Analyse du rapport ComboFix

[fabou]

Bonjour,

 

j'ai suivi le tutorialde combofix et on ma inviter a envoyer le rapport combofix dans ce forum pour m'aider a nettoyer ma machine infecté

 

merci de votre disponibilite

 

 

 

ComboFix 12-03-26.01 - PIERSON 26/03/2012 9:05.1.2 - x86

Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2047.1402 [GMT 2:00]

Lancé depuis: c:\users\PIERSON\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-02-26 au 2012-03-26 ))))))))))))))))))))))))))))))))))))

.

.

2012-03-26 07:10 . 2012-03-26 07:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-26 06:49 . 2012-03-26 06:49 -------- d-----w- C:\avast! sandbox

2012-03-25 12:45 . 2012-03-26 06:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7822379-5EF2-4087-9AA6-8E67F9809A68}\offreg.dll

2012-03-24 20:55 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7822379-5EF2-4087-9AA6-8E67F9809A68}\mpengine.dll

2012-03-18 11:51 . 2012-03-18 11:51 -------- d-----w- c:\windows\system32\EventProviders

2012-03-17 19:01 . 2012-03-17 19:02 -------- d-----w- c:\users\PIERSON\AppData\Roaming\GetRightToGo

2012-03-17 13:00 . 2012-03-17 13:00 -------- d-----w- c:\windows\Downloaded Installations

2012-03-17 12:16 . 2012-03-17 12:16 -------- d-----w- c:\programdata\eMule

2012-03-17 12:16 . 2012-03-17 12:16 -------- d-----w- c:\users\PIERSON\AppData\Local\eMule

2012-03-17 12:16 . 2012-03-17 12:16 -------- d-----w- c:\program files\eMule

2012-03-15 18:17 . 2012-02-19 14:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-15 18:16 . 2012-03-15 18:16 -------- d-----w- c:\programdata\McAfee Security Scan

2012-03-15 18:16 . 2012-03-15 18:16 -------- d-----w- c:\programdata\McAfee

2012-03-15 18:16 . 2012-03-17 18:28 -------- d-----w- c:\program files\McAfee Security Scan

2012-03-15 08:00 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 08:00 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 17:25 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 17:25 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-14 17:25 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 17:25 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-14 17:25 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-14 17:25 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-14 17:24 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 17:24 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 17:24 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 17:24 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 17:24 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 17:24 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 14:42 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl

2012-03-14 14:42 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-03-14 14:41 . 2012-03-14 14:41 -------- d-----w- c:\program files\Microsoft.NET

2012-03-14 14:41 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-03-13 16:52 . 2012-03-24 20:48 -------- d-----w- c:\program files\Common Files\Steam

2012-03-13 16:52 . 2012-03-26 06:41 -------- d-----w- c:\program files\Steam

2012-03-12 16:42 . 2012-03-12 16:42 -------- d-----w- c:\program files\Winamax Poker

2012-03-12 14:57 . 2012-03-26 06:42 -------- d-----w- c:\users\PIERSON\AppData\Roaming\Skype

2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----w- c:\program files\Common Files\Skype

2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----r- c:\program files\Skype

2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----w- c:\programdata\Skype

2012-03-11 12:14 . 2012-03-12 19:32 -------- d-----w- c:\users