A voir également:
- Pb avec total security version 4.52
- Dernière version ccleaner gratuit français - Télécharger - Nettoyage
- Splitcam ancienne version - Télécharger - Messagerie
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Total uninstall - Télécharger - Divers Utilitaires
- Total video converter - Télécharger - Conversion & Codecs
2 réponses
bjr,
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
merci NARCO pour ton aide . voici le détail duComboFix 09-08-22.04 - THIERRY 22/08/2009 21:38.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.669 [GMT 2:00]
Running from: c:\documents and settings\THIERRY\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\10607374
c:\documents and settings\All Users\Application Data\10607374\10607374
c:\documents and settings\All Users\Application Data\10607374\10607374.exe
c:\documents and settings\All Users\Application Data\10607374\pc10607374ins
c:\documents and settings\THIERRY\Application Data\wiaserva.log
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\acctresw.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_WUAUSERVUPNPHOST
-------\Service_npf
-------\Service_SfX
-------\Service_wuauservupnphost
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.
2009-08-22 19:46 . 2009-08-22 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\11366464
2009-08-22 19:46 . 2009-08-22 19:46 699936 ----a-w- c:\documents and settings\All Users\Application Data\11366464\11366464.exe
2009-08-22 15:27 . 2009-08-22 15:27 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-08-22 15:25 . 2009-08-22 15:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-22 15:00 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-22 12:57 . 2009-08-22 12:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-22 12:46 . 2009-08-22 12:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-22 12:45 . 2009-08-22 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-22 12:32 . 2009-08-22 18:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 12:24 . 2009-08-22 18:23 -------- d-----w- c:\program files\ZHPDiag
2009-08-22 11:45 . 2009-08-22 12:10 110 --s-a-w- c:\windows\system32\3959993317.dat
2009-08-22 11:12 . 2009-08-22 11:12 -------- d-----w- c:\program files\Enigma Software Group
2009-08-20 11:56 . 2009-08-20 11:56 -------- d-----w- C:\Programefiles
2009-08-19 15:28 . 2009-08-19 15:28 -------- d-----w- c:\program files\DDnsFilter
2009-08-19 15:28 . 2009-08-19 15:28 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
2009-08-15 21:00 . 2009-08-15 21:00 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-08-15 21:00 . 2008-04-13 17:33 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-15 21:00 . 2008-04-13 17:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-15 15:09 . 2009-08-15 15:26 -------- d-----w- c:\documents and settings\THIERRY\Application Data\fretsonfire
2009-08-15 15:09 . 2009-08-17 12:05 -------- d-----w- c:\program files\Frets on Fire
2009-08-13 09:12 . 2009-08-13 09:12 -------- d-----w- C:\col5319
2009-08-13 09:02 . 2009-08-13 09:02 -------- d-----w- c:\documents and settings\THIERRY\Application Data\Dossier de téléchargement Share-to-Web
2009-08-13 09:02 . 2009-08-13 09:02 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
2009-08-13 09:02 . 2009-08-17 20:35 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-13 09:00 . 2009-08-13 09:00 -------- d-----w- C:\sj659
2009-08-12 16:13 . 2009-08-12 16:13 1080 ----a-w- c:\windows\AUTOLNCH.REG
2009-08-12 16:13 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-12 16:13 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-10 11:05 . 2009-08-10 11:07 -------- d-----w- c:\windows\system32\NtmsData
2009-08-09 14:43 . 2009-08-09 14:43 -------- d-----w- c:\program files\Eidos Interactive
2009-08-09 13:52 . 2009-08-09 13:52 -------- d-----w- c:\program files\Creative Labs
2009-08-09 13:52 . 1999-07-06 12:13 40960 ----a-w- c:\windows\system32\eax.dll
2009-08-09 13:52 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-08 12:23 . 2009-08-08 12:25 -------- d-----w- c:\program files\VirtualDJ
2009-08-07 20:36 . 2009-08-07 21:00 -------- d-----w- c:\program files\FP
2009-08-07 20:25 . 2009-08-07 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-07 20:25 . 2009-08-07 20:42 -------- d-----w- c:\program files\NOS
