voilà j’ai lançé Smitfraudfix et combofix en mode sans échec et voici le rapport (smartfraudfix puis combofix):
SmitFraudFix v2.339
Rapport fait à 21:15:21,43, 24/08/2008
Executé à partir de C:\Documents and Settings\BUREAU\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SHVRTF.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcg24j0egcc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\BUREAU\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BUREAU
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BUREAU\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BUREAU\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
“Source”=“About:Home”
“SubscribedURL”=“About:Home”
“FriendlyName”=“Ma page d’accueil”
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLs”=""
“LoadAppInit_DLLs”=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,”
“System”=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d’ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip…{C2E65736-C6B9-40D5-B608-897B4C46C345}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip…{C2E65736-C6B9-40D5-B608-897B4C46C345}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip…{C2E65736-C6B9-40D5-B608-897B4C46C345}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
La c’est le rapport de combofix:
ComboFix 08-08-23.03 - BUREAU 2008-08-24 21:58:03.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1746 [GMT 2:00]
Endroit: C:\Documents and Settings\BUREAU\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\BUREAU\Application Data\rhcl24j0egcc
C:\Program Files\rhcl24j0egcc
C:\WINDOWS\system32\blphcg24j0egcc.scr
C:\WINDOWS\system32\lphcg24j0egcc.exe
C:\WINDOWS\system32\phcg24j0egcc.bmp
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))))))))
.
2008-08-24 21:15 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-24 21:15 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-24 21:15 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-24 21:15 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-24 21:15 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-24 21:15 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-24 21:15 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-24 21:15 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-24 21:15 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 21:15 . 2008-08-24 21:54 2,690 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-24 20:34 . 2008-08-24 20:35 d-------- C:\Program Files\Navilog1
2008-08-24 20:24 . 2008-08-24 20:24 d----c— C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-24 20:18 . 2008-08-24 20:18 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-08-24 20:18 . 2008-08-24 20:18 d-------- C:\Documents and Settings\BUREAU\Application Data\Malwarebytes
2008-08-24 20:18 . 2008-08-24 20:18 d----c— C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 20:18 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-24 20:18 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-24 19:15 . 2008-01-11 17:28 d–h-c— C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-24 19:15 . 2008-01-11 17:28 d–h-c— C:\Documents and Settings\Administrateur\Voisinage d’impression
2008-08-24 19:15 . 2008-01-11 17:28 d–h-c— C:\Documents and Settings\Administrateur\Modèles
2008-08-24 19:15 . 2008-01-11 17:28 d----c— C:\Documents and Settings\Administrateur\Mes documents
2008-08-24 19:15 . 2008-01-11 17:28 dr—c--- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-24 19:15 . 2008-01-11 17:28 d----c— C:\Documents and Settings\Administrateur\Favoris
2008-08-24 19:15 . 2008-01-11 17:28 d----c— C:\Documents and Settings\Administrateur\Bureau
2008-08-24 19:15 . 2008-08-24 19:15 d----c— C:\Documents and Settings\Administrateur
2008-08-24 12:59 . 2008-08-24 12:59 d-------- C:\Documents and Settings\BUREAU\Application Data\ESET
2008-08-24 12:58 . 2008-08-24 12:58 d-------- C:\Program Files\ESET
2008-08-24 12:58 . 2008-08-24 12:58 d----c— C:\Documents and Settings\All Users\Application Data\ESET
2008-08-23 21:57 . 2008-08-23 22:20 d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-21 10:02 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-21 10:02 . 2008-06-14 19:59 272,768 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 09:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-21 09:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-21 09:06 . 2008-08-21 09:06 d----c— C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-20 18:20 . 2008-08-20 18:20 d-------- C:\Program Files\Messenger Plus! Live
2008-08-20 18:10 . 2008-08-20 18:18 d-------- C:\Program Files\Windows Live
2008-08-19 19:44 . 2008-08-19 19:51 d-------- C:\Program Files\Windows Live Safety Center
2008-08-10 14:55 . 2006-03-02 14:00 93,184 --a–c— C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-10 09:54 . 2008-08-10 09:54 d-------- C:\Program Files\Common Files
2008-08-10 09:54 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-08-10 09:54 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-08-10 09:41 . 2008-08-18 10:45 d-------- C:\Program Files\Gpotato.eu
2008-08-09 19:42 . 2008-08-09 19:42 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-08-09 19:39 . 2008-08-09 19:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-08 21:52 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-08-08 21:52 . 2001-08-23 17:47 8,704 --a–c— C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-08 21:52 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-08-08 21:52 . 2001-08-23 17:47 8,192 --a–c— C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-08-08 21:52 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-08-08 21:52 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2008-08-08 21:52 . 2001-08-17 22:55 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd106.dll
2008-08-08 21:52 . 2001-08-17 22:55 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-08-08 21:52 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2008-08-08 21:52 . 2001-08-17 22:55 5,632 --a–c— C:\WINDOWS\system32\dllcache\kbd103.dll
