jojolab

Membres

Afficher le profil Afficher son activité

Compteur de contenus
2
Inscription
le 4 avril 2011
Dernière visite
le 7 avril 2011

Autres informations

Mes langues
francais

jojolab's Achievements

Junior Member (3/12)

Réputation sur la communauté

pc infecté rapport combofix

jojolab a répondu à un(e) sujet de jojolab dans Analyses et éradication malwares

desolé , mais le fichier n' ai plus la , je suis debutant : j' ai relancé combofix une deuxieme fois (encore desolé) voici le rapport et ce coup ci je touche plus a rien !!! ComboFix 11-04-02.01 - james 02/04/2011 13:47:26.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2490 [GMT -4:00] Lancé depuis: c:\documents and settings\james\Mes documents\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Pare-feu *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\james\Application Data\intel64.exe c:\documents and settings\james\Application Data\oembios.exe c:\documents and settings\james\Application Data\PriceGong c:\documents and settings\james\Application Data\PriceGong\Data\1.xml c:\documents and settings\james\Application Data\PriceGong\Data\a.xml c:\documents and settings\james\Application Data\PriceGong\Data\b.xml c:\documents and settings\james\Application Data\PriceGong\Data\c.xml c:\documents and settings\james\Application Data\PriceGong\Data\d.xml c:\documents and settings\james\Application Data\PriceGong\Data\e.xml c:\documents and settings\james\Application Data\PriceGong\Data\f.xml c:\documents and settings\james\Application Data\PriceGong\Data\g.xml c:\documents and settings\james\Application Data\PriceGong\Data\h.xml c:\documents and settings\james\Application Data\PriceGong\Data\i.xml c:\documents and settings\james\Application Data\PriceGong\Data\J.xml c:\documents and settings\james\Application Data\PriceGong\Data\k.xml c:\documents and settings\james\Application Data\PriceGong\Data\l.xml c:\documents and settings\james\Application Data\PriceGong\Data\m.xml c:\documents and settings\james\Application Data\PriceGong\Data\mru.xml c:\documents and settings\james\Application Data\PriceGong\Data\n.xml c:\documents and settings\james\Application Data\PriceGong\Data\o.xml c:\documents and settings\james\Application Data\PriceGong\Data\p.xml c:\documents and settings\james\Application Data\PriceGong\Data\q.xml c:\documents and settings\james\Application Data\PriceGong\Data\r.xml c:\documents and settings\james\Application Data\PriceGong\Data\s.xml c:\documents and settings\james\Application Data\PriceGong\Data\t.xml c:\documents and settings\james\Application Data\PriceGong\Data\u.xml c:\documents and settings\james\Application Data\PriceGong\Data\v.xml c:\documents and settings\james\Application Data\PriceGong\Data\w.xml c:\documents and settings\james\Application Data\PriceGong\Data\x.xml c:\documents and settings\james\Application Data\PriceGong\Data\y.xml c:\documents and settings\james\Application Data\PriceGong\Data\z.xml c:\documents and settings\james\Application Data\sdra64.exe c:\documents and settings\james\Application Data\twex.exe c:\documents and settings\james\Application Data\twext.exe c:\documents and settings\james\Application Data\wsnpoema.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-03-02 au 2011-04-02 )))))))))))))))))))))))))))))))))))) . . 2011-03-22 15:16 . 2011-03-22 15:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-03-09 23:51 . 2011-03-09 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bdch 2011-03-07 23:13 . 2011-03-16 20:50 864080 ----a-w- c:\program files\Internet Explorer\minftnet.exe 2011-03-07 22:46 . 2011-03-07 22:46 -------- d-----w- c:\documents and settings\hugo\Local Settings\Application Data\Temp 2011-03-05 00:12 . 2011-03-05 00:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\QuickScan . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 19:28 . 2011-02-19 16:55 308152 ----a-w- c:\windows\system32\drivers\trufos.sys 2011-03-07 19:24 . 2010-05-13 20:52 106456 ----a-w- c:\windows\system32\drivers\bdhv.sys 2011-02-21 01:25 . 2011-02-21 01:25 23040 ----a-w- c:\windows\system32\bddel.exe 2011-02-20 22:58 . 2011-02-19 16:55 2613517 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin 2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2010-08-23 05:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-08-23 05:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-08 03:27 . 2011-02-20 23:43 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-01-08 03:27 . 2011-02-20 23:43 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-01-08 03:27 . 2010-09-25 05:34 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-01-08 03:27 . 2010-09-25 05:34 2916968 ----a-w- c:\windows\system32\nvcuvid.dll 2011-01-08 03:27 . 2010-09-25 05:34 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-01-08 03:27 . 2010-09-25 05:34 14671872 ----a-w- c:\windows\system32\nvoglnt.dll 2011-01-08 03:27 . 2010-09-25 05:34 4980736 ----a-w- c:\windows\system32\nvcuda.dll 2011-01-08 03:27 . 2010-09-25 05:34 1958400 ----a-w- c:\windows\system32\nvapi.dll 2011-01-08 03:27 . 2010-09-25 05:34 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-01-08 03:27 . 2009-09-27 23:12 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-01-08 03:27 . 2009-09-27 23:12 6397824 ----a-w- c:\windows\system32\nv4_disp.dll 2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrsel.dll 2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsth.dll 2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrseng.dll 2011-01-07 23:58 . 2011-01-07 23:58 126976 ----a-w- c:\windows\system32\nvrszht.dll 2011-01-07 23:58 . 2011-01-07 23:58 331776 ----a-w- c:\windows\system32\nvrshe.dll 2011-01-07 23:58 . 2011-01-07 23:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsru.dll 2011-01-07 23:58 . 