2009-08-07 12:24 . 2009-08-09 14:00 1371 ----a-w- c:\windows\mozver.dat
2009-08-07 11:32 . 2009-08-07 11:32 0 ----a-w- c:\windows\nsreg.dat
2009-08-07 11:32 . 2009-08-07 11:32 -------- d-----w- c:\documents and settings\THIERRY\Local Settings\Application Data\Mozilla
2009-08-01 22:15 . 2009-08-11 20:04 -------- d-----w- c:\documents and settings\THIERRY\Local Settings\Application Data\NFS Underground 2
2009-07-30 16:34 . 2009-07-30 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2009-07-30 16:23 . 2009-07-30 16:23 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-07-30 15:07 . 2009-07-30 15:17 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-29 20:22 . 2009-07-29 20:22 -------- d-----w- C:\SIERRA
2009-07-29 20:22 . 2009-07-29 20:22 -------- d-----w- c:\documents and settings\THIERRY\WINDOWS
2009-07-29 20:12 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2009-07-29 19:46 . 2009-07-29 19:46 -------- d-----w- c:\program files\MSXML 4.0
2009-07-29 19:24 . 2003-10-27 12:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-07-29 19:24 . 2003-10-27 12:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2009-07-29 19:24 . 2003-10-27 12:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2009-07-29 19:24 . 2003-10-27 12:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2009-07-29 19:24 . 2003-10-27 12:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-29 17:45 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 17:45 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-25 20:05 . 2009-08-08 13:55 -------- d-----w- c:\program files\EA GAMES
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 12:47 . 2009-07-03 18:50 -------- d-----w- c:\program files\Google
2009-08-20 11:40 . 2009-07-03 18:47 -------- d-----w- c:\documents and settings\THIERRY\Application Data\uTorrent
2009-08-17 20:35 . 2009-07-01 21:55 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-08-17 16:10 . 2009-07-01 20:02 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-01 20:03 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-01 20:03 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-01 20:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-01 20:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-01 20:03 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-01 20:03 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-01 20:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-01 20:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-13 13:55 . 2009-07-02 08:21 -------- d-----w- c:\program files\GUILD WARS
2009-08-13 09:02 . 2009-07-10 17:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 11:06 . 2009-07-01 14:10 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-10 14:55 . 2009-07-10 13:42 -------- d-----w- c:\documents and settings\THIERRY\Application Data\dvdcss
2009-08-08 16:52 . 2009-07-01 13:38 50640 ----a-w- c:\documents and settings\THIERRY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 16:55 . 2009-07-07 11:16 -------- d-----w- c:\program files\Microsoft Games
2009-07-22 13:00 . 2009-07-22 07:51 28292 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-22 13:00 . 2009-07-22 07:51 2322464 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-21 21:58 . 2009-07-21 21:58 -------- d-----w- c:\program files\CCleaner
2009-07-10 17:49 . 2009-07-10 17:49 -------- d-----w- c:\program files\Samsung
2009-07-08 13:47 . 2009-07-04 14:20 -------- d-----w- c:\documents and settings\THIERRY\Application Data\teamspeak2
2009-07-08 12:24 . 2009-07-08 12:24 -------- d-----w- c:\program files\Alcohol Soft
2009-07-08 12:22 . 2009-07-08 12:22 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-06 19:38 . 2004-12-26 19:30 -------- d-----w- c:\program files\SoftChris
2009-07-06 19:31 . 2009-07-02 08:04 -------- d-----w- c:\program files\IncrediMail
2009-07-04 14:34 . 2009-07-04 14:20 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-03 19:51 . 2009-07-03 19:51 53248 ----a-w- c:\windows\system32\unrar.dll
2009-07-03 18:48 . 2009-07-03 18:48 -------- d-----w- c:\program files\uTorrent
2009-07-03 18:39 . 2009-07-03 18:39 -------- d-----w- c:\documents and settings\THIERRY\Application Data\Atari
2009-07-03 18:38 . 2009-07-03 18:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-03 16:57 . 2002-08-29 09:45 915456 ------w- c:\windows\system32\wininet.dll
