Finalement j'ai préféré le bloquer
voilà le rapport
ComboFix 08-09-27.05 - Maison 2008-09-28 23:42:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.255 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Maison\Bureau\combofix.exe
Commutateurs utilisés :: /SkipFix
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
- Mode FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.
2008-09-28 18:23 . 2008-09-28 18:42 250 --a------ C:\WINDOWS\gmer.ini
2008-09-28 18:00 . 2008-09-28 18:01 2,197 --a------ C:\WINDOWS\system32\Config.MPF
2008-09-28 17:43 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-09-28 17:43 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-09-28 17:43 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-09-28 17:42 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-28 17:38 . 2008-09-28 17:43 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-09-28 17:37 . 2008-09-28 17:39 <REP> d-------- C:\Program Files\McAfee.com
2008-09-28 17:36 . 2008-09-28 17:36 <REP> d-------- C:\WINDOWS\LastGood
2008-09-28 17:36 . 2008-09-28 17:51 <REP> d-------- C:\Program Files\McAfee
2008-09-28 17:33 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-28 11:21 . 2008-09-28 11:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-28 08:59 . 2008-09-28 08:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 17:04 . 2008-09-27 17:06 <REP> d-------- C:\rsit
2008-09-27 11:52 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-27 11:52 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-27 11:52 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-26 21:31 . 2008-09-26 21:31 <REP> d-------- C:\Utilitaires
2008-09-26 19:02 . 2008-09-26 19:04 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-26 19:01 . 2008-09-26 19:12 <REP> d-------- C:\Program Files\Windows Live
2008-09-26 18:57 . 2008-09-26 18:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-24 20:06 . 2007-07-20 20:08 3,049,097 --a------ C:\1-07 Satie_ Gymnop‚dies - 1. Lent Et.m4a
2008-09-20 08:45 . 2008-09-20 08:46 <REP> d-------- C:\Program Files\iTunes
2008-09-20 08:45 . 2008-09-20 08:45 <REP> d-------- C:\Program Files\iPod
2008-09-20 08:45 . 2008-09-20 08:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-20 08:43 . 2008-09-20 08:43 <REP> d-------- C:\Program Files\Bonjour
2008-09-20 08:41 . 2008-09-20 08:42 <REP> d-------- C:\Program Files\QuickTime
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-28 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-27 16:03 --------- d-----w C:\Program Files\SlySoft
2008-09-26 06:20 --------- d-----w C:\Documents and Settings\Maison\Application Data\OpenOffice.org2
2008-09-21 06:45 --------- d-----w C:\Program Files\Java
2008-09-20 06:41 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-08-23 14:24 --------- d-----w C:\Program Files\Apple Software Update
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;C:\WINDOWS\system32\DRIVERS\uacflt.sys [2002-05-03 21276]
S2 0324431222616506mcinstcleanup;McAfee Application Installer Cleanup (0324431222616506);C:\DOCUME~1\Maison\LOCALS~1\Temp\032443~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini [ ]
S3 ATICDSDr;ATICDSDr;C:\Dell\Drivers\R50874\bin\atiicdxx.sys [2002-03-11 5376]
*Newly Created Service* - GMER
*Newly Created Service* - MCAFEE_SITEADVISOR_SERVICE
*Newly Created Service* - MCMSCSVC
*Newly Created Service* - MCNASVC
*Newly Created Service* - MCPROXY
*Newly Created Service* - MCSHIELD
*Newly Created Service* - MCSYSMON
*Newly Created Service* - MPFSERVICE
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Maison\Application Data\Mozilla\Firefox\Profiles\cw7yqx75.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 23:45:49
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
Heure de fin: 2008-09-28 23:51:39
ComboFix-quarantined-files.txt 2008-09-28 21:51:19
Avant-CF: 44ÿ356ÿ960ÿ256 octets libres
Après-CF: 44,757,069,824 octets libres
147 --- E O F --- 2008-09-11 13:04:02
A +
Bonne nuit
Lenab01