2008-08-08 21:51 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-08-08 21:51 . 2001-08-17 22:55 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-08-08 21:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-08 20:44 . 2008-08-08 20:44 d----c— C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-08 20:39 . 2008-08-08 20:39 d-------- C:\Documents and Settings\BUREAU\Application Data\Grisoft
2008-08-08 20:37 . 2008-08-08 20:37 d----c— C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-08 18:22 . 2008-08-08 19:03 d-a–c— C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-08 14:43 . 2008-08-24 15:23 d----c— C:\Documents and Settings\All Users\Application Data\Avira
2008-08-05 16:48 . 2008-08-05 16:51 25 --a------ C:\WINDOWS\VI20.set
2008-08-04 12:09 . 2008-08-04 12:09 d-------- C:\Program Files\FrostWire
2008-08-04 12:09 . 2008-08-21 21:35 d-------- C:\Documents and Settings\BUREAU\Application Data\FrostWire
2008-07-24 12:15 . 2008-07-26 17:16 d-------- C:\Documents and Settings\BUREAU\Application Data\gtk-2.0
2008-07-24 12:14 . 2008-07-24 12:14 d-------- C:\Documents and Settings\BUREAU.thumbnails
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-24 09:09 --------- d-----w C:\Program Files\Steam
2008-08-21 16:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-20 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-09 10:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-08-09 09:42 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\OpenOffice.org2
2008-08-09 08:45 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Apple Computer
2008-08-09 08:16 --------- d-----w C:\Program Files\Google
2008-08-08 19:29 --------- d-----w C:\Program Files\Shareaza
2008-08-07 21:56 --------- d-----w C:\Program Files\World of Warcraft
2008-08-02 11:39 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Skype
2008-08-01 16:49 --------- d-----w C:\Program Files\Java
2008-07-23 14:07 --------- d-----w C:\Program Files\PhotoFiltre
2008-07-23 05:59 --------- d-----w C:\Program Files\iTunes
2008-07-23 05:58 --------- d-----w C:\Program Files\QuickTime
2008-07-23 05:58 --------- d-----w C:\Program Files\iPod
2008-07-12 19:16 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\teamspeak2
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 11:18 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-05 09:43 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-07-02 07:00 --------- d-----w C:\Program Files\CCleaner
2008-07-01 07:04 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-07-01 07:04 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-07-01 07:04 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-07-01 06:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-07-01 06:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-04 12:21 374 ----a-w C:\Documents and Settings\BUREAU\Application Data\internaldb6334.dat
2008-06-04 12:18 555 ----a-w C:\Documents and Settings\BUREAU\Application Data\internaldb8467.dat
2008-06-04 12:18 18,432 ----a-w C:\Documents and Settings\BUREAU\Application Data\internaldb41.dat
2008-05-18 17:39 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LightScribe Control Panel”=“C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe” [2007-06-20 13:49 451872]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe” [2007-07-04 15:01 148776]
“MsnMsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 11:34 5724184]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-12-05 02:41 8523776]
“NeroFilterCheck”=“C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe” [2007-07-04 15:20 161064]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-12-05 02:41 81920]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“SNPSTD2”=“C:\WINDOWS\vsnpstd2.exe” [2004-08-30 17:37 286720]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-05-28 10:14 528384]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-05-27 10:50 413696]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2008-07-10 10:51 289064]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]
“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2008-07-01 09:01 1447168]
“RTHDCPL”=“RTHDCPL.EXE” [2007-10-12 10:33 16384512 C:\WINDOWS\RTHDCPL.exe]
“nwiz”=“nwiz.exe” [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
“Protect”=“SHVRTF.EXE” [2006-03-29 09:15 1286144 C:\WINDOWS\system32\SHVRTF.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3acm”= l3codecp.acm
“vidc.dmb1”= m3jpeg32.dll
“vidc.jpeg”= m3jpeg32.dll
“VIDC.HFYU”= huffyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=“0x00000000”
“UpdatesDisableNotify”=“0x00000000”
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Steam\SteamApps\ragoudane\counter-strike source\hl2.exe”=
“C:\Program Files\Steam\Steam.exe”=
“C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe”=
“C:\Program Files\World of Warcraft\Repair.exe”=
“C:\Program Files\World of Warcraft\WoW-2.3.0-frFR-downloader.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“C:\Program Files\Steam\SteamApps\common\trackmania nations forever\TmForever.exe”=
“C:\Program Files\iTunes\iTunes.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3724:TCP”= 3724:TCP:Blizzard Downloader
“6112:TCP”= 6112:TCP:Blizzard Downloader
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 snpstd2;Trust WB-3400T Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 18:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480
Newly Created Service - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe”
.
Contenu du dossier ‘Scheduled Tasks/Tâches planifiées’
2008-08-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
-
HKLM-Run-lphcg24j0egcc - C:\WINDOWS\system32\lphcg24j0egcc.exe
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\BUREAU\Application Data\Mozilla\Firefox\Profiles\ja20brxc.default
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-08-24 21:59:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés …
Balayage caché autostart entries …
Balayage des fichiers cachés …
Scan terminé avec succès
Les fichiers cachés: 0
.
Temps d’accomplissement: 2008-08-24 22:00:11
ComboFix-quarantined-files.txt 2008-08-24 19:59:59
Pre-Run: 277,456,736,256 octets libres
Post-Run: 277,446,905,856 octets libres
219 — E O F — 2008-08-23 08:35:10