2009-07-02 08:05 . 2009-07-02 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2009-07-02 08:04 . 2009-07-02 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2009-07-02 07:37 . 2009-07-02 07:34 -------- d-----w- c:\program files\Microsoft Picture It! PhotoPub
2009-07-01 21:58 . 2009-07-01 21:58 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-01 21:58 . 2009-07-01 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-01 21:58 . 2009-07-01 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-01 20:59 . 2009-07-01 20:59 15872 ----a-r- c:\documents and settings\THIERRY\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2009-07-01 20:59 . 2009-07-01 20:59 -------- d-----w- c:\program files\Valve
2009-07-01 20:56 . 2009-07-01 20:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-01 20:41 . 2009-07-01 20:41 -------- d-----w- c:\program files\Microsoft
2009-07-01 20:41 . 2009-07-01 20:40 -------- d-----w- c:\program files\Windows Live
2009-07-01 20:41 . 2009-07-01 20:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 20:32 . 2009-07-01 20:32 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-01 20:16 . 2009-07-01 20:16 -------- d-----w- c:\program files\Neuf
2009-07-01 20:02 . 2009-07-01 20:02 -------- d-----w- c:\program files\Alwil Software
2009-07-01 19:24 . 2001-08-28 12:00 48856 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-01 19:24 . 2001-08-28 12:00 368076 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-01 15:14 . 2009-07-01 15:14 -------- d-----w- c:\documents and settings\THIERRY\Application Data\vlc
2009-07-01 15:13 . 2009-07-01 15:13 -------- d-----w- c:\program files\VideoLAN
2009-07-01 13:15 . 2009-07-01 12:45 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-01 12:46 . 2009-07-01 12:46 -------- d-----w- c:\program files\microsoft frontpage
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\KCPJXJRJ.DAT
2009-07-01 12:46 . 2009-07-01 12:46 558142 ----a-w- c:\windows\java\Packages\V3PB33NF.ZIP
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\4SHNRH77.DAT
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\XJDR1335.DAT
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\DBDFBB7T.DAT
2009-07-01 12:46 . 2009-07-01 12:46 155995 ----a-w- c:\windows\java\Packages\8T3971JJ.ZIP
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\0TNFVZ9R.DAT
2009-07-01 12:43 . 2009-07-01 12:43 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-01 12:43 . 2009-07-01 12:43 -------- d-----w- c:\program files\Services en ligne
2009-06-16 14:40 . 2001-08-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-08-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2002-08-29 09:44 1297408 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-07-01 1217784]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-02 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-03 122368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"11366464"="c:\documents and settings\All Users\Application Data\11366464\11366464.exe" [2009-08-22 699936]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\THIERRY\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-13 28672]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\homoncules\\counter-strike\\hl.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\homoncules\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [28/08/2001 14:00 14336]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/07/2009 22:03 114768]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [19/08/2009 17:28 38016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/07/2009 22:03 20560]
R3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [01/07/2009 15:39 72192]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S2 gupdate1ca23269f92aaf0;Service Google Update (gupdate1ca23269f92aaf0);c:\program files\Google\Update\GoogleUpdate.exe [22/08/2009 14:46 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder
2009-08-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-03 12:45]
2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 12:46]
2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 12:46]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-10607374 - c:\documents and settings\All Users\Application Data\10607374\10607374.exe
.
