Un autre curieux

Je note l'information suivante sur le combofix2 envoyé: ComboFix 09-03-28.06 - Guy 2009-03-29 14:10:58.2 - Aujourd'hui nous sommes le 31 mars et non le 29. Y a-t-il quelque chose là de suspect?

Il s'agit d'un lecteur externe Trekstor de 320 G.

Voici un combofix2.txt trouvé dans C:\Qoobox est-ce le bon? ComboFix 09-03-28.06 - Guy 2009-03-29 14:10:58.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.544 [GMT -4:00] Lancé depuis: c:\documents and settings\Guy\Bureau\CBF.exe AV: Sympatico Security Manager Anti-Virus *On-access scanning disabled* (Updated) FW: Sympatico Security Manager Firewall *disabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . O:\Autorun.inf o:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com Q:\Autorun.inf q:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com R:\Autorun.inf r:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com S:\Autorun.inf s:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-29 )))))))))))))))))))))))))))))))))))) . 2009-03-29 12:45 . 2009-03-29 12:47 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-29 12:09 . 2009-03-29 12:11 <REP> d-------- c:\documents and settings\Guy\.SunDownloadManager 2009-03-28 19:15 . 2009-03-28 19:24 <REP> d-------- C:\ComboFix 2009-03-28 16:39 . 2009-03-28 16:39 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ScanSoft 2009-03-28 16:30 . 2009-03-28 16:31 <REP> d-------- c:\program files\Navilog1 2009-03-28 15:04 . 2009-03-28 15:04 <REP> dr------- c:\documents and settings\NetworkService\Mes documents 2009-03-28 01:05 . 2001-08-23 17:46 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-03-28 00:14 . 2008-11-06 02:03 <REP> d-------- C:\SDFix 2009-03-27 21:11 . 2009-03-28 14:56 <REP> d-------- c:\program files\FindyKill 2009-03-27 20:24 . 1997-08-05 09:18 940,304 --a------ c:\windows\system\mfc42.dll 2009-03-27 20:01 . 2009-03-27 19:51 58,891 --a------ C:\mdelk.EXE 2009-03-24 18:45 . 2009-03-24 18:47 <REP> d-------- c:\documents and settings\Administrateur\DoctorWeb 2009-03-22 21:14 . 2009-03-22 21:15 <REP> d-------- c:\documents and settings\Guy\DoctorWeb 2009-03-22 16:48 . 2009-03-22 16:48 <REP> d-------- c:\program files\Raxco 2009-03-22 16:25 . 2009-03-22 16:25 <REP> d-------- c:\program files\CA 2009-03-22 01:18 . 2009-03-22 01:18 <REP> d-------- c:\documents and settings\NetworkService\Bureau 2009-03-21 22:45 . 2009-03-21 22:45 <REP> d-------- c:\program files\Innovative Solutions 2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\LocalService\Bureau 2009-03-20 20:07 . 2009-03-20 21:15 <REP> d-------- c:\documents and settings\Guy\Application Data\QuickScan 2009-03-18 09:27 . 2009-03-18 09:27 <REP> d-------- c:\program files\FileChecker 2009-03-17 22:34 . 2009-03-17 22:34 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Zeon 2009-03-17 19:14 . 2009-03-17 19:14 <REP> d-------- C:\_AcroTemp 2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a------ c:\windows\system32\wextract.exe 2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a--c--- c:\windows\system32\dllcache\wextract.exe 2009-03-05 12:14 . 2009-03-05 12:14 <REP> d-------- c:\documents and settings\Guy\Application Data\Librarian Pro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 16:47 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-03-29 16:11 --------- d-----w c:\program files\Java 2009-03-29 12:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-29 04:02 --------- d-----w c:\program files\PersonalBrain 2009-03-29 03:22 --------- d-----w c:\documents and settings\Guy\Application Data\U3 2009-03-29 03:21 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-29 03:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-29 02:55 --------- d-----w c:\program files\Lavasoft 2009-03-29 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-29 02:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-28 04:34 --------- d-----w c:\documents and settings\Guy\Application Data\Lavasoft 2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-24 22:55 --------- d-----w c:\program files\SpywareBlaster 2009-03-24 22:50 --------- d-----w c:\program files\ma-config.com 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\Simple Sudoku 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\LimeWire 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\DVD Profiler 2009-03-21 05:18 --------- d-----w c:\documents and settings\Guy\Application Data\uTorrent 2009-03-18 13:21 --------- d-----w c:\program files\SpywareGuard 2009-03-18 01:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\Bell 2009-03-16 00:31 --------- d-----w c:\program files\Fichiers communs\Ahead 2009-03-13 10:52 --------- d-----w c:\documents and settings\Guy\Application Data\dvdcss 2009-03-11 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-09 21:43 --------- d-----w