2011-01-07 23:58 262144 ----a-w- c:\windows\system32\nvrshu.dll 2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrssl.dll 2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsda.dll 2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2011-01-07 23:58 . 2011-01-07 23:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2011-01-07 23:58 . 2011-01-07 23:58 335872 ----a-w- c:\windows\system32\nvrsar.dll 2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrses.dll 2011-01-07 23:58 . 2011-01-07 23:58 278528 ----a-w- c:\windows\system32\nvrsde.dll 2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2011-01-07 23:58 . 2011-01-07 23:58 266240 ----a-w- c:\windows\system32\nvrsko.dll 2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrstr.dll 2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrssk.dll 2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrssv.dll 2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsno.dll 2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrscs.dll 2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrsit.dll 2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrspt.dll 2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsja.dll 2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrspl.dll 2011-01-07 23:58 . 2011-01-07 23:58 81920 ----a-w- c:\windows\system32\nvwddi.dll 2011-01-07 23:58 . 2011-01-07 23:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-01-07 23:58 . 2011-01-07 23:58 277608 ----a-w- c:\windows\system32\nvmccs.dll 2011-01-07 23:58 . 2011-01-07 23:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe 2011-01-07 23:58 . 2011-01-07 23:58 145000 ----a-w- c:\windows\system32\nvcolor.exe 2011-01-07 23:58 . 2011-01-07 23:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-07 23:58 . 2011-01-07 23:58 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-01-07 14:09 . 2004-08-05 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Fichiers communs\LinkInstaller.exe 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-30 21:29 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-01 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040] "LWBKEYBOARD"="c:\program files\Labtec\Desktop\6.0\KbdAp32A.exe" [2007-03-26 395264] "LWBMOUSE"="c:\program files\Labtec\Desktop\6.0\MOffice.exe" [2007-04-11 457728] "PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-09-18 257096] "PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 109640] "bluebirds"="c:\documents and settings\james\Bluebirds\BlueBirds.exe" [2009-04-29 270336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinSys2"="c:\windows\system32\winsys2.exe" [2009-10-12 208896] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "RTHDCPL"="RTHDCPL.EXE" [2009-12-15 18789920] "ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-03-07 71216] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-03-07 1442152] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . c:\documents and settings\james\Menu D‚marrer\Programmes\D‚marrage\ 8614335.lnk - c:\documents and settings\james\Local Settings\Temp\dllhosts.exe [N/A] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-10-27 11000] Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-6 113664] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2005-08-01 12:05 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe] 2005-07-21 06:07 200704 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] 2004-12-31 16:01 110592 ------w- c:\program files\CyberLink\PowerStarter\PowerBar.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/08/2010 02:37 691696] R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [18/12/2010 13:46 159616] R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [18/12/2010 13:46 5248] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [05/12/2010 07:40 11448] R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [19/02/2011 12:55 12960] R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [11/10/2010 19:34 43936] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [19/12/2010 19:40 1121536] R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [22/04/2010 13:19 149520] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Fichiers communs\BitDefender\BitDefender Firewall\bdfndisf.sys [20/08/2010 15:41 111696] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [23/08/2010 02:30 100456] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2010 22:32 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2010 04:48 1691480] S3 cpuz130;cpuz130;\??\c:\docume~1\james\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\james\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/09/2010 15:30 251248] S3 Update Server;BitDefender Update Server v2;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/10/2010 19:26 307544] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [05/08/2004 08:00 14336] S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [28/06/2010 12:55 633424] S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [28/06/2010 12:55 970320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contenu du dossier 'Tâches planifiées' . 2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb96d9ff66cb2c.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 02:32] . 2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{34DDBED4-B405-451D-9F81-8BCD3994FFC4}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = about:blank IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe . . ------- Associations de fichier ------- . .scr=AutoCADScriptFile . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-02 13:54 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2011-04-02 13:56:36 ComboFix-quarantined-files.txt 2011-04-02 17:56 . Avant-CF: 46 926 508 032 octets libres Après-CF: 46 931 214 336 octets libres . Current=6 Default=6 Failed=5 LastKnownGood=1 Sets=1,2,3,4,5,6 - - End Of File - - 4C7B18B960AE250EC22226B52E6091A5 et merci de m' avoir repondu a +
- le 6 avril 2011
- 3 réponses
pc infecté rapport combofix

jojolab a posté un sujet dans Analyses et éradication malwares

boujour a vous, mon pc est infecté au niveau de msn il envoi des mails tout seul j'ai traité avec combofix voici le rapport si quelqu' un pouvais m' aider a déchiffer .... merci d' avance... ComboFix 11-03-31.01 - james 31/03/2011 23:48:30.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2255 [GMT -4:00] Lancé depuis: c:\documents and settings\james\Mes documents\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Pare-feu *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\hugo\Application Data\PriceGong c:\documents and settings\hugo\Application Data\PriceGong\Data\1.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\a.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\b.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\c.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\d.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\e.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\f.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\g.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\h.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\i.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\J.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\k.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\l.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\m.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\mru.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\n.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\o.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\p.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\q.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\r.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\s.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\t.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\u.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\v.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\w.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\x.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\y.xml c:\documents and settings\hugo\Application Data\PriceGong\Data\z.xml c:\documents and settings\james\Application Data\PriceGong c:\documents and settings\james\Application Data\PriceGong\Data\1.xml c:\documents and settings\james\Application Data\PriceGong\Data\a.xml c:\documents and settings\james\Application Data\PriceGong\Data\b.xml c:\documents and settings\james\Application Data\PriceGong\Data\c.xml c:\documents and settings\james\Application Data\PriceGong\Data\d.xml c:\documents and settings\james\Application Data\PriceGong\Data\e.xml c:\documents and settings\james\Application Data\PriceGong\Data\f.xml c:\documents and settings\james\Application Data\PriceGong\Data\g.xml c:\documents and settings\james\Application Data\PriceGong\Data\h.xml c:\documents and settings\james\Application Data\PriceGong\Data\i.xml c:\documents and settings\james\Application Data\PriceGong\Data\J.xml c:\documents and settings\james\Application Data\PriceGong\Data\k.xml c:\documents and settings\james\Application Data\PriceGong\Data\l.xml c:\documents and settings\james\Application Data\PriceGong\Data\m.xml c:\documents and settings\james\Application Data\PriceGong\Data\mru.xml c:\documents and settings\james\Application Data\PriceGong\Data\n.xml c:\documents and settings\james\Application Data\PriceGong\Data\o.xml c:\documents and settings\james\Application Data\PriceGong\Data\p.xml c:\documents and settings\james\Application Data\PriceGong\Data\q.xml c:\documents and settings\james\Application Data\PriceGong\Data\r.xml c:\documents and settings\james\Application Data\PriceGong\Data\s.xml c:\documents and settings\james\Application Data\PriceGong\Data\t.xml c:\documents and settings\james\Application Data\PriceGong\Data\u.xml c:\documents and settings\james\Application Data\PriceGong\Data\v.xml c:\documents and settings\james\Application Data\PriceGong\Data\w.xml c:\documents and settings\james\Application Data\PriceGong\Data\x.xml c:\documents and settings\james\Application Data\PriceGong\Data\y.xml c:\documents and settings\james\Application Data\PriceGong\Data\z.xml . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-03-01 au 2011-04-01 )))))))))))))))))))))))))))))))))))) . . 2011-03-22 15:16 . 2011-03-22 15:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-03-09 23:51 . 2011-03-09 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bdch 2011-03-07 23:13 . 2011-03-16 20:50 864080 ----a-w- c:\program files\Internet Explorer\minftnet.exe 2011-03-07 22:46 . 2011-03-07 22:46 -------- d-----w- c:\documents and settings\hugo\Local Settings\Application Data\Temp 2011-03-05 00:12 . 2011-03-05 00:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\QuickScan . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 19:28 . 2011-02-19 16:55 308152 ----a-w- c:\windows\system32\drivers\trufos.sys 2011-03-07 19:24 . 2010-05-13 20:52 106456 ----a-w- c:\windows\system32\drivers\bdhv.sys 2011-02-21 01:25 . 2011-02-21 01:25 23040 ----a-w- c:\windows\system32\bddel.exe 2011-02-20 22:58 . 2011-02-19 16:55 2613517 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin 2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2010-08-23 05:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-08-23 05:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-08 03:27 . 2011-02-20 23:43 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-01-08 03:27 . 2011-02-20 23:43 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-01-08 03:27 . 2010-09-25 05:34 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-01-08 03:27 . 2010-09-25 05:34 2916968 ----a-w- c:\windows\system32\nvcuvid.dll 2011-01-08 03:27 . 2010-09-25 05:34 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-01-08 03:27 . 2010-09-25 05:34 14671872 ----a-w- c:\windows\system32\nvoglnt.dll 2011-01-08 03:27 . 2010-09-25 05:34 4980736 ----a-w- c:\windows\system32\nvcuda.dll 2011-01-08 03:27 . 2010-09-25 05:34 1958400 ----a-w- c:\windows\system32\nvapi.dll 2011-01-08 03:27 . 2010-09-25 05:34 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-01-08 03:27 . 2009-09-27 23:12 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-01-08 03:27 . 2009-09-27 23:12 6397824 ----a-w- c:\windows\system32\nv4_disp.dll 2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrsel.dll 2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsth.dll 2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrseng.dll 2011-01-07 23:58 . 2011-01-07 23:58 126976 ----a-w- c:\windows\system32\nvrszht.dll 2011-01-07 23:58 . 2011-01-07 23:58 331776 ----a-w- c:\windows\system32\nvrshe.dll 2011-01-07 23:58 . 2011-01-07 23:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsru.dll 2011-01-07 23:58 . 2011-01-07 23:58 262144 ----a-w- c:\windows\system32\nvrshu.dll 2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrssl.dll 2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsda.dll 2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2011-01-07 23:58 . 2011-01-07 23:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2011-01-07 23:58 . 2011-01-07 23:58 335872 ----a-w- c:\windows\system32\nvrsar.dll 2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrses.dll 2011-01-07 23:58 . 2011-01-07 23:58 278528 ----a-w- c:\windows\system32\nvrsde.dll 2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2011-01-07 23:58 . 2011-01-07 23:58 266240 ----a-w- c:\windows\system32\nvrsko.dll 2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrstr.dll 2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrssk.dll 2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrssv.dll 2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsno.dll 2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrscs.dll 2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrsit.dll 2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrspt.dll 2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsja.dll 2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrspl.dll 2011-01-07 23:58 . 2011-01-07 23:58 81920 ----a-w- c:\windows\system32\nvwddi.dll 2011-01-07 23:58 . 2011-01-07 23:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-01-07 23:58 . 2011-01-07 23:58 277608 ----a-w- c:\windows\system32\nvmccs.dll 2011-01-07 23:58 . 2011-01-07 23:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe 2011-01-07 23:58 . 2011-01-07 23:58 145000 ----a-w- c:\windows\system32\nvcolor.exe 2011-01-07 23:58 . 2011-01-07 23:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-07 23:58 . 2011-01-07 23:58 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-01-07 14:09 . 2004-08-05 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Fichiers communs\LinkInstaller.exe 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-30 21:29 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-01 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040] "LWBKEYBOARD"="c:\program files\Labtec\Desktop\6.0\KbdAp32A.exe" [2007-03-26 395264] "LWBMOUSE"="c:\program files\Labtec\Desktop\6.0\MOffice.exe" [2007-04-11 457728] "PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-09-18 257096] "PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 109640] "bluebirds"="c:\documents and settings\james\Bluebirds\BlueBirds.exe" [2009-04-29 270336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinSys2"="c:\windows\system32\winsys2.exe" [2009-10-12 208896] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "RTHDCPL"="RTHDCPL.EXE" [2009-12-15 18789920] "ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-03-07 71216] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-03-07 1442152] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . c:\documents and settings\james\Menu D‚marrer\Programmes\D‚marrage\ 8614335.lnk - c:\documents and settings\james\Local Settings\Temp\dllhosts.exe [N/A] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-10-27 11000] Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-6 113664] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2005-08-01 12:05 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe] 2005-07-21 06:07 200704 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] 2004-12-31 16:01 110592 ------w- c:\program files\CyberLink\PowerStarter\PowerBar.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/08/2010 02:37 691696] R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [18/12/2010 13:46 159616] R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [18/12/2010 13:46 5248] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [05/12/2010 07:40 11448] R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [19/02/2011 12:55 12960] R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [11/10/2010 19:34 43936] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [19/12/2010 19:40 1121536] R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [22/04/2010 13:19 149520] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Fichiers communs\BitDefender\BitDefender Firewall\bdfndisf.sys [20/08/2010 15:41 111696] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [23/08/2010 02:30 100456] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2010 22:32 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2010 04:48 1691480] S3 cpuz130;cpuz130;\??\c:\docume~1\james\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\james\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/09/2010 15:30 251248] S3 Update Server;BitDefender Update Server v2;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/10/2010 19:26 307544] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [05/08/2004 08:00 14336] S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [28/06/2010 12:55 633424] S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [28/06/2010 12:55 970320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contenu du dossier 'Tâches planifiées' . 2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb96d9ff66cb2c.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 02:32] . 2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{34DDBED4-B405-451D-9F81-8BCD3994FFC4}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = about:blank IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe . . ------- Associations de fichier ------- . .scr=AutoCADScriptFile . - - - - ORPHELINS SUPPRIMES - - - - . MSConfigStartUp-{1290A33C-85F5-4164-A1BE-7DD299D4986A} - c:\program files\CyberLink\PowerBackup\PBKScheduler.exe AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-31 23:56 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2011-03-31 23:58:40 ComboFix-quarantined-files.txt 2011-04-01 03:58 . Avant-CF: 44 013 113 344 octets libres Après-CF: 47 014 662 144 octets libres . WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot Loader] Timeout=2 Default=C:multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [Operating Systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer . Current=6 Default=6 Failed=5 LastKnownGood=1 Sets=1,2,3,4,5,6 - - End Of File - - 2FB8626436FFF9A8976030DA10B67F24
- le 5 avril 2011
- 3 réponses
jojolab

me faire aider pour traiter un malware
- le 5 avril 2011
- Signaler

Connexion

jojolab

Compteur de contenus

Inscription

Dernière visite

Autres informations

jojolab's Achievements

Junior Member (3/12)

Réputation sur la communauté

pc infecté rapport combofix

pc infecté rapport combofix

jojolab

Zebulon

Outils en ligne

Naviguer