Infection résistante !
Fermé
trollitto
Messages postés
18
Statut
Membre
-
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Ce topic fait suite à celui ci :
https://forums.commentcamarche.net/forum/affich-14425705-pc-qui-ne-s-arrete-plus
Dans lequel il je demande de l'aide car mon pc ne s'arrête plus
Suite aux différentes manipulations faites il s'est avéré qu'il me reste encore des infections, voici donc le rapport combifx.
Que dois-je faire ???
ComboFix 09-09-29.03 - Administrateur 30/09/2009 13:00.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.500 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090929-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 ))))))))))))))))))))))))))))))))))))
.
2009-09-30 10:45 . 2009-09-30 10:45 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-28 09:56 . 2009-09-28 09:56 -------- d-----w- c:\program files\BitTorrent
2009-09-27 17:24 . 2009-09-27 21:45 -------- d-----w- c:\program files\a-squared Free
2009-09-26 09:54 . 2009-09-27 21:48 2432 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-25 10:46 . 2009-09-25 11:24 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-24 19:36 . 2009-09-26 11:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-09-24 17:35 . 2009-09-24 17:35 -------- d-----w- c:\windows\ServicePackFiles
2009-09-24 17:34 . 2009-09-24 17:34 -------- d-----w- c:\program files\MSXML 4.0
2009-09-24 12:20 . 2009-09-24 12:20 -------- d-----w- c:\program files\Microsoft
2009-09-24 11:38 . 2009-09-24 11:38 -------- d-----r- C:\assembly
2009-09-24 10:34 . 2009-09-24 10:34 -------- d-----w- c:\program files\iPod
2009-09-24 10:33 . 2009-09-24 10:35 -------- d-----w- c:\program files\iTunes
2009-09-24 10:19 . 2009-09-24 10:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-09-24 10:19 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 10:19 . 2009-09-24 10:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 10:19 . 2009-09-24 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-24 10:19 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 08:36 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-24 08:36 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-24 08:36 . 2009-02-09 11:50 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-24 08:36 . 2009-02-09 11:50 2059776 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-09-24 08:36 . 2009-02-09 11:50 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-24 08:36 . 2009-02-09 11:50 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-24 08:33 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-18 15:41 . 2009-09-18 15:41 -------- d-----w- c:\program files\iPod Video Converter
2009-09-17 19:43 . 2006-07-11 17:06 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2009-09-17 19:43 . 2005-05-14 19:09 2179072 ----a-w- c:\windows\system32\mfc71d.dll
2009-09-17 19:43 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-09-17 19:43 . 2000-10-01 18:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-09-17 19:43 . 1999-03-25 18:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-09-17 19:43 . 1998-07-12 22:00 21504 ----a-w- c:\windows\system32\TABCTFR.DLL
2009-09-17 19:43 . 1998-07-12 22:00 59904 ----a-w- c:\windows\system32\Mscc2fr.dll
2009-09-17 19:43 . 1998-07-12 22:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-09-17 19:43 . 1998-07-12 23:00 20992 ----a-w- c:\windows\system32\CMCT2FR.DLL
2009-09-17 19:43 . 1998-07-12 18:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-09-17 18:31 . 2009-09-17 18:31 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Conduit
2009-09-17 15:51 . 2009-09-17 15:51 -------- d-----w- c:\program files\Fichiers communs\muvee Technologies
2009-09-17 15:32 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-09-17 14:01 . 2009-03-19 12:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-09-17 14:01 . 2009-03-19 12:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-09-17 14:01 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\usbser_lowerfltj.sys
2009-09-17 14:01 . 2009-02-09 06:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-09-17 14:01 . 2009-02-09 06:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-09-17 14:01 . 2009-02-09 06:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-09-17 14:01 . 2009-02-09 06:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-09-17 13:26 . 2009-09-30 10:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitTorrent
2009-09-17 13:04 . 2009-09-17 13:04 -------- d-----w- C:\Downloads
2009-09-17 10:51 . 2009-09-17 10:51 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-17 10:42 . 2009-04-28 20:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-09-17 10:42 . 2009-04-28 20:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-17 10:42 . 2009-04-28 20:20 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-09-17 10:42 . 2009-04-28 20:20 129520 ------w- c:\windows\system32\pxafs.dll
2009-09-17 10:22 . 2009-09-17 10:22 -------- d-----w- c:\program files\FileHippo.com
2009-09-17 10:22 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-17 10:22 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-17 01:36 . 2009-09-17 01:36 -------- d-----w- c:\program files\Regensoft
2009-09-17 01:35 . 2009-09-17 01:35 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-16 17:20 . 2009-09-16 17:20 18188 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 22:41 . 2009-09-15 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 22:40 . 2009-09-15 22:40 -------- d-----w- c:\program files\Bonjour