c:\program files\PowerISO 2009-03-05 22:32 --------- d-----w c:\program files\DVD Profiler3 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 02:45 --------- d-----w c:\program files\Druide 2009-02-01 18:00 --------- d-----w c:\program files\SlySoft 2009-01-31 05:06 --------- d-----w c:\documents and settings\Guy\Application Data\PersonalBrain 2009-01-29 23:02 103,488 ----a-w c:\windows\system32\drivers\AnyDVD.sys 2009-01-29 22:57 23,976 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys 2009-01-29 21:54 89,256 ----a-w c:\windows\system32\ElbyCDIO.dll 2009-01-28 16:02 --------- d-----w c:\documents and settings\Guy\Application Data\vlc 2009-01-11 00:38 31 ----a-w c:\documents and settings\Guy\jagex_runescape_preferences.dat 2008-07-11 23:23 163 ----a-w c:\program files\setuplog.txt 2008-06-26 22:50 213 ----a-w c:\documents and settings\Guy\7716.bat 2008-06-16 18:28 415 ----a-w c:\program files\file_id.diz 2008-06-16 18:27 7,628 ----a-w c:\program files\te.nfo 2008-04-13 01:07 22,118 ----a-w c:\program files\keyfinder.cfg 2008-01-11 15:49 1,224,133 ----a-w c:\program files\I_LOVE_DVT.RAR 2008-01-10 21:42 20,851,200 ----a-w c:\program files\PersonalBrain_windows_4_1_2_8_lib.exe 2007-08-22 13:21 47,360 ----a-w c:\documents and settings\Guy\Application Data\pcouffin.sys 2007-06-09 22:08 121 ----a-w c:\program files\users.dat 2007-02-20 22:43 21,416 ----a-w c:\documents and settings\Guy\Application Data\GDIPFONTCACHEV1.DAT 2006-06-15 21:18 32 ----a-r c:\documents and settings\All Users\hash.dat 2001-03-28 16:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-28_20.24.16.35 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-21 20:04:24 139,264 ----a-w c:\windows\system32\java.exe + 2009-03-29 16:47:19 144,792 ----a-w c:\windows\system32\java.exe - 2008-08-21 20:04:24 139,264 ----a-w c:\windows\system32\javaw.exe + 2009-03-29 16:47:20 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-08-21 20:04:24 143,360 ----a-w c:\windows\system32\javaws.exe + 2009-03-29 16:47:21 148,888 ----a-w c:\windows\system32\javaws.exe - 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe + 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe + 2009-03-29 16:49:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e4.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "IndexCleaner"="c:\program files\Bell\Security Manager\IdxClnR.exe" [2008-03-10 61168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Sympatico Security Manager"="c:\program files\Bell\Security Manager\RPS.exe" [2008-03-10 311024] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0smrgdf c:\documents and settings\guy\application data\iolo" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --------- 2008-06-11 23:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] --a------ 2008-06-12 03:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup1] --a------ 2008-12-20 18:46 124928 c:\windows\system32\advpack.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2005-05-20 15:46 28160 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "InCDsrv"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "AVP"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Palm\\hotsync.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\MusicBrainz Picard\\picard.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Documents and Settings\\Guy\\Bureau\\utorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service "42668:TCP"= 42668:TCP:utorrent "42668:UDP"= 42668:UDP:utorrent "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "6112:TCP"= 6112:TCP:Blizzard Downloader "85:TCP"= 85:TCP:BroadWave Web Server R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-07-23 17408] R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [2008-11-28 499716] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-06-27 179856] R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-06-27 15504] S2 CSIScanner;CSIScanner; [x] S2 spydetector;spydetector;\??\c:\program files\Spyware Process Detector\Crack\spydetector.sys --> c:\program files\Spyware Process Detector\Crack\spydetector.sys [?] S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S3 DUBE100;D-LINK DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2006-05-14 11935] S3 Radialpoint Security Services;Sympatico Security Manager;c:\program files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824] S4 ioloFileInfoList;iolo FileInfoList Service; [x] S4 ioloSystemService;iolo System Service; [x] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - JAVAQUICKSTARTERSERVICE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] \Shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com o:\ \Shell\Open\command - o:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com o:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com q:\ \Shell\Open\command - q:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com q:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com r:\ \Shell\Open\command - r:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com r:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com s:\ \Shell\Open\command - s:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com s:\ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{46524144-4652-4652-4652-465241444554}] "c:\windows\Cursors\lsass.exe" /s . Contenu du dossier 'Tâches planifiées' 2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-03-29 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Guy.