dranoel

le 20 septembre 2008

Bonjour Loup blanc,

alors voici le rapport combofix

ComboFix 08-09-12.07 - LEO 2008-09-20 11:11:51.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.267 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\LEO\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

* Un nouveau point de restauration a été créé

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))

.

2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Program Files\iTunes

2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-18 21:38 . 2008-09-18 21:38 <REP> d-------- C:\Program Files\QuickTime

2008-09-18 21:34 . 2008-09-18 21:34 <REP> d-------- C:\Program Files\Bonjour

2008-09-11 10:28 . 2008-09-11 10:28 <REP> d-------- C:\Gmer

2008-09-11 10:28 . 2008-09-11 10:28 250 --a------ C:\WINDOWS\gmer.ini

2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Program Files\NOS

2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS

2008-09-06 19:23 . 2008-09-06 19:23 3,313,499 --a------ C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz

2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\_OTMoveIt

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-09-03 09:02 . 2008-09-03 09:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\LEO\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-03 08:58 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-02 23:18 . 2008-09-02 23:18 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-09-02 23:16 . 2008-09-02 23:16 <REP> d-------- C:\WINDOWS\ERUNT

2008-09-02 23:12 . 2008-09-02 23:45 <REP> d-------- C:\SDFix

2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Program Files\Avira

2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-08-31 12:19 . 2008-09-03 00:44 <REP> d-------- C:\SmitfraudFix

2008-08-31 12:16 . 2008-08-27 11:29 1,573,323 --a------ C:\SmitfraudFix.exe

2008-08-31 12:05 . 2008-09-03 00:42 3,952 --a------ C:\WINDOWS\system32\tmp.reg

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-08-25 18:02 . 2005-08-27 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-08-25 18:02 . 2005-08-27 11:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-08-25 18:02 . 2008-09-13 13:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-08-25 18:02 . 2008-08-25 18:02 <REP> d-------- C:\Documents and Settings\Administrateur

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-19 22:37 --------- d-----w C:\Documents and Settings\LEO\Application Data\Azureus

2008-09-18 19:40 --------- d-----w C:\Program Files\iPod

2008-09-08 16:01 --------- d-----w C:\Program Files\Azureus

2008-09-08 15:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-08-07 19:34 --------- d-----w C:\Documents and Settings\LEO\Application Data\Apple Computer

2008-08-07 19:32 --------- d-----w C:\Program Files\Apple Software Update

2008-08-07 19:12 --------- d-----w C:\Program Files\Safari

2008-08-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-05 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

.

------- Sigcheck -------

2002-09-07 02:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-19 16:10 510464 78e8c6d90f8b390df97b1ae3e4da44e3 C:\WINDOWS\system32\winlogon.exe

2004-08-19 16:09 1038848 caff5bac700e241711e67b27f4e4f1c0 C:\WINDOWS\explorer.exe

2002-09-07 02:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2002-09-07 02:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe

2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe

2004-08-19 16:10 110592 90bfeb102ded1bb9c86fa9c083bf3912 C:\WINDOWS\system32\services.exe

2002-09-07 02:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

2004-08-19 16:09 14848 6e1421b48437bac4a07290eb50830c5a C:\WINDOWS\system32\lsass.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2002-09-07 02:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

2005-06-11 01:53 58880 0d1417bcacddb7743d59bcf8ed355ada C:\WINDOWS\system32\spoolsv.exe

.

((((((((((((((((((((((((((((( snapshot@2008-09-13_13.58.13.78 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-18 19:40:37 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe

+ 2008-09-18 19:34:32 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe

- 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-04-17 11:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-04-17 11:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll

+ 2008-04-17 11:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys

- 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2008-04-17 11:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-05 180269]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-11-01 221184]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2004-11-01 18:22 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2004-11-01 217088]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SoundMan"="SOUNDMAN.EXE" [2004-01-08 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

C:\Documents and Settings\LEO\Menu D‚marrer\Programmes\D‚marrage\

802.11g USB 2.0 adapter Setting.lnk - C:\WINDOWS\system32\WiFiCfg.exe [2004-05-21 389120]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 565309]

VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-08-27 561152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= C:\WINDOWS\system32\i263_32.drv

"msacm.imc"= C:\WINDOWS\system32\imc32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"=

"C:\\Program Files\\ABC\\abc.exe"=

"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13894:TCP"= 13894:TCP:BitComet 13894 TCP

"13894:UDP"= 13894:UDP:BitComet 13894 UDP

"52333:UDP"= 52333:UDP:azureus2

"52333:TCP"= 52333:TCP:azureus3

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 75904]

R2 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2002-03-20 53248]

R3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2002-03-25 16026]

R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]

S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ]

S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 884864]

S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 858880]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

.

Contenu du dossier 'Tâches planifiées'

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\ji8hdqc1.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atptennis.com/

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-20 11:13:42

Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

Heure de fin: 2008-09-20 11:15:26

ComboFix-quarantined-files.txt 2008-09-20 09:14:47

ComboFix2.txt 2008-09-14 18:32:41

ComboFix3.txt 2008-09-13 11:58:54

Avant-CF: 4,545,593,344 octets libres

Après-CF: 4,513,390,592 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

210