2009-09-15 22:37 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-09-09 13:51 . 2009-09-09 13:51 -------- d-----w- c:\program files\ESET
2009-09-09 12:34 . 2009-09-09 12:34 -------- d-----w- c:\program files\Conduit
2009-09-09 12:34 . 2009-09-17 18:39 -------- d-----w- c:\program files\TorrentMan
2009-09-08 12:52 . 2009-09-08 12:52 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Viewpoint
2009-09-08 12:51 . 2009-09-08 12:51 -------- d-----w- c:\program files\Fichiers communs\Viewpoint
2009-09-08 11:46 . 2009-09-17 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-08 11:46 . 2009-09-17 18:30 -------- d-----w- c:\program files\Viewpoint
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 23:30 . 2009-07-28 20:22 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-09-29 17:47 . 2009-04-05 08:00 -------- d-----w- c:\program files\Ahead
2009-09-28 09:59 . 2001-08-28 11:00 83900 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-28 09:59 . 2001-08-28 11:00 508808 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-24 11:54 . 2009-04-04 11:02 -------- d-----w- c:\program files\Mp3tag
2009-09-24 10:34 . 2009-04-07 16:35 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-17 22:54 . 2009-04-06 09:39 -------- d-----w- c:\program files\Easy CD-DA Extractor 7
2009-09-17 17:23 . 2009-04-04 10:41 22448 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 16:08 . 2009-05-04 18:26 -------- d-----w- c:\program files\Fichiers communs\Nokia
2009-09-17 15:50 . 2009-05-04 18:23 -------- d-----w- c:\program files\Nokia
2009-09-17 15:33 . 2009-05-04 18:24 -------- d-----w- c:\program files\DIFX
2009-09-17 14:55 . 2009-05-18 15:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Nseries
2009-09-17 14:10 . 2009-04-05 07:17 -------- d-----w- c:\program files\Winamp
2009-09-17 14:01 . 2009-05-05 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-09-17 10:56 . 2009-04-07 11:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-17 10:19 . 2009-04-07 11:41 -------- d-----w- c:\program files\Java
2009-09-17 09:51 . 2009-08-30 13:04 -------- d-----w- c:\program files\Trend Micro
2009-09-16 09:56 . 2009-04-04 10:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer
2009-09-15 22:41 . 2009-04-07 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-15 22:39 . 2009-04-16 14:49 -------- d-----w- c:\program files\QuickTime Alternative
2009-08-30 16:58 . 2009-08-30 15:46 -------- d-----w- c:\program files\Coolstreaming
2009-08-30 14:05 . 2009-08-27 13:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-30 12:26 . 2009-08-30 12:25 -------- d-----w- c:\program files\CCleaner
2009-08-28 17:42 . 2009-04-07 16:35 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-27 12:51 . 2009-08-27 12:51 -------- d-----w- c:\program files\Alwil Software
2009-08-21 23:06 . 2009-08-21 23:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\VSO
2009-08-21 22:58 . 2009-08-21 22:58 -------- d-----w- c:\program files\VSO
2009-08-17 16:10 . 2009-08-27 12:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-27 12:52 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-27 12:52 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-27 12:52 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-27 12:52 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-27 12:52 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-27 12:52 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-27 12:52 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-27 12:52 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:06 . 2004-08-19 13:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-19 13:09 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2001-08-28 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 18:56 . 2004-08-19 13:09 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-19 13:09 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.
------- Sigcheck -------
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll
[-] 2005-10-24 . 004998C70A3521958D7111FAFC227584 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-17 149280]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"=
"c:\\Program Files\\Coolstreaming\\coolstreaming.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17247:TCP"= 17247:TCP:BitComet 17247 TCP
"17247:UDP"= 17247:UDP:BitComet 17247 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/08/2009 14:52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/08/2009 14:52 20560]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [04/04/2009 21:59 465988]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/09/2009 16:01 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/09/2009 16:01 8320]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cl8ehbsy.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 13:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-09-30 13:04
ComboFix-quarantined-files.txt 2009-09-30 11:04
Avant-CF: 745 246 720 octets libres
Après-CF: 1 156 554 752 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
219 --- E O F --- 2009-09-27 17:30
Ce topic fait suite à celui ci :
https://forums.commentcamarche.net/forum/affich-14425705-pc-qui-ne-s-arrete-plus
Dans lequel il je demande de l'aide car mon pc ne s'arrête plus
Suite aux différentes manipulations faites il s'est avéré qu'il me reste encore des infections, voici donc le rapport combifx.
Que dois-je faire ???
ComboFix 09-09-29.03 - Administrateur 30/09/2009 13:00.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.500 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090929-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 ))))))))))))))))))))))))))))))))))))
.
2009-09-30 10:45 . 2009-09-30 10:45 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-28 09:56 . 2009-09-28 09:56 -------- d-----w- c:\program files\BitTorrent
2009-09-27 17:24 . 2009-09-27 21:45 -------- d-----w- c:\program files\a-squared Free
2009-09-26 09:54 . 2009-09-27 21:48 2432 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-25 10:46 . 2009-09-25 11:24 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-24 19:36 . 2009-09-26 11:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-09-24 17:35 . 2009-09-24 17:35 -------- d-----w- c:\windows\ServicePackFiles
2009-09-24 17:34 . 2009-09-24 17:34 -------- d-----w- c:\program files\MSXML 4.0
2009-09-24 12:20 . 2009-09-24 12:20 -------- d-----w- c:\program files\Microsoft
2009-09-24 11:38 . 2009-09-24 11:38 -------- d-----r- C:\assembly
2009-09-24 10:34 . 2009-09-24 10:34 -------- d-----w- c:\program files\iPod
2009-09-24 10:33 . 2009-09-24 10:35 -------- d-----w- c:\program files\iTunes
2009-09-24 10:19 . 2009-09-24 10:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-09-24 10:19 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 10:19 . 2009-09-24 10:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 10:19 . 2009-09-24 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-24 10:19 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 08:36 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-24 08:36 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-24 08:36 . 2009-02-09 11:50 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-24 08:36 . 2009-02-09 11:50 2059776 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-09-24 08:36 . 2009-02-09 11:50 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-24 08:36 . 2009-02-09 11:50 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-24 08:33 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-18 15:41 . 2009-09-18 15:41 -------- d-----w- c:\program files\iPod Video Converter
2009-09-17 19:43 . 2006-07-11 17:06 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2009-09-17 19:43 . 2005-05-14 19:09 2179072 ----a-w- c:\windows\system32\mfc71d.dll
2009-09-17 19:43 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-09-17 19:43 . 2000-10-01 18:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-09-17 19:43 . 1999-03-25 18:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-09-17 19:43 . 1998-07-12 22:00 21504 ----a-w- c:\windows\system32\TABCTFR.DLL
2009-09-17 19:43 . 1998-07-12 22:00 59904 ----a-w- c:\windows\system32\Mscc2fr.dll
2009-09-17 19:43 . 1998-07-12 22:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-09-17 19:43 . 1998-07-12 23:00 20992 ----a-w- c:\windows\system32\CMCT2FR.DLL
2009-09-17 19:43 . 1998-07-12 18:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-09-17 18:31 . 2009-09-17 18:31 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Conduit
2009-09-17 15:51 . 2009-09-17 15:51 -------- d-----w- c:\program files\Fichiers communs\muvee Technologies
2009-09-17 15:32 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-09-17 14:01 . 2009-03-19 12:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-09-17 14:01 . 2009-03-19 12:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-09-17 14:01 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\usbser_lowerfltj.sys
2009-09-17 14:01 . 2009-02-09 06:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-09-17 14:01 . 2009-02-09 06:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-09-17 14:01 . 2009-02-09 06:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-09-17 14:01 . 2009-02-09 06:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-09-17 13:26 . 2009-09-30 10:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitTorrent
2009-09-17 13:04 . 2009-09-17 13:04 -------- d-----w- C:\Downloads
2009-09-17 10:51 . 2009-09-17 10:51 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-17 10:42 . 2009-04-28 20:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-09-17 10:42 . 2009-04-28 20:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-17 10:42 . 2009-04-28 20:20 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-09-17 10:42 . 2009-04-28 20:20 129520 ------w- c:\windows\system32\pxafs.dll
2009-09-17 10:22 . 2009-09-17 10:22 -------- d-----w- c:\program files\FileHippo.com
2009-09-17 10:22 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-17 10:22 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-17 01:36 . 2009-09-17 01:36 -------- d-----w- c:\program files\Regensoft
2009-09-17 01:35 . 2009-09-17 01:35 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-16 17:20 . 2009-09-16 17:20 18188 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 22:41 . 2009-09-15 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 22:40 . 2009-09-15 22:40 -------- d-----w- c:\program files\Bonjour
2009-09-15 22:37 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-09-09 13:51 . 2009-09-09 13:51 -------- d-----w- c:\program files\ESET
