Infection informatique

[promethee55]

ComboFix 09-06-21.01 - Jean-Paul 2009-06-22 8:44.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2046.1559 [GMT 2:00]

Lancé depuis: c:\documents and settings\Jean-Paul\Bureau\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Kerio Personal Firewall *enabled* {A990EAA7-8941-4621-BC27-4F16261D3180}

* Un antivirus résident est actif

 

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\muzapp.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-22 au 2009-06-22 ))))))))))))))))))))))))))))))))))))

.

 

2009-06-21 20:03 . 2009-06-21 20:33 152576 ----a-w- c:\documents and settings\Jean-Paul\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-21 14:23 . 2009-06-21 14:53 -------- d-----w- c:\documents and settings\Jean-Paul\DoctorWeb

2009-06-20 17:01 . 2009-06-20 17:04 -------- d-----w- C:\rsit

2009-06-20 11:33 . 2009-06-20 13:06 -------- d-----w- c:\program files\Navilog1

2009-06-13 22:31 . 2009-06-13 22:35 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-06-13 22:31 . 2009-06-13 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-06-06 20:46 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-06-06 20:46 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-06-06 20:46 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-06-06 20:46 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-06-06 20:46 . 2009-06-06 20:46 -------- d-----w- c:\program files\Avira

2009-06-06 20:46 . 2009-06-06 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-05-28 17:58 . 2006-02-17 11:18 139264 ----a-w- c:\windows\system32\OPDSL.DLL

2009-05-28 17:58 . 2006-02-17 11:19 139264 ----a-w- c:\windows\system32\UStorSrv.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-21 20:20 . 2009-04-16 08:04 152576 ----a-w- c:\documents and settings\Jean-Paul\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-06-21 19:54 . 2009-06-21 19:54 165 ----a-w- c:\windows\system32\drivers\fwdrv.err

2009-06-16 15:43 . 2008-08-17 10:08 -------- d-----w- c:\program files\Lame MP3 Codec

2009-06-16 15:42 . 2008-08-17 10:08 65024 ----a-w- c:\windows\IFinst26.exe

2009-06-16 15:42 . 2007-10-20 18:26 -------- d-----w- c:\documents and settings\Jean-Paul\Application Data\Audacity

2009-06-06 20:29 . 2008-04-05 15:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-06-03 18:43 . 2006-03-02 12:00 49494 ----a-w- c:\windows\system32\perfc00C.dat

2009-06-03 18:43 . 2006-03-02 12:00 370414 ----a-w- c:\windows\system32\perfh00C.dat

2009-05-24 19:34 . 2007-07-18 22:40 -------- d-----w- c:\program files\ASUS

2009-05-24 19:34 . 2007-07-18 22:37 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-24 19:33 . 2007-10-26 14:42 -------- d-----w- c:\program files\ISO Commander

2009-05-24 19:32 . 2007-07-21 14:32 -------- d-----w- c:\program files\Google

2009-05-07 15:33 . 2006-03-02 12:00 348672 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-19 19:50 . 2006-03-02 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2007-07-21 14:10 . 2007-07-21 14:10 8864939 ----a-w- c:\program files\Azureus25.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-18 949376]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]

"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]

"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-01-08 26112]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-20 577536]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]

"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-10-10 450560]

Wireless Configuration Utility.lnk - c:\program files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe [2004-10-6 442368]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=

"c:\\Documents and Settings\\Jean-Paul\\Mes documents\\Amelie\\GRS\\eMule\\emule.exe"=

"c:\\Documents and Settings\\Jean-Paul\\Bureau\\emule.exe"=

 

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-12-15 274432]

R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-12-15 81920]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-07-19 15424]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-06 108289]

R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\TNET1130.sys [2004-06-18 386688]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Gpotato.eu\Flyff\GameGuard\dump_wmimmc.sys --> c:\program files\Gpotato.eu\Flyff\GameGuard\dump_wmimmc.sys [?]

.

Contenu du dossier 'Tâches planifiées'

 

2007-10-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8184945712.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

 

2009-06-18 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

 

 

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.aol.fr/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: c:\windows\system32\imon.dll

FF - ProfilePath -

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-22 08:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1588)

c:\windows\system32\GTGina.dll

c:\windows\system32\MFC42.DLL

 

- - - - - - - > 'lsass.exe'(1652)

c:\windows\system32\imon.dll

c:\program files\Eset\pr_imon.dll

.

Heure de fin: 2009-06-22 8:53

ComboFix-quarantined-files.txt 2009-06-22 06:52

 

Avant-CF: 123,158,450,176 octets libres

Après-CF: 123,301,883,904 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer

 

161 --- E O F --- 2009-06-10 16:04

[promethee55]

petit up

[promethee55]

up

[Gof]

Bonjour promethee55

 

Navré des délais, j'ai eu très peu de disponibilités cette semaine. Vu le délai occasionné, on refait un point. Précise moi les symptômes et soucis qui subsistent, et renouvelle un rapport RSIT que tu joindras à ta réponse.