Rapport Combofix

[Magicdiner]

Bonjour à tous, je viens d'executer Combofix suite à un ralentissement de ma connexion qui semblait suspecte, j'ai cru comprendre que certaines personnes etaient en mesure de pouvoir analyser le rapport qui en à decouler, est il donc possible s'il vous plait de m'eclairer sur cette page qui ne me parle pas le moins du monde

Merci d'avance

 

ComboFix 09-10-14.09 - myljo 15/10/2009 16:53.1.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.247 [GMT 2:00]

Lancé depuis: c:\documents and settings\myljo\Bureau\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091014-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\314567.msi

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-15 au 2009-10-15 ))))))))))))))))))))))))))))))))))))

.

 

2009-10-14 20:32 . 2009-10-14 20:32 -------- d-----w- c:\windows\system32\wbem\Repository

2009-10-14 20:32 . 2009-10-14 20:32 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-09-27 15:41 . 2009-09-27 15:46 -------- d-----w- c:\documents and settings\myljo\Local Settings\Application Data\Temp

2009-09-27 00:04 . 2009-09-27 00:04 -------- d-----w- c:\program files\PostgreSQL

2009-09-27 00:01 . 2009-09-27 18:33 -------- d-----w- c:\program files\PokerTracker 3

2009-09-26 07:39 . 2009-09-26 07:39 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2009-09-22 18:25 . 2009-09-22 18:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-09-20 15:23 . 2009-09-20 15:23 -------- d-----w- c:\program files\AdvancedDefrag

2009-09-20 14:38 . 2009-10-14 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-20 14:38 . 2009-10-14 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-20 14:19 . 2009-09-20 14:19 -------- d-----w- c:\program files\Trend Micro

2009-09-20 13:45 . 2009-09-20 13:48 -------- d-----w- c:\program files\RegCleaner

2009-09-16 19:52 . 2009-09-16 19:52 -------- d-----w- c:\documents and settings\myljo\Application Data\Apple Computer

2009-09-15 19:15 . 2009-09-15 19:15 -------- d-----w- C:\OEMSettings

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-15 09:22 . 2009-06-20 04:38 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-14 16:50 . 2009-08-13 15:07 -------- d-----w- c:\documents and settings\myljo\Application Data\Winamp

2009-10-03 11:11 . 2009-08-01 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

2009-09-27 15:47 . 2009-07-12 11:22 -------- d-----w- c:\program files\Google

2009-09-26 07:40 . 2009-09-05 18:56 -------- d-----w- c:\program files\DivX

2009-09-20 20:52 . 2009-06-18 22:01 -------- d-----w- c:\program files\Windows Media Connect 2

2009-09-20 13:37 . 2009-07-25 23:51 -------- d-----w- c:\program files\Master Of Defense

2009-09-20 13:37 . 2009-07-21 19:12 -------- d-----w- c:\program files\EA Games

2009-09-16 19:34 . 2009-06-24 17:11 13104 ----a-w- c:\documents and settings\myljo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-15 19:17 . 2009-06-18 22:23 -------- d-----w- c:\program files\InstallShield Installation Information

2009-09-15 10:59 . 2009-06-18 22:54 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-15 10:56 . 2009-06-18 22:54 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-09-15 10:56 . 2009-06-18 22:54 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-09-15 10:55 . 2009-06-18 22:54 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-15 10:55 . 2009-06-18 22:54 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-15 10:54 . 2009-06-18 22:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-15 10:54 . 2009-06-18 22:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-15 10:53 . 2009-06-18 22:54 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-09-15 10:53 . 2009-06-18 22:54 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-05 19:05 . 2009-09-05 19:05 -------- d-----w- c:\documents and settings\myljo\Application Data\DivX

2009-09-03 17:40 . 2009-09-03 17:40 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-03 17:40 . 2009-06-18 22:16 -------- d-----w- c:\program files\Java

2009-08-25 23:32 . 2009-08-25 23:31 -------- d-----w- c:\program files\Microsoft LifeCam

2009-08-21 16:58 . 2009-08-21 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks

2009-08-21 15:49 . 2009-08-08 11:35 -------- d-----w- c:\documents and settings\myljo\Application Data\Skype

2009-08-21 15:44 . 2009-08-08 11:38 -------- d-----w- c:\documents and settings\myljo\Application Data\skypePM

2009-08-08 11:38 . 2009-08-08 11:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-08-06 11:06 . 2009-08-06 11:06 59904 ----a-w- c:\windows\system32\zlib1.dll

2009-08-06 11:02 . 2009-08-06 11:02 286720 ----a-w- c:\windows\system32\libcurl.dll

2009-08-06 11:02 . 2009-08-06 11:02 196608 ----a-w- c:\windows\system32\ssleay32.dll

2009-08-06 11:02 . 2009-08-06 11:02 1028096 ----a-w- c:\windows\system32\libeay32.dll

2009-08-06 11:02 . 2009-08-06 11:02 143360 ----a-w- c:\windows\system32\libexpatw.dll

2009-08-05 09:00 . 2004-08-19 16:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-01 22:03 . 2009-08-01 22:03 14368 ----a-w- c:\windows\skype.dat

2009-08-01 22:02 . 2009-08-01 22:02 32854 ----a-w- c:\windows\iniLS.dat

2009-07-21 20:29 . 2009-07-21 20:29 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-07-21 20:29 . 2009-07-21 20:29 139152 ----a-w- c:\documents and settings\myljo\Application Data\PnkBstrK.sys

2009-07-21 20:28 . 2009-07-21 20:28 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-07-21 20:28 . 2009-07-21 20:28 794408 ----a-w- c:\windows\system32\pbsvc.exe

2009-07-21 20:28 . 2009-07-21 20:28 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-07-17 19:03 . 2004-08-19 16:09 58880 ----a-w- c:\windows\system32\atl.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-15 520024]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"VX3000"="c:\windows\vVX3000.exe" [2006-04-26 994080]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-04-28 260896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-03 149280]

"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-07-12 1581056]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSimpleStartMenu"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

"NoResolveTrack"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"MaxRecentDocs"= 15 (0xf)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 0 (0x0)

"DisallowCpl"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\Msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\SoulseekNS\\slsk.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\PokerTracker 3\\PokerTracker.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/06/2009 06:27 64160]

R0 viadsk;viadsk;c:\windows\system32\drivers\viadsk.sys [20/06/2003 02:00 56576]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19/06/2009 00:54 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/06/2009 00:54 20560]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19/09/2008 03:03 65536]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 224896]

S2 gupdate1ca02e341d46230;Service Google Update (gupdate1ca02e341d46230);c:\program files\Google\Update\GoogleUpdate.exe [12/07/2009 13:24 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1028432]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

 

2009-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:14]

 

2009-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2009-10-15 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-12 11:22]

 

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 11:23]

 

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 11:23]

 

2009-10-15 c:\windows\Tasks\User_Feed_Synchronization-{EDF7749F-9309-4F21-9FB5-553FDF474880}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s

FF - ProfilePath - c:\documents and settings\myljo\Application Data\Mozilla\Firefox\Profiles\4uqmfgst.default\

FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\myljo\Application Data\Mozilla\Firefox\Profiles\4uqmfgst.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-15 16:57

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2009-10-15 16:59

ComboFix-quarantined-files.txt 2009-10-15 14:58

 

Avant-CF: 222 324 867 072 octets libres

Après-CF: 222 566 498 304 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

 

185 --- E O F --- 2009-09-21 23:00