------- Supplementary Scan -------
.
uStart Page = neufportail.fr/
uDefault_Search_URL = hxxp://fr.gdark.com
uSearchMigratedDefaultURL = hxxp://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
mStart Page = hxxp://fr.gdark.com
uSearchURL,(Default) = hxxp://fr.gdark.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 21:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\windows\temp\_ex-08.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-22 21:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 19:54
Pre-Run: 116 173 709 312 octets libres
Post-Run: 116 114 464 768 octets libres
284 --- E O F --- 2009-07-31 12:06
rapport:
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.669 [GMT 2:00]
Running from: c:\documents and settings\THIERRY\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\10607374
c:\documents and settings\All Users\Application Data\10607374\10607374
c:\documents and settings\All Users\Application Data\10607374\10607374.exe
c:\documents and settings\All Users\Application Data\10607374\pc10607374ins
c:\documents and settings\THIERRY\Application Data\wiaserva.log
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\acctresw.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_WUAUSERVUPNPHOST
-------\Service_npf
-------\Service_SfX
-------\Service_wuauservupnphost
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.
2009-08-22 19:46 . 2009-08-22 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\11366464
2009-08-22 19:46 . 2009-08-22 19:46 699936 ----a-w- c:\documents and settings\All Users\Application Data\11366464\11366464.exe
2009-08-22 15:27 . 2009-08-22 15:27 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-08-22 15:25 . 2009-08-22 15:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-22 15:00 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-22 12:57 . 2009-08-22 12:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-22 12:46 . 2009-08-22 12:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-22 12:45 . 2009-08-22 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-22 12:32 . 2009-08-22 18:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 12:24 . 2009-08-22 18:23 -------- d-----w- c:\program files\ZHPDiag
2009-08-22 11:45 . 2009-08-22 12:10 110 --s-a-w- c:\windows\system32\3959993317.dat
2009-08-22 11:12 . 2009-08-22 11:12 -------- d-----w- c:\program files\Enigma Software Group
2009-08-20 11:56 . 2009-08-20 11:56 -------- d-----w- C:\Programefiles
2009-08-19 15:28 . 2009-08-19 15:28 -------- d-----w- c:\program files\DDnsFilter
2009-08-19 15:28 . 2009-08-19 15:28 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
2009-08-15 21:00 . 2009-08-15 21:00 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-08-15 21:00 . 2008-04-13 17:33 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-15 21:00 . 2008-04-13 17:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-15 15:09 . 2009-08-15 15:26 -------- d-----w- c:\documents and settings\THIERRY\Application Data\fretsonfire
2009-08-15 15:09 . 2009-08-17 12:05 -------- d-----w- c:\program files\Frets on Fire
2009-08-13 09:12 . 2009-08-13 09:12 -------- d-----w- C:\col5319
2009-08-13 09:02 . 2009-08-13 09:02 -------- d-----w- c:\documents and settings\THIERRY\Application Data\Dossier de téléchargement Share-to-Web
2009-08-13 09:02 . 2009-08-13 09:02 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
2009-08-13 09:02 . 2009-08-17 20:35 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-13 09:00 . 2009-08-13 09:00 -------- d-----w- C:\sj659
2009-08-12 16:13 . 2009-08-12 16:13 1080 ----a-w- c:\windows\AUTOLNCH.REG
2009-08-12 16:13 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-12 16:13 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-10 11:05 . 2009-08-10 11:07 -------- d-----w- c:\windows\system32\NtmsData
2009-08-09 14:43 . 2009-08-09 14:43 -------- d-----w- c:\program files\Eidos Interactive
2009-08-09 13:52 . 2009-08-09 13:52 -------- d-----w- c:\program files\Creative Labs
2009-08-09 13:52 . 1999-07-06 12:13 40960 ----a-w- c:\windows\system32\eax.dll
2009-08-09 13:52 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-08 12:23 . 2009-08-08 12:25 -------- d-----w- c:\program files\VirtualDJ
2009-08-07 20:36 . 2009-08-07 21:00 -------- d-----w- c:\program files\FP
2009-08-07 20:25 . 2009-08-07 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-07 20:25 . 2009-08-07 20:42 -------- d-----w- c:\program files\NOS
2009-08-07 12:24 . 2009-08-09 14:00 1371 ----a-w- c:\windows\mozver.dat
2009-08-07 11:32 . 2009-08-07 11:32 0 ----a-w- c:\windows\nsreg.dat
2009-08-07 11:32 . 2009-08-07 11:32 -------- d-----w- c:\documents and settings\THIERRY\Local Settings\Application Data\Mozilla
2009-08-01 22:15 . 2009-08-11 20:04 -------- d-----w- c:\documents and settings\THIERRY\Local Settings\Application Data\NFS Underground 2
2009-07-30 16:34 . 2009-07-30 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2009-07-30 16:23 . 2009-07-30 16:23 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-07-30 15:07 . 2009-07-30 15:17 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-29 20:22 . 2009-07-29 20:22 -------- d-----w- C:\SIERRA
2009-07-29 20:22 . 2009-07-29 20:22 -------- d-----w- c:\documents and settings\THIERRY\WINDOWS
2009-07-29 20:12 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe
2009-07-29 19:46 . 2009-07-29 19:46 -------- d-----w- c:\program files\MSXML 4.0
2009-07-29 19:24 . 2003-10-27 12:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-07-29 19:24 . 2003-10-27 12:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2009-07-29 19:24 . 2003-10-27 12:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2009-07-29 19:24 . 2003-10-27 12:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2009-07-29 19:24 . 2003-10-27 12:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-29 17:45 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 17:45 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-25 20:05 . 2009-08-08 13:55 -------- d-----w- c:\program files\EA GAMES
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 12:47 . 2009-07-03 18:50 -------- d-----w- c:\program files\Google
2009-08-20 11:40 . 2009-07-03 18:47 -------- d-----w- c:\documents and settings\THIERRY\Application Data\uTorrent
2009-08-17 20:35 . 2009-07-01 21:55 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-08-17 16:10 . 2009-07-01 20:02 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-01 20:03 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-01 20:03 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-01 20:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-01 20:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-01 20:03 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-01 20:03 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-01 20:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-01 20:03 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-13 13:55 . 2009-07-02 08:21 -------- d-----w- c:\program files\GUILD WARS
2009-08-13 09:02 . 2009-07-10 17:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 11:06 . 2009-07-01 14:10 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-10 14:55 . 2009-07-10 13:42 -------- d-----w- c:\documents and settings\THIERRY\Application Data\dvdcss
2009-08-08 16:52 . 2009-07-01 13:38 50640 ----a-w- c:\documents and settings\THIERRY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 16:55 . 2009-07-07 11:16 -------- d-----w- c:\program files\Microsoft Games
2009-07-22 13:00 . 2009-07-22 07:51 28292 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-22 13:00 . 2009-07-22 07:51 2322464 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-21 21:58 . 2009-07-21 21:58 -------- d-----w- c:\program files\CCleaner
2009-07-10 17:49 . 2009-07-10 17:49 -------- d-----w- c:\program files\Samsung
2009-07-08 13:47 . 2009-07-04 14:20 -------- d-----w- c:\documents and settings\THIERRY\Application Data\teamspeak2
2009-07-08 12:24 . 2009-07-08 12:24 -------- d-----w- c:\program files\Alcohol Soft
2009-07-08 12:22 . 2009-07-08 12:22 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-06 19:38 . 2004-12-26 19:30 -------- d-----w- c:\program files\SoftChris
2009-07-06 19:31 . 2009-07-02 08:04 -------- d-----w- c:\program files\IncrediMail
2009-07-04 14:34 . 2009-07-04 14:20 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-03 19:51 . 2009-07-03 19:51 53248 ----a-w- c:\windows\system32\unrar.dll
2009-07-03 18:48 . 2009-07-03 18:48 -------- d-----w- c:\program files\uTorrent
2009-07-03 18:39 . 2009-07-03 18:39 -------- d-----w- c:\documents and settings\THIERRY\Application Data\Atari
2009-07-03 18:38 . 2009-07-03 18:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-03 16:57 . 2002-08-29 09:45 915456 ------w- c:\windows\system32\wininet.dll
2009-07-02 08:05 . 2009-07-02 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2009-07-02 08:04 . 2009-07-02 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2009-07-02 07:37 . 2009-07-02 07:34 -------- d-----w- c:\program files\Microsoft Picture It! PhotoPub