2009-09-09 12:34 . 2009-09-09 12:34 -------- d-----w- c:\program files\Conduit
2009-09-09 12:34 . 2009-09-17 18:39 -------- d-----w- c:\program files\TorrentMan
2009-09-08 12:52 . 2009-09-08 12:52 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Viewpoint
2009-09-08 12:51 . 2009-09-08 12:51 -------- d-----w- c:\program files\Fichiers communs\Viewpoint
2009-09-08 11:46 . 2009-09-17 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-08 11:46 . 2009-09-17 18:30 -------- d-----w- c:\program files\Viewpoint
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 23:30 . 2009-07-28 20:22 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-09-29 17:47 . 2009-04-05 08:00 -------- d-----w- c:\program files\Ahead
2009-09-28 09:59 . 2001-08-28 11:00 83900 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-28 09:59 . 2001-08-28 11:00 508808 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-24 11:54 . 2009-04-04 11:02 -------- d-----w- c:\program files\Mp3tag
2009-09-24 10:34 . 2009-04-07 16:35 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-17 22:54 . 2009-04-06 09:39 -------- d-----w- c:\program files\Easy CD-DA Extractor 7
2009-09-17 17:23 . 2009-04-04 10:41 22448 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 16:08 . 2009-05-04 18:26 -------- d-----w- c:\program files\Fichiers communs\Nokia
2009-09-17 15:50 . 2009-05-04 18:23 -------- d-----w- c:\program files\Nokia
2009-09-17 15:33 . 2009-05-04 18:24 -------- d-----w- c:\program files\DIFX
2009-09-17 14:55 . 2009-05-18 15:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Nseries
2009-09-17 14:10 . 2009-04-05 07:17 -------- d-----w- c:\program files\Winamp
2009-09-17 14:01 . 2009-05-05 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-09-17 10:56 . 2009-04-07 11:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-17 10:19 . 2009-04-07 11:41 -------- d-----w- c:\program files\Java
2009-09-17 09:51 . 2009-08-30 13:04 -------- d-----w- c:\program files\Trend Micro
2009-09-16 09:56 . 2009-04-04 10:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer
2009-09-15 22:41 . 2009-04-07 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-15 22:39 . 2009-04-16 14:49 -------- d-----w- c:\program files\QuickTime Alternative
2009-08-30 16:58 . 2009-08-30 15:46 -------- d-----w- c:\program files\Coolstreaming
2009-08-30 14:05 . 2009-08-27 13:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-30 12:26 . 2009-08-30 12:25 -------- d-----w- c:\program files\CCleaner
2009-08-28 17:42 . 2009-04-07 16:35 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-27 12:51 . 2009-08-27 12:51 -------- d-----w- c:\program files\Alwil Software
2009-08-21 23:06 . 2009-08-21 23:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\VSO
2009-08-21 22:58 . 2009-08-21 22:58 -------- d-----w- c:\program files\VSO
2009-08-17 16:10 . 2009-08-27 12:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-27 12:52 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-27 12:52 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-27 12:52 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-27 12:52 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-27 12:52 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-27 12:52 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-27 12:52 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-27 12:52 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:06 . 2004-08-19 13:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-19 13:09 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2001-08-28 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 18:56 . 2004-08-19 13:09 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-19 13:09 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.
------- Sigcheck -------
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll
[-] 2005-10-24 . 004998C70A3521958D7111FAFC227584 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-17 149280]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"=
"c:\\Program Files\\Coolstreaming\\coolstreaming.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17247:TCP"= 17247:TCP:BitComet 17247 TCP
"17247:UDP"= 17247:UDP:BitComet 17247 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/08/2009 14:52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/08/2009 14:52 20560]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [04/04/2009 21:59 465988]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/09/2009 16:01 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/09/2009 16:01 8320]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cl8ehbsy.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 13:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-09-30 13:04
ComboFix-quarantined-files.txt 2009-09-30 11:04
Avant-CF: 745 246 720 octets libres
Après-CF: 1 156 554 752 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
219 --- E O F --- 2009-09-27 17:30
A voir également:
- Infection résistante !
- Infection ad.doubleclick.net ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
- Infection WonderShare ✓ - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus