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49] 2009-03-29 c:\windows\Tasks\Malwarebytes' Scheduled Update for Guy.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49] 2009-03-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx mStart Page = hxxp://sympatico.msn.ca/defaultf.aspx uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à Kaspersky Anti-Bannière IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: EarthLink Yahoo Search - c:\program files\EarthLink\Toolbar\SearchUI.dll/search.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=MICC20&q= FF - component: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\BDQScan.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19); user_pref(general.useragent.extra.zencast, Creative ZENcast v1.02.12 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14);user_pref(yahoo.homepage.dontask, true. . ------- Associations de fichier ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-29 14:14:44 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DE3BB4B-E521-0E1A-40CC-911A443483E9}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "ababfebacpnmbbobopfhkleokgdbfollpg"=hex:65,62,61,62,65,63,64,6a,62,64,66,68, 6e,63,6b,61,66,65,6f,62,66,70,70,63,6b,63,6f,6c,6f,6d,6d,6f,6e,68,66,6a,6f,\ "bbabfebacpnmbbobopehfpolfpliecciamaa"=hex:61,62,6e,6f,66,69,70,70,6d,61,69,6a, 69,6f,6d,62,6f,6f,6c,6d,68,68,67,70,6f,68,63,61,6e,62,67,62,65,6a,00,6a . Heure de fin: 2009-03-29 14:18:45 ComboFix-quarantined-files.txt 2009-03-29 18:18:37 ComboFix2.txt 2009-03-29 00:26:53 Avant-CF: 16 112 701 440 octets libres Après-CF: 16,097,288,192 octets libres Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5 290 --- E O F --- 2009-03-29 12:35:47

En effet! Petit problème! Une fenêtre s'est ouverte me demandant d'envoyer le log.txt pour analyse supplémentaire mais le fichier à envoyer ne se trouvait pas là où le chemin d'accès le cherchait. Donc j'ai repris la procédure.... Pour l'autre rapport...qui doit se trouver sur C:\ComboFix2.txt je ne le trouve pas à cet endroit, est-ce que vous parlez du log qui se crée suite à l'exécution de systemlook?

oups!! voici la suite soit du scan systemlook (désolé) SystemLook v1.0 by jpshortstuff (02.03.09) Log created at 17:19 on 31/03/2009 by Guy (Administrator - Elevation successful) ========== contents ========== c:\documents and settings\Guy\7716.bat - Opened succesfully. @Echo off :S Del app.exe If Exist app.exe Goto S :Tlg-a}c Del install.exe If Exist install.exe Goto T :G Del me.exe If Exist me.exe Goto T Del winlogo.exe If Exist winlogo.exe Goto D Del 7716.bat -=End Of File=-

Voici le scan fait après avoir fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ComboFix 09-03-31.01 - Guy 2009-03-31 16:59:55.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.472 [GMT -4:00] Lancé depuis: c:\documents and settings\Guy\Bureau\CBF.exe Commutateurs utilisés :: c:\documents and settings\Guy\Bureau\CFScript.txt AV: Sympatico Security Manager Anti-Virus *On-access scanning disabled* (Updated) FW: Sympatico Security Manager Firewall *disabled* * Un nouveau point de restauration a été créé . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 )))))))))))))))))))))))))))))))))))) . 2009-03-29 12:45 . 2009-03-29 12:47 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-29 12:09 . 2009-03-29 12:11 <REP> d-------- c:\documents and settings\Guy\.SunDownloadManager 2009-03-28 19:15 . 2009-03-28 19:24 <REP> d-------- C:\ComboFix 2009-03-28 16:39 . 2009-03-28 16:39 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ScanSoft 2009-03-28 16:30 . 2009-03-28 16:31 <REP> d-------- c:\program files\Navilog1 2009-03-28 15:04 . 2009-03-28 15:04 <REP> dr------- c:\documents and settings\NetworkService\Mes documents 2009-03-28 01:05 . 2001-08-23 17:46 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-03-28 00:14 . 2008-11-06 02:03 <REP> d-------- C:\SDFix 2009-03-27 20:24 . 1997-08-05 09:18 940,304 --a------ c:\windows\system\mfc42.dll 2009-03-27 20:01 . 2009-03-27 19:51 58,891 --a------ C:\mdelk.EXE 2009-03-24 18:45 . 2009-03-24 18:47 <REP> d-------- c:\documents and settings\Administrateur\DoctorWeb 2009-03-22 21:14 . 