Bonjour, voila le rapport ComboFix :
ComboFix 08-12-15.08 - Florian 2008-12-17 14:26:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1559 [GMT 1:00]
Lancé depuis: c:\documents and settings\Florian\Bureau\flobo.exe
- Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bold.log
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\rigitaza.dll
c:\windows\system32\umabufav.ini
----- BITS: Il y a peut-être des sites infectés -----
77.74.48.105…
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-17 au 2008-12-17 ))))))))))))))))))))))))))))))))))))
.
2008-12-16 20:27 . 2008-12-16 20:27 dr------- c:\documents and settings\NetworkService\Favoris
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\documents and settings\Florian\Application Data\Malwarebytes
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 19:57 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-16 19:57 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 15:24 . 2008-12-14 15:23 31,744 --a------ c:\windows\system32\Q23Jc8P5.exe
2008-12-13 12:53 . 2008-12-13 12:53 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-06 21:25 . 2008-12-06 21:25 d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-06 21:21 . 2008-12-06 21:21 d-------- c:\windows\nview
2008-12-06 21:21 . 2008-12-02 10:13 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-06 21:21 . 2008-12-02 23:11 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-12-06 21:21 . 2008-12-17 13:16 205,242 --a------ c:\windows\system32\nvapps.xml
2008-12-06 21:21 . 2008-12-02 23:11 18,696 --a------ c:\windows\system32\nvdisp.nvu
2008-12-05 18:09 . 2008-12-05 18:09 212 --a------ c:\windows\system32\spupdsvc.inf
2008-12-05 18:07 . 2008-12-05 18:14 d-------- c:\windows\SxsCaPendDel
2008-12-03 15:11 . 2008-12-02 23:11 6,209,536 --a------ c:\windows\system32\drivers\nv4_mini.sys
2008-12-03 15:11 . 2008-12-02 23:11 6,166,272 --a------ c:\windows\system32\nv4_disp.dll
2008-12-03 14:44 . 2008-12-03 14:45 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-03 13:22 . 2008-12-03 13:22 dr-h----- c:\documents and settings\Florian\Application Data\SecuROM
2008-12-03 13:17 . 2008-12-03 13:17 d-------- c:\windows\system32\xlive
2008-12-03 13:17 . 2008-12-03 13:30 d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-03 12:31 . 2008-12-03 12:31 d-------- c:\program files\MSBuild
2008-12-03 12:30 . 2008-12-05 18:12 d-------- c:\windows\system32\XPSViewer
2008-12-03 12:30 . 2008-12-03 12:30 d-------- c:\program files\Reference Assemblies
2008-12-03 12:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 10:39 --------- d-----w c:\program files\Wanadoo
2008-12-16 15:32 93,782 --sha-w c:\windows\system32\lanadata.dll
2008-12-14 14:47 --------- d-----w c:\documents and settings\Florian\Application Data\LimeWire
2008-12-03 13:09 --------- d–h--w c:\program files\InstallShield Installation Information
2008-11-12 17:36 --------- d-----w c:\documents and settings\Florian\Application Data\Canon
2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-07-31 10:25 22,328 ----a-w c:\documents and settings\Florian\Application Data\PnkBstrK.sys
2008-01-11 22:06 1,602 ----a-w c:\documents and settings\Florian\Application Data\filterclsid.dat
2006-05-03 09:06 163,328 --sh–r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh–r c:\windows\system32\msfDX.dll
2008-09-16 14:32 61,440 --sha-w c:\windows\system32\wuyojogi.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“F-Secure Manager”=“c:\program files\Securitoo\av_fw\Common\FSM32.EXE” [2007-06-13 176177]
“F-Secure TNB”=“c:\program files\Securitoo\av_fw\FSGUI\TNBUtil.exe” [2007-06-13 733184]
“JMB36X IDE Setup”=“c:\windows\RaidTool\xInsIDE.exe” [2007-03-20 36864]
“36X Raid Configurer”=“c:\windows\system32\xRaidSetup.exe” [2007-11-19 1970176]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-12-02 13680640]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-12-02 86016]
“nwiz”=“nwiz.exe” [2008-12-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i420vfw.dll
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d’Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d’Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d’Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
–a------ 2006-11-12 11:48 157592 d:\daemon tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
–a------ 2003-05-08 10:00 49152 d:\omnipage\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 14:49 20480 c:\progra~1\Wanadoo\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-07-21 09:56 16261632 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\WINDOWS\system32\PnkBstrA.exe”=
“c:\WINDOWS\system32\PnkBstrB.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“d:\CoH opposing fronts\RelicCOH.exe”=
“c:\WINDOWS\system32\muzapp.exe”=
“d:\Crysis\Bin32\Crysis.exe”=
“d:\Crysis\Bin32\CrysisDedicatedServer.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=
“d:\PES 2009\pes2009.exe”=
“d:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe”=
“d:\GTA IV\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe”=
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-01-03 51072]
R1 F-Secure HIPS;F-Secure HIPS;??\c:\program files\Securitoo\av_fw\HIPS\fshs.sys [2008-01-03 41184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;??\c:\program files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys [2008-01-03 52736]
S3 DigiCellDriver;DigiCellDriver;??\c:\program files\MSI\DigiCell\NTGLM7X.sys []
S3 RushTopDevice2;RushTopDevice2;??\c:\program files\MSI\DualCoreCenter\RushTop.sys []
S4 F-Secure Filter;F-Secure File System Filter;??\c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2008-01-03 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;??\c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2008-01-03 18432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{43b964d2-8ff3-11dd-9ab8-0019db4ab03e}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5a131ac2-41c0-11dc-bd7d-806d6172696f}]
\Shell\AutoRun\command - F:\Livebox.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b2342196-5146-11dc-ba8e-806d6172696f}]
\Shell\AutoRun\command - F:\FarCryAutoCD.exe
Newly Created Service - CATCHME
Newly Created Service - PROCEXP90
.
Contenu du dossier ‘Tâches planifiées’
2008-12-14 c:\windows\Tasks\At1.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At10.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At11.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At12.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-17 c:\windows\Tasks\At13.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-17 c:\windows\Tasks\At14.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-17 c:\windows\Tasks\At15.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-16 c:\windows\Tasks\At16.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-16 c:\windows\Tasks\At17.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-16 c:\windows\Tasks\At18.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-16 c:\windows\Tasks\At19.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At2.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-15 c:\windows\Tasks\At20.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-16 c:\windows\Tasks\At21.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-16 c:\windows\Tasks\At22.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-16 c:\windows\Tasks\At23.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At24.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At3.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At4.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At5.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At6.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At7.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At8.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
2008-12-14 c:\windows\Tasks\At9.job
- c:\windows\system32\Q23Jc8P5.exe [2008-12-14 15:23]
.
-
-
-
- ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-SMSTray - d:\samsung media studio 5\SMSTray.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = www.google.com…
uStart Page = www.google.fr…
uSearchURL,(Default) = www.google.com…
IE: E&xporter vers Microsoft Excel - d:\office\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d’impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O16 -: {5AEF5128-FE70-49E8-9E86-45F0A2D7E4EE} - go.opendisc.net…
c:\windows\Downloaded Program Files\OpendiscLight.inf
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - fichiers.touslesdrivers.com…
c:\windows\Downloaded Program Files\hardwaredetection.inf
.
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-12-17 14:26:51
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
Scan terminé avec succès
Fichiers cachés: 0
.
--------------------- DLLs chargées dans les processus actifs ---------------------
-
-
-
-
-
-
-
‘winlogon.exe’(804)
c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll
-
-
-
-
-
-
-
‘lsass.exe’(860)
c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll
-
-
-
-
-
-
-
‘csrss.exe’(776)
c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll
.
Heure de fin: 2008-12-17 14:27:29
ComboFix-quarantined-files.txt 2008-12-17 13:27:15
Avant-CF: 4 124 921 856 octets libres
Après-CF: 4,313,702,400 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professionnel” /noexecute=optin /fastdetect
250 — E O F — 2008-12-12 16:44:54