2009-07-01 21:58 . 2009-07-01 21:58 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-01 21:58 . 2009-07-01 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-01 21:58 . 2009-07-01 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-01 20:59 . 2009-07-01 20:59 15872 ----a-r- c:\documents and settings\THIERRY\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2009-07-01 20:59 . 2009-07-01 20:59 -------- d-----w- c:\program files\Valve
2009-07-01 20:56 . 2009-07-01 20:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-01 20:41 . 2009-07-01 20:41 -------- d-----w- c:\program files\Microsoft
2009-07-01 20:41 . 2009-07-01 20:40 -------- d-----w- c:\program files\Windows Live
2009-07-01 20:41 . 2009-07-01 20:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 20:32 . 2009-07-01 20:32 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-01 20:16 . 2009-07-01 20:16 -------- d-----w- c:\program files\Neuf
2009-07-01 20:02 . 2009-07-01 20:02 -------- d-----w- c:\program files\Alwil Software
2009-07-01 19:24 . 2001-08-28 12:00 48856 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-01 19:24 . 2001-08-28 12:00 368076 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-01 15:14 . 2009-07-01 15:14 -------- d-----w- c:\documents and settings\THIERRY\Application Data\vlc
2009-07-01 15:13 . 2009-07-01 15:13 -------- d-----w- c:\program files\VideoLAN
2009-07-01 13:15 . 2009-07-01 12:45 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-01 12:46 . 2009-07-01 12:46 -------- d-----w- c:\program files\microsoft frontpage
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\KCPJXJRJ.DAT
2009-07-01 12:46 . 2009-07-01 12:46 558142 ----a-w- c:\windows\java\Packages\V3PB33NF.ZIP
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\4SHNRH77.DAT
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\XJDR1335.DAT
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\DBDFBB7T.DAT
2009-07-01 12:46 . 2009-07-01 12:46 155995 ----a-w- c:\windows\java\Packages\8T3971JJ.ZIP
2009-07-01 12:46 . 2009-07-01 12:46 2678 ----a-w- c:\windows\java\Packages\Data\0TNFVZ9R.DAT
2009-07-01 12:43 . 2009-07-01 12:43 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-01 12:43 . 2009-07-01 12:43 -------- d-----w- c:\program files\Services en ligne
2009-06-16 14:40 . 2001-08-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-08-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2002-08-29 09:44 1297408 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-07-01 1217784]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-02 203928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-03 122368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"11366464"="c:\documents and settings\All Users\Application Data\11366464\11366464.exe" [2009-08-22 699936]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\THIERRY\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-13 28672]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\homoncules\\counter-strike\\hl.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\homoncules\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [28/08/2001 14:00 14336]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/07/2009 22:03 114768]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [19/08/2009 17:28 38016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/07/2009 22:03 20560]
R3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [01/07/2009 15:39 72192]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S2 gupdate1ca23269f92aaf0;Service Google Update (gupdate1ca23269f92aaf0);c:\program files\Google\Update\GoogleUpdate.exe [22/08/2009 14:46 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder
2009-08-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-03 12:45]
2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 12:46]
2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 12:46]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-10607374 - c:\documents and settings\All Users\Application Data\10607374\10607374.exe
.
------- Supplementary Scan -------
.
uStart Page = neufportail.fr/
uDefault_Search_URL = hxxp://fr.gdark.com
uSearchMigratedDefaultURL = hxxp://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
mStart Page = hxxp://fr.gdark.com
uSearchURL,(Default) = hxxp://fr.gdark.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 21:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\windows\temp\_ex-08.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-22 21:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 19:54
Pre-Run: 116 173 709 312 octets libres
Post-Run: 116 114 464 768 octets libres
284 --- E O F --- 2009-07-31 12:06
rapport:
