Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

pc infecté rapport combofix

jojolab

Par jojolab
dans Analyses et éradication malwares

 Partager

Messages recommandés

jojolab Junior Member

jojolab

Posté(e)
Posté(e)

boujour a vous,

mon pc est infecté au niveau de msn il envoi des mails tout seul

j'ai traité avec combofix voici le rapport si quelqu' un pouvais m' aider

a déchiffer .... merci d' avance...

 

ComboFix 11-03-31.01 - james 31/03/2011 23:48:30.1.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2255 [GMT -4:00]

Lancé depuis: c:\documents and settings\james\Mes documents\ComboFix.exe

AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Pare-feu *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

* Un nouveau point de restauration a été créé

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\hugo\Application Data\PriceGong

c:\documents and settings\hugo\Application Data\PriceGong\Data\1.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\a.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\b.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\c.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\d.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\e.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\f.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\g.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\h.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\i.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\J.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\k.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\l.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\m.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\n.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\o.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\p.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\q.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\r.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\s.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\t.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\u.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\v.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\w.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\x.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\y.xml

c:\documents and settings\hugo\Application Data\PriceGong\Data\z.xml

c:\documents and settings\james\Application Data\PriceGong

c:\documents and settings\james\Application Data\PriceGong\Data\1.xml

c:\documents and settings\james\Application Data\PriceGong\Data\a.xml

c:\documents and settings\james\Application Data\PriceGong\Data\b.xml

c:\documents and settings\james\Application Data\PriceGong\Data\c.xml

c:\documents and settings\james\Application Data\PriceGong\Data\d.xml

c:\documents and settings\james\Application Data\PriceGong\Data\e.xml

c:\documents and settings\james\Application Data\PriceGong\Data\f.xml

c:\documents and settings\james\Application Data\PriceGong\Data\g.xml

c:\documents and settings\james\Application Data\PriceGong\Data\h.xml

c:\documents and settings\james\Application Data\PriceGong\Data\i.xml

c:\documents and settings\james\Application Data\PriceGong\Data\J.xml

c:\documents and settings\james\Application Data\PriceGong\Data\k.xml

c:\documents and settings\james\Application Data\PriceGong\Data\l.xml

c:\documents and settings\james\Application Data\PriceGong\Data\m.xml

c:\documents and settings\james\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\james\Application Data\PriceGong\Data\n.xml

c:\documents and settings\james\Application Data\PriceGong\Data\o.xml

c:\documents and settings\james\Application Data\PriceGong\Data\p.xml

c:\documents and settings\james\Application Data\PriceGong\Data\q.xml

c:\documents and settings\james\Application Data\PriceGong\Data\r.xml

c:\documents and settings\james\Application Data\PriceGong\Data\s.xml

c:\documents and settings\james\Application Data\PriceGong\Data\t.xml

c:\documents and settings\james\Application Data\PriceGong\Data\u.xml

c:\documents and settings\james\Application Data\PriceGong\Data\v.xml

c:\documents and settings\james\Application Data\PriceGong\Data\w.xml

c:\documents and settings\james\Application Data\PriceGong\Data\x.xml

c:\documents and settings\james\Application Data\PriceGong\Data\y.xml

c:\documents and settings\james\Application Data\PriceGong\Data\z.xml

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-03-01 au 2011-04-01 ))))))))))))))))))))))))))))))))))))

.

.

2011-03-22 15:16 . 2011-03-22 15:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-03-09 23:51 . 2011-03-09 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bdch

2011-03-07 23:13 . 2011-03-16 20:50 864080 ----a-w- c:\program files\Internet Explorer\minftnet.exe

2011-03-07 22:46 . 2011-03-07 22:46 -------- d-----w- c:\documents and settings\hugo\Local Settings\Application Data\Temp

2011-03-05 00:12 . 2011-03-05 00:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\QuickScan

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 19:28 . 2011-02-19 16:55 308152 ----a-w- c:\windows\system32\drivers\trufos.sys

2011-03-07 19:24 . 2010-05-13 20:52 106456 ----a-w- c:\windows\system32\drivers\bdhv.sys

2011-02-21 01:25 . 2011-02-21 01:25 23040 ----a-w- c:\windows\system32\bddel.exe

2011-02-20 22:58 . 2011-02-19 16:55 2613517 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin

2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:59 . 2010-08-23 05:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-08-23 05:00 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-05 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-08 03:27 . 2011-02-20 23:43 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-01-08 03:27 . 2011-02-20 23:43 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-01-08 03:27 . 2010-09-25 05:34 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-01-08 03:27 . 2010-09-25 05:34 2916968 ----a-w- c:\windows\system32\nvcuvid.dll

2011-01-08 03:27 . 2010-09-25 05:34 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-01-08 03:27 . 2010-09-25 05:34 14671872 ----a-w- c:\windows\system32\nvoglnt.dll

2011-01-08 03:27 . 2010-09-25 05:34 4980736 ----a-w- c:\windows\system32\nvcuda.dll

2011-01-08 03:27 . 2010-09-25 05:34 1958400 ----a-w- c:\windows\system32\nvapi.dll

2011-01-08 03:27 . 2010-09-25 05:34 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

2011-01-08 03:27 . 2009-09-27 23:12 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-01-08 03:27 . 2009-09-27 23:12 6397824 ----a-w- c:\windows\system32\nv4_disp.dll

2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrsel.dll

2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll

2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrseng.dll

2011-01-07 23:58 . 2011-01-07 23:58 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-01-07 23:58 . 2011-01-07 23:58 331776 ----a-w- c:\windows\system32\nvrshe.dll

2011-01-07 23:58 . 2011-01-07 23:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll

2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll

2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsru.dll

2011-01-07 23:58 . 2011-01-07 23:58 262144 ----a-w- c:\windows\system32\nvrshu.dll

2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrssl.dll

2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsda.dll

2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll

2011-01-07 23:58 . 2011-01-07 23:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll

2011-01-07 23:58 . 2011-01-07 23:58 335872 ----a-w- c:\windows\system32\nvrsar.dll

2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrses.dll

2011-01-07 23:58 . 2011-01-07 23:58 278528 ----a-w- c:\windows\system32\nvrsde.dll

2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2011-01-07 23:58 . 2011-01-07 23:58 266240 ----a-w- c:\windows\system32\nvrsko.dll

2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrssk.dll

2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrssv.dll

2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsno.dll

2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrscs.dll

2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrsit.dll

2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrspt.dll

2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsja.dll

2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrspl.dll

2011-01-07 23:58 . 2011-01-07 23:58 81920 ----a-w- c:\windows\system32\nvwddi.dll

2011-01-07 23:58 . 2011-01-07 23:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-01-07 23:58 . 2011-01-07 23:58 277608 ----a-w- c:\windows\system32\nvmccs.dll

2011-01-07 23:58 . 2011-01-07 23:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe

2011-01-07 23:58 . 2011-01-07 23:58 145000 ----a-w- c:\windows\system32\nvcolor.exe

2011-01-07 23:58 . 2011-01-07 23:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll

2011-01-07 23:58 . 2011-01-07 23:58 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-01-07 14:09 . 2004-08-05 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Fichiers communs\LinkInstaller.exe

2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2010-12-30 21:29 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-01 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

"LWBKEYBOARD"="c:\program files\Labtec\Desktop\6.0\KbdAp32A.exe" [2007-03-26 395264]

"LWBMOUSE"="c:\program files\Labtec\Desktop\6.0\MOffice.exe" [2007-04-11 457728]

"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-09-18 257096]

"PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 109640]

"bluebirds"="c:\documents and settings\james\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinSys2"="c:\windows\system32\winsys2.exe" [2009-10-12 208896]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"RTHDCPL"="RTHDCPL.EXE" [2009-12-15 18789920]

"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-03-07 71216]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-03-07 1442152]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\james\Menu D‚marrer\Programmes\D‚marrage\

8614335.lnk - c:\documents and settings\james\Local Settings\Temp\dllhosts.exe [N/A]

.

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-10-27 11000]

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-6 113664]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2005-08-01 12:05 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]

2005-07-21 06:07 200704 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

2004-12-31 16:01 110592 ------w- c:\program files\CyberLink\PowerStarter\PowerBar.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/08/2010 02:37 691696]

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [18/12/2010 13:46 159616]

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [18/12/2010 13:46 5248]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [05/12/2010 07:40 11448]

R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [19/02/2011 12:55 12960]

R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [11/10/2010 19:34 43936]

R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [19/12/2010 19:40 1121536]

R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [22/04/2010 13:19 149520]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Fichiers communs\BitDefender\BitDefender Firewall\bdfndisf.sys [20/08/2010 15:41 111696]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [23/08/2010 02:30 100456]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2010 22:32 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2010 04:48 1691480]

S3 cpuz130;cpuz130;\??\c:\docume~1\james\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\james\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/09/2010 15:30 251248]

S3 Update Server;BitDefender Update Server v2;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/10/2010 19:26 307544]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [05/08/2004 08:00 14336]

S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [28/06/2010 12:55 633424]

S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [28/06/2010 12:55 970320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contenu du dossier 'Tâches planifiées'

.

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb96d9ff66cb2c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 02:32]

.

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{34DDBED4-B405-451D-9F81-8BCD3994FFC4}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

mStart Page = about:blank

IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe

.

.

------- Associations de fichier -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHELINS SUPPRIMES - - - -

.

MSConfigStartUp-{1290A33C-85F5-4164-A1BE-7DD299D4986A} - c:\program files\CyberLink\PowerBackup\PBKScheduler.exe

AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-31 23:56

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Heure de fin: 2011-03-31 23:58:40

ComboFix-quarantined-files.txt 2011-04-01 03:58

.

Avant-CF: 44 013 113 344 octets libres

Après-CF: 47 014 662 144 octets libres

.

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot Loader]

Timeout=2

Default=C:multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

.

Current=6 Default=6 Failed=5 LastKnownGood=1 Sets=1,2,3,4,5,6

- - End Of File - - 2FB8626436FFF9A8976030DA10B67F24

jojolab Junior Member

jojolab

Posté(e)
  • Auteur
Posté(e)

desolé , mais le fichier n' ai plus la , je suis debutant : j' ai relancé combofix une deuxieme fois (encore desolé) voici le rapport et ce coup ci je touche plus a rien !!!

 

ComboFix 11-04-02.01 - james 02/04/2011 13:47:26.2.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2490 [GMT -4:00]

Lancé depuis: c:\documents and settings\james\Mes documents\ComboFix.exe

AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Pare-feu *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\james\Application Data\intel64.exe

c:\documents and settings\james\Application Data\oembios.exe

c:\documents and settings\james\Application Data\PriceGong

c:\documents and settings\james\Application Data\PriceGong\Data\1.xml

c:\documents and settings\james\Application Data\PriceGong\Data\a.xml

c:\documents and settings\james\Application Data\PriceGong\Data\b.xml

c:\documents and settings\james\Application Data\PriceGong\Data\c.xml

c:\documents and settings\james\Application Data\PriceGong\Data\d.xml

c:\documents and settings\james\Application Data\PriceGong\Data\e.xml

c:\documents and settings\james\Application Data\PriceGong\Data\f.xml

c:\documents and settings\james\Application Data\PriceGong\Data\g.xml

c:\documents and settings\james\Application Data\PriceGong\Data\h.xml

c:\documents and settings\james\Application Data\PriceGong\Data\i.xml

c:\documents and settings\james\Application Data\PriceGong\Data\J.xml

c:\documents and settings\james\Application Data\PriceGong\Data\k.xml

c:\documents and settings\james\Application Data\PriceGong\Data\l.xml

c:\documents and settings\james\Application Data\PriceGong\Data\m.xml

c:\documents and settings\james\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\james\Application Data\PriceGong\Data\n.xml

c:\documents and settings\james\Application Data\PriceGong\Data\o.xml

c:\documents and settings\james\Application Data\PriceGong\Data\p.xml

c:\documents and settings\james\Application Data\PriceGong\Data\q.xml

c:\documents and settings\james\Application Data\PriceGong\Data\r.xml

c:\documents and settings\james\Application Data\PriceGong\Data\s.xml

c:\documents and settings\james\Application Data\PriceGong\Data\t.xml

c:\documents and settings\james\Application Data\PriceGong\Data\u.xml

c:\documents and settings\james\Application Data\PriceGong\Data\v.xml

c:\documents and settings\james\Application Data\PriceGong\Data\w.xml

c:\documents and settings\james\Application Data\PriceGong\Data\x.xml

c:\documents and settings\james\Application Data\PriceGong\Data\y.xml

c:\documents and settings\james\Application Data\PriceGong\Data\z.xml

c:\documents and settings\james\Application Data\sdra64.exe

c:\documents and settings\james\Application Data\twex.exe

c:\documents and settings\james\Application Data\twext.exe

c:\documents and settings\james\Application Data\wsnpoema.exe

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-03-02 au 2011-04-02 ))))))))))))))))))))))))))))))))))))

.

.

2011-03-22 15:16 . 2011-03-22 15:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-03-09 23:51 . 2011-03-09 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bdch

2011-03-07 23:13 . 2011-03-16 20:50 864080 ----a-w- c:\program files\Internet Explorer\minftnet.exe

2011-03-07 22:46 . 2011-03-07 22:46 -------- d-----w- c:\documents and settings\hugo\Local Settings\Application Data\Temp

2011-03-05 00:12 . 2011-03-05 00:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\QuickScan

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 19:28 . 2011-02-19 16:55 308152 ----a-w- c:\windows\system32\drivers\trufos.sys

2011-03-07 19:24 . 2010-05-13 20:52 106456 ----a-w- c:\windows\system32\drivers\bdhv.sys

2011-02-21 01:25 . 2011-02-21 01:25 23040 ----a-w- c:\windows\system32\bddel.exe

2011-02-20 22:58 . 2011-02-19 16:55 2613517 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin

2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:59 . 2010-08-23 05:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-08-23 05:00 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-05 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-08 03:27 . 2011-02-20 23:43 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-01-08 03:27 . 2011-02-20 23:43 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-01-08 03:27 . 2010-09-25 05:34 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-01-08 03:27 . 2010-09-25 05:34 2916968 ----a-w- c:\windows\system32\nvcuvid.dll

2011-01-08 03:27 . 2010-09-25 05:34 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-01-08 03:27 . 2010-09-25 05:34 14671872 ----a-w- c:\windows\system32\nvoglnt.dll

2011-01-08 03:27 . 2010-09-25 05:34 4980736 ----a-w- c:\windows\system32\nvcuda.dll

2011-01-08 03:27 . 2010-09-25 05:34 1958400 ----a-w- c:\windows\system32\nvapi.dll

2011-01-08 03:27 . 2010-09-25 05:34 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

2011-01-08 03:27 . 2009-09-27 23:12 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-01-08 03:27 . 2009-09-27 23:12 6397824 ----a-w- c:\windows\system32\nv4_disp.dll

2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrsel.dll

2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll

2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrseng.dll

2011-01-07 23:58 . 2011-01-07 23:58 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-01-07 23:58 . 2011-01-07 23:58 331776 ----a-w- c:\windows\system32\nvrshe.dll

2011-01-07 23:58 . 2011-01-07 23:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll

2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll

2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsru.dll

2011-01-07 23:58 . 2011-01-07 23:58 262144 ----a-w- c:\windows\system32\nvrshu.dll

2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrssl.dll

2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsda.dll

2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll

2011-01-07 23:58 . 2011-01-07 23:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll

2011-01-07 23:58 . 2011-01-07 23:58 335872 ----a-w- c:\windows\system32\nvrsar.dll

2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrses.dll

2011-01-07 23:58 . 2011-01-07 23:58 278528 ----a-w- c:\windows\system32\nvrsde.dll

2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2011-01-07 23:58 . 2011-01-07 23:58 266240 ----a-w- c:\windows\system32\nvrsko.dll

2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrssk.dll

2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrssv.dll

2011-01-07 23:58 . 2011-01-07 23:58 253952 ----a-w- c:\windows\system32\nvrsno.dll

2011-01-07 23:58 . 2011-01-07 23:58 249856 ----a-w- c:\windows\system32\nvrscs.dll

2011-01-07 23:58 . 2011-01-07 23:58 282624 ----a-w- c:\windows\system32\nvrsit.dll

2011-01-07 23:58 . 2011-01-07 23:58 274432 ----a-w- c:\windows\system32\nvrspt.dll

2011-01-07 23:58 . 2011-01-07 23:58 270336 ----a-w- c:\windows\system32\nvrsja.dll

2011-01-07 23:58 . 2011-01-07 23:58 258048 ----a-w- c:\windows\system32\nvrspl.dll

2011-01-07 23:58 . 2011-01-07 23:58 81920 ----a-w- c:\windows\system32\nvwddi.dll

2011-01-07 23:58 . 2011-01-07 23:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-01-07 23:58 . 2011-01-07 23:58 277608 ----a-w- c:\windows\system32\nvmccs.dll

2011-01-07 23:58 . 2011-01-07 23:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe

2011-01-07 23:58 . 2011-01-07 23:58 145000 ----a-w- c:\windows\system32\nvcolor.exe

2011-01-07 23:58 . 2011-01-07 23:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll

2011-01-07 23:58 . 2011-01-07 23:58 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-01-07 14:09 . 2004-08-05 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Fichiers communs\LinkInstaller.exe

2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2010-12-30 21:29 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo0.dll" [2010-12-30 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-01 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

"LWBKEYBOARD"="c:\program files\Labtec\Desktop\6.0\KbdAp32A.exe" [2007-03-26 395264]

"LWBMOUSE"="c:\program files\Labtec\Desktop\6.0\MOffice.exe" [2007-04-11 457728]

"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-09-18 257096]

"PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 109640]

"bluebirds"="c:\documents and settings\james\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinSys2"="c:\windows\system32\winsys2.exe" [2009-10-12 208896]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"RTHDCPL"="RTHDCPL.EXE" [2009-12-15 18789920]

"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-03-07 71216]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-03-07 1442152]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\james\Menu D‚marrer\Programmes\D‚marrage\

8614335.lnk - c:\documents and settings\james\Local Settings\Temp\dllhosts.exe [N/A]

.

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-10-27 11000]

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-6 113664]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2005-08-01 12:05 94208 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]

2005-07-21 06:07 200704 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

2004-12-31 16:01 110592 ------w- c:\program files\CyberLink\PowerStarter\PowerBar.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=

"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/08/2010 02:37 691696]

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [18/12/2010 13:46 159616]

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [18/12/2010 13:46 5248]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [05/12/2010 07:40 11448]

R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [19/02/2011 12:55 12960]

R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [11/10/2010 19:34 43936]

R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [19/12/2010 19:40 1121536]

R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [22/04/2010 13:19 149520]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Fichiers communs\BitDefender\BitDefender Firewall\bdfndisf.sys [20/08/2010 15:41 111696]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [23/08/2010 02:30 100456]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2010 22:32 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/12/2010 04:48 1691480]

S3 cpuz130;cpuz130;\??\c:\docume~1\james\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\james\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/09/2010 15:30 251248]

S3 Update Server;BitDefender Update Server v2;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/10/2010 19:26 307544]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [05/08/2004 08:00 14336]

S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [28/06/2010 12:55 633424]

S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [28/06/2010 12:55 970320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contenu du dossier 'Tâches planifiées'

.

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb96d9ff66cb2c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 02:32]

.

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{34DDBED4-B405-451D-9F81-8BCD3994FFC4}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

mStart Page = about:blank

IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe

.

.

------- Associations de fichier -------

.

.scr=AutoCADScriptFile

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-02 13:54

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Heure de fin: 2011-04-02 13:56:36

ComboFix-quarantined-files.txt 2011-04-02 17:56

.

Avant-CF: 46 926 508 032 octets libres

Après-CF: 46 931 214 336 octets libres

.

Current=6 Default=6 Failed=5 LastKnownGood=1 Sets=1,2,3,4,5,6

- - End Of File - - 4C7B18B960AE250EC22226B52E6091A5

et merci de m' avoir repondu a +

nardino Full Patch Member

nardino

Posté(e)
Posté(e)

Bonjour

Je ne t'ai pas demandé de refaire un scan Combofix. ?!?

Voici un procédure à faire.

1- downlo10.gifTélécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY

 

arrow210.gif Double-clique sur le fichier mbam-setup-1.50.exe (sous Vista et 7 autorise les modifications)

A la fin de l'installation, veille à ce que les options suivantes soient cochées

  • -Mettre à jour Malwarebytes' Anti-Malware
    -Exécuter Malwarebytes' Anti-Malware

arrow210.gif Clique sur Terminer

Une fenêtre Mise à jour de Malwarebytes' Anti-Malware va s'ouvrir avec une barre de progression.

Puis une autre annonçant le succès de la mise à jour de la base de données. Clique sur OK.

Le programme s'ouvre sur l'onglet Recherche.

Coche casev10.jpgExécuter un examen rapide, clique sur le bouton recher10.jpg

 

arrow210.gif A la fin du scan, sélectionne tout et clique sur Supprimer la sélection

 

arrow210.gifPoste le rapport qui s'ouvre après cette suppression.

Redémarre le pc si cela est demandé

Tu peux retrouver le rapport dans l'onglet Rapports/Logs avec la date et l'heure d'exécution.

 

2- downlo10.gifTélécharge ZHPDiag de Nicolas Coolman sur ton bureau.

 

arrow210.gif Clique sur zhpdia16.jpg pour lancer l'installation.

arrow210.gif Clique sur zhpdia17.jpg pour lancer le programme.

 

Sous Vista et Sept , il faut cliquer droit dessus et dans le menu contextuel sur Exécuter en tant qu'administrateur.

 

arrow210.gif Clique sur zhpdia10.jpg pour vérifier si une mise à jour du logiciel est disponible.

arrow210.gif Clique sur zhpdia13.jpg pour lancer le scan.

arrow210.gif Clique sur zhpdia15.jpg quand le scan sera terminé pour mettre le rapport dans le presse-papier.

 

arrow210.gifHéberge ce dernier sur Cjoint.

Poste le lien obtenu.

@+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...