2009-03-22 21:15 <REP> d-------- c:\documents and settings\Guy\DoctorWeb 2009-03-22 16:48 . 2009-03-22 16:48 <REP> d-------- c:\program files\Raxco 2009-03-22 16:25 . 2009-03-22 16:25 <REP> d-------- c:\program files\CA 2009-03-22 01:18 . 2009-03-22 01:18 <REP> d-------- c:\documents and settings\NetworkService\Bureau 2009-03-21 22:45 . 2009-03-21 22:45 <REP> d-------- c:\program files\Innovative Solutions 2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\LocalService\Bureau 2009-03-20 20:07 . 2009-03-20 21:15 <REP> d-------- c:\documents and settings\Guy\Application Data\QuickScan 2009-03-17 22:34 . 2009-03-17 22:34 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Zeon 2009-03-17 19:14 . 2009-03-17 19:14 <REP> d-------- C:\_AcroTemp 2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a------ c:\windows\system32\wextract.exe 2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a--c--- c:\windows\system32\dllcache\wextract.exe 2009-02-01 13:48 . 2009-02-01 14:00 <REP> d-------- c:\program files\SlySoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-31 20:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-29 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-29 21:38 --------- d-----w c:\program files\Java 2009-03-29 21:31 --------- d-----w c:\documents and settings\Guy\Application Data\U3 2009-03-29 16:47 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-03-29 04:02 --------- d-----w c:\program files\PersonalBrain 2009-03-29 03:21 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-29 03:18 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-29 02:55 --------- d-----w c:\program files\Lavasoft 2009-03-29 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-28 04:34 --------- d-----w c:\documents and settings\Guy\Application Data\Lavasoft 2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-24 22:55 --------- d-----w c:\program files\SpywareBlaster 2009-03-24 22:50 --------- d-----w c:\program files\ma-config.com 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\Simple Sudoku 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\LimeWire 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\DVD Profiler 2009-03-21 05:18 --------- d-----w c:\documents and settings\Guy\Application Data\uTorrent 2009-03-18 13:21 --------- d-----w c:\program files\SpywareGuard 2009-03-18 01:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\Bell 2009-03-16 00:31 --------- d-----w c:\program files\Fichiers communs\Ahead 2009-03-13 10:52 --------- d-----w c:\documents and settings\Guy\Application Data\dvdcss 2009-03-11 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-09 21:43 --------- d-----w c:\program files\PowerISO 2009-03-05 22:32 --------- d-----w c:\program files\DVD Profiler3 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 02:45 --------- d-----w c:\program files\Druide 2009-01-31 05:06 --------- d-----w c:\documents and settings\Guy\Application Data\PersonalBrain 2009-01-29 23:02 103,488 ----a-w c:\windows\system32\drivers\AnyDVD.sys 2009-01-29 22:57 23,976 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys 2009-01-29 21:54 89,256 ----a-w c:\windows\system32\ElbyCDIO.dll 2009-01-28 16:02 --------- d-----w c:\documents and settings\Guy\Application Data\vlc 2009-01-11 00:38 31 ----a-w c:\documents and settings\Guy\jagex_runescape_preferences.dat 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll 2008-07-11 23:23 163 ----a-w c:\program files\setuplog.txt 2008-06-26 22:50 213 ----a-w c:\documents and settings\Guy\7716.bat 2008-06-16 18:28 415 ----a-w c:\program files\file_id.diz 2008-06-16 18:27 7,628 ----a-w c:\program files\te.nfo 2008-04-13 01:07 22,118 ----a-w c:\program files\keyfinder.cfg 2008-01-11 15:49 1,224,133 ----a-w c:\program files\I_LOVE_DVT.RAR 2008-01-10 21:42 20,851,200 ----a-w c:\program files\PersonalBrain_windows_4_1_2_8_lib.exe 2007-08-22 13:21 47,360 ----a-w c:\documents and settings\Guy\Application Data\pcouffin.sys 2007-06-09 22:08 121 ----a-w c:\program files\users.dat 2007-02-20 22:43 21,416 ----a-w c:\documents and settings\Guy\Application Data\GDIPFONTCACHEV1.DAT 2006-06-15 21:18 32 ----a-r c:\documents and settings\All Users\hash.dat 2001-03-28 16:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-28_20.24.16.35 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-21 20:04:24 139,264 ----a-w c:\windows\system32\java.exe + 2009-03-29 16:47:19 144,792 ----a-w c:\windows\system32\java.exe - 2008-08-21 20:04:24 139,264 ----a-w c:\windows\system32\javaw.exe + 2009-03-29 16:47:20 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-08-21 20:04:24 143,360 ----a-w c:\windows\system32\javaws.exe + 2009-03-29 16:47:21 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-04-13 23:33:30 1,028,096 ----a-w c:\windows\system32\mfc42.dll - 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe + 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe + 2009-03-31 20:33:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_668.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Sympatico Security Manager"="c:\program files\Bell\Security Manager\RPS.exe" [2008-03-10 311024] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0smrgdf c:\documents and settings\guy\application data\iolo [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --------- 2008-06-11 23:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] --a------ 2008-06-12 03:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup1] --a------ 2008-12-20 18:46 124928 c:\windows\system32\advpack.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2005-05-20 15:46 28160 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "InCDsrv"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "AVP"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\MusicBrainz Picard\\picard.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service "42668:TCP"= 42668:TCP:utorrent "42668:UDP"= 42668:UDP:utorrent "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "6112:TCP"= 6112:TCP:Blizzard Downloader "85:TCP"= 85:TCP:BroadWave Web Server R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-07-23 17408] R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [2008-11-28 499716] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-06-27 179856] R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-06-27 15504] S2 CSIScanner;CSIScanner; [x] S2 spydetector;spydetector;\??\c:\program files\Spyware Process Detector\Crack\spydetector.sys --> c:\program files\Spyware Process Detector\Crack\spydetector.sys [?] S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S3 DUBE100;D-LINK DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2006-05-14 11935] S3 Radialpoint Security Services;Sympatico Security Manager;c:\program files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824] S4 ioloFileInfoList;iolo FileInfoList Service; [x] S4 ioloSystemService;iolo System Service; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] \Shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com o:\ \Shell\Open\command - o:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com o:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com q:\ \Shell\Open\command - q:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com q:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com r:\ \Shell\Open\command - r:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com r:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com s:\ \Shell\Open\command - s:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com s:\ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{46524144-4652-4652-4652-465241444554}] "c:\windows\Cursors\lsass.exe" /s . Contenu du dossier 'Tâches planifiées' 2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-03-29 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Guy.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49] 2009-03-29 c:\windows\Tasks\Malwarebytes' Scheduled Update for Guy.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49] 2009-03-31 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx mStart Page = hxxp://sympatico.msn.ca/defaultf.aspx uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à Kaspersky Anti-Bannière IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: EarthLink Yahoo Search - c:\program files\EarthLink\Toolbar\SearchUI.dll/search.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=MICC20&q= FF - component: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\BDQScan.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19); user_pref(general.useragent.extra.zencast, Creative ZENcast v1.02.12 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14);user_pref(yahoo.homepage.dontask, true. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-31 17:03:36 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DE3BB4B-E521-0E1A-40CC-911A443483E9}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "ababfebacpnmbbobopfhkleokgdbfollpg"=hex:65,62,61,62,65,63,64,6a,62,64,66,68, 6e,63,6b,61,66,65,6f,62,66,70,70,63,6b,63,6f,6c,6f,6d,6d,6f,6e,68,66,6a,6f,\ "bbabfebacpnmbbobopehfpolfpliecciamaa"=hex:61,62,6e,6f,66,69,70,70,6d,61,69,6a, 69,6f,6d,62,6f,6f,6c,6d,68,68,67,70,6f,68,63,61,6e,62,67,62,65,6a,00,6a . Heure de fin: 2009-03-31 17:07:30 ComboFix-quarantined-files.txt 2009-03-31 21:07:19 ComboFix2.txt 2009-03-29 18:18:48 ComboFix3.txt 2009-03-29 00:26:53 Avant-CF: 16 149 102 592 octets libres Après-CF: 16,132,329,472 octets libres Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5 269 --- E O F --- 2009-03-31 20:39:01

Dois-je attendre d'autres commentaires suite à l'envoie du compte rendu de combofix?

Très bien reçu. Voici le contenu de combofix ComboFix 09-03-27.02 - Guy 2009-03-28 20:11:58.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.621 [GMT -4:00] Lancé depuis: c:\documents and settings\Guy\Bureau\CBF.exe AV: Sympatico Security Manager Anti-Virus *On-access scanning disabled* (Updated) FW: Sympatico Security Manager Firewall *disabled* . ADS - WINDOWS: deleted 72 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\patch.exe c:\windows\system32\drivers\gaopdxbwaxacpnqlbesxnxsfbpeapqhoerxbct.sys c:\windows\system32\drivers\gaopdxmltgkvwvixfaqbuyxuwyrodasxwpnbkj.sys c:\windows\system32\gaopdxcounter c:\windows\system32\gaopdxivsuatysmvwcolnkghdsikhhxsnybeip.dll c:\windows\system32\gaopdxotbijknntympimliykwsoulvnthyneho.dll c:\windows\system32\zip32.dll c:\windows\twain_16.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games -------\Service_PCIDump ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-29 )))))))))))))))))))))))))))))))))))) . 2009-03-28 19:15 . 2009-03-28 19:24 <REP> d-------- C:\ComboFix 2009-03-28 16:39 . 2009-03-28 16:39 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ScanSoft 2009-03-28 16:30 . 2009-03-28 16:31 <REP> d-------- c:\program files\Navilog1 2009-03-28 15:04 . 2009-03-28 15:04 <REP> dr------- c:\documents and settings\NetworkService\Mes documents 2009-03-28 01:19 . 2009-03-28 01:19 <REP> d-------- c:\program files\AxBx 2009-03-28 01:05 . 2001-08-23 17:46 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll 2009-03-28 00:14 . 2008-11-06 02:03 <REP> d-------- C:\SDFix 2009-03-27 21:11 . 2009-03-28 14:56 <REP> d-------- c:\program files\FindyKill 2009-03-27 20:24 . 1997-08-05 09:18 940,304 --a------ c:\windows\system\mfc42.dll 2009-03-27 20:01 . 2009-03-27 19:51 58,891 --a------ C:\mdelk.EXE 2009-03-24 18:45 . 2009-03-24 18:47 <REP> d-------- c:\documents and settings\Administrateur\DoctorWeb 2009-03-22 21:14 . 2009-03-22 21:15 <REP> d-------- c:\documents and settings\Guy\DoctorWeb 2009-03-22 16:48 . 2009-03-22 16:48 <REP> d-------- c:\program files\Raxco 2009-03-22 16:25 . 2009-03-22 16:25 <REP> d-------- c:\program files\CA 2009-03-22 09:02 . 2009-01-18 17:35 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-03-22 01:18 . 2009-03-22 01:18 <REP> d-------- c:\documents and settings\NetworkService\Bureau 2009-03-21 23:43 . 2009-01-18 17:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-03-21 23:42 . 2009-03-21 23:42 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-21 22:45 . 2009-03-21 22:45 <REP> d-------- c:\program files\Innovative Solutions 2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\LocalService\Bureau 2009-03-20 20:07 . 2009-03-20 21:15 <REP> d-------- c:\documents and settings\Guy\Application Data\QuickScan 2009-03-18 09:27 . 2009-03-18 09:27 <REP> d-------- c:\program files\FileChecker 2009-03-17 22:34 . 2009-03-17 22:34 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Zeon 2009-03-17 19:14 . 2009-03-17 19:14 <REP> d-------- C:\_AcroTemp 2009-03-14 23:13 . 2009-03-14 23:13 <REP> d-------- c:\program files\HDExtrem 2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a------ c:\windows\system32\wextract.exe 2009-03-05 19:07 . 2009-03-05 19:08 66,560 --a--c--- c:\windows\system32\dllcache\wextract.exe 2009-03-05 12:14 . 2009-03-05 12:14 <REP> d-------- c:\documents and settings\Guy\Application Data\Librarian Pro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 00:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-28 05:11 241,665 ---ha-w c:\windows\Cursors\lsass.exe 2009-03-28 04:36 --------- d-----w c:\program files\Lavasoft 2009-03-28 04:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-28 04:34 --------- d-----w c:\documents and settings\Guy\Application Data\Lavasoft 2009-03-28 04:34 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-24 22:55 --------- d-----w c:\program files\SpywareBlaster 2009-03-24 22:50 --------- d-----w c:\program files\ma-config.com 2009-03-23 00:46 --------- d-----w c:\documents and settings\Guy\Application Data\U3 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\Simple Sudoku 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\LimeWire 2009-03-22 21:58 --------- d-----w c:\documents and settings\Guy\Application Data\DVD Profiler 2009-03-22 04:43 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-22 04:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-21 05:18 --------- d-----w c:\documents and settings\Guy\Application Data\uTorrent 2009-03-18 13:21 --------- d-----w c:\program files\SpywareGuard 2009-03-18 01:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\Bell 2009-03-16 00:31 --------- d-----w c:\program files\Fichiers communs\Ahead 2009-03-13 10:52 --------- d-----w c:\documents and settings\Guy\Application Data\dvdcss 2009-03-11 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-09 21:43 --------- d-----w c:\program files\PowerISO 2009-03-08 20:21 --------- d-----w c:\program files\Java 2009-03-08 19:46 --------- d-----w c:\program files\PersonalBrain 2009-03-05 22:32 --------- d-----w c:\program files\DVD Profiler3 2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-09 02:45 --------- d-----w c:\program files\Druide 2009-02-01 18:00 --------- d-----w c:\program files\SlySoft 2009-01-31 05:06 --------- d-----w c:\documents and settings\Guy\Application Data\PersonalBrain 2009-01-29 23:02 103,488 ----a-w c:\windows\system32\drivers\AnyDVD.sys 2009-01-29 22:57 23,976 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys 2009-01-28 16:02 --------- d-----w c:\documents and settings\Guy\Application Data\vlc 2009-01-11 00:38 31 ----a-w c:\documents and settings\Guy\jagex_runescape_preferences.dat 2008-07-11 23:23 163 ----a-w c:\program files\setuplog.txt 2008-06-26 22:50 213 ----a-w c:\documents and settings\Guy\7716.bat 2008-06-16 18:28 415 ----a-w c:\program files\file_id.diz 2008-06-16 18:27 7,628 ----a-w c:\program files\te.nfo 2008-04-13 01:07 22,118 ----a-w c:\program files\keyfinder.cfg 2008-01-11 15:49 1,224,133 ----a-w c:\program files\I_LOVE_DVT.RAR 2008-01-10 21:42 20,851,200 ----a-w c:\program files\PersonalBrain_windows_4_1_2_8_lib.exe 2007-08-22 13:21 47,360 ----a-w c:\documents and settings\Guy\Application Data\pcouffin.sys 2007-06-09 22:08 121 ----a-w c:\program files\users.dat 2007-02-20 22:43 21,416 ----a-w c:\documents and settings\Guy\Application Data\GDIPFONTCACHEV1.DAT 2006-06-15 21:18 32 ----a-r c:\documents and settings\All Users\hash.dat 2001-03-28 16:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0smrgdf c:\documents and settings\guy\application data\iolo\\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --------- 2008-06-11 23:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] --a------ 2008-06-12 03:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup1] --a------ 2008-12-20 18:46 124928 c:\windows\system32\advpack.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2005-05-20 15:46 28160 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "InCDsrv"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "AVP"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Palm\\hotsync.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\MusicBrainz Picard\\picard.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Documents and Settings\\Guy\\Bureau\\utorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service "42668:TCP"= 42668:TCP:utorrent "42668:UDP"= 42668:UDP:utorrent "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "6112:TCP"= 6112:TCP:Blizzard Downloader "85:TCP"= 85:TCP:BroadWave Web Server R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-21 64160] R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-07-23 17408] R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [2008-11-28 499716] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-06-27 179856] R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-06-27 15504] S2 CSIScanner;CSIScanner; [x] S2 spydetector;spydetector;\??\c:\program files\Spyware Process Detector\Crack\spydetector.sys --> c:\program files\Spyware Process Detector\Crack\spydetector.sys [?] S3 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S3 DUBE100;D-LINK DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2006-05-14 11935] S3 Radialpoint Security Services;Sympatico Security Manager;c:\program files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824] S4 ioloFileInfoList;iolo FileInfoList Service; [x] S4 ioloSystemService;iolo System Service; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] \Shell\AutoRun\command - M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com o:\ \Shell\Open\command - o:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com o:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com q:\ \Shell\Open\command - q:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com q:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\R] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com r:\ \Shell\Open\command - r:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com r:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-6-43-100024049-100009553-100028700-6312.com s:\ \Shell\Open\command - s:\recycler\S-0-6-43-100024049-100009553-100028700-6312.com s:\ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{46524144-4652-4652-4652-465241444554}] "c:\windows\Cursors\lsass.exe" /s . Contenu du dossier 'Tâches planifiées' 2009-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:34] 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-03-14 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Guy.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19] 2009-03-14 c:\windows\Tasks\Malwarebytes' Scheduled Update for Guy.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19] 2009-03-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHELINS SUPPRIMES - - - - Notify-klogon - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx mStart Page = hxxp://sympatico.msn.ca/defaultf.aspx uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à Kaspersky Anti-Bannière IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: EarthLink Yahoo Search - c:\program files\EarthLink\Toolbar\SearchUI.dll/search.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\ FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/defaultf.aspx FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=MICC20&q= FF - component: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\BDQScan.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\cm79bhkt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19); user_pref(general.useragent.extra.zencast, Creative ZENcast v1.02.12 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14. . ------- Associations de fichier ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-28 20:20:32 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-602162358-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DE3BB4B-E521-0E1A-40CC-911A443483E9}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "ababfebacpnmbbobopfhkleokgdbfollpg"=hex:65,62,61,62,65,63,64,6a,62,64,66,68, 6e,63,6b,61,66,65,6f,62,66,70,70,63,6b,63,6f,6c,6f,6d,6d,6f,6e,68,66,6a,6f,\ "bbabfebacpnmbbobopehfpolfpliecciamaa"=hex:61,62,6e,6f,66,69,70,70,6d,61,69,6a, 69,6f,6d,62,6f,6f,6c,6d,68,68,67,70,6f,68,63,61,6e,62,67,62,65,6a,00,6a . ------------------------ Autres processus actifs ------------------------ . c:\program files\Bell\Security Manager\Fws.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dllhost.exe c:\program files\Executive Software\DiskeeperWorkstation\DKService.exe c:\program files\NCH Software\Components\mp3el\mp3enc.exe c:\program files\NCH Software\Components\mp3el\mp3enc.exe c:\program files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\program files\Raxco\PerfectDisk\PDEngine.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Heure de fin: 2009-03-28 20:26:50 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-29 00:26:44 Avant-CF: 16,393,097,216 octets libres Après-CF: 16,399,732,736 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5 316 --- E O F --- 2009-03-15 18:49:37

Lorsque je télécharge combofix, une fois télécharger je n'ai pas l'option de l'enregistrer sur le bureau, on me demande d'exécuter.

Merci pour votre commentaire et de m'accompagner. Je suis nouveau sur le circuit des forums, en fait c'est le premier auquel j'ose exposer mes petits problèmes informatiques. J'ai l'impression de ne pas savoir comment utiliser le forum même après avoir lu (mais peu intégrer la matière). bon bref.

J'ai accès au mode normal. Pour MBAM, il est déjà installé. Maintenant il ne s'exécute plus.

Bonjour, Depuis quelques semaines j'éprouve des problèmes avec mes services windows. De ce fait, problèmes de mise à jour de mon anti-virus, spybot et malwarebyte qui ne veulent pas s'activer, firefox (à jour) qui me dirige à d'autres sites que ceux désirés via google, bref beaucoup d'inquiétude. voici le log hijsckthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:12, on 2009-03-28 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bell\Security Manager\scnclean.exe C:\Program Files\Bell\Security Manager\rpsupdaterR.exe C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/defaultf.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [AVSetup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AVSETUP_49cda885\basic\setup.exe /CLEANUPSRCFILES /NOTEMPCLEANUP O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147646033055 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.ahmc.homeip.net:8081/activex/AxisCamControl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{20BD05B3-98A2-458B-A191-D63B971E3380}: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CS1\Services\Tcpip\..\{20BD05B3-98A2-458B-A191-D63B971E3380}: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CS2\Services\Tcpip\..\{20BD05B3-98A2-458B-A191-D63B971E3380}: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CS4\Services\Tcpip\..\{20BD05B3-98A2-458B-A191-D63B971E3380}: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CS5\Services\Tcpip\..\{20BD05B3-98A2-458B-A191-D63B971E3380}: NameServer = 85.255.112.207,85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210 O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BroadWave (BroadWaveService) - NCH Software - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing) O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe -- End of file - 10415 bytes