED-C92E-4BAC-8F14-42E7D290101B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A607FA2-38A7-4538-BB92-B8B6E95D6A52}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{82613CF0-B6C2-438A-929C-202141A9CBEF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D752D059-B346-4938-842D-C6C81A279A8C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0310231D-B08C-4D69-B905-EA040E69AC50}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{2EB7FF9A-7F41-4342-8A4C-C2600DEE047C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [2008-11-11 46592]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2008-11-11 212280]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
IE: Compare Prices with &Dealio - c:\users\gnark\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\users\gnark\AppData\Roaming\Mozilla\Firefox\Profiles\h5rjf2b2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 10:20:42
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\ADSM_PData_0150
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2009-01-13 10:23:03
ComboFix-quarantined-files.txt 2009-01-13 07:23:00
Avant-CF: 26 237 997 056 octets libres
Après-CF: 25,452,093,440 octets libres
Current=2 Default=2 Failed=1 LastKnownGood=2 Sets=1,2,3,4
285 --- E O F --- 2009-01-13 06:15:00
Merci à celui qui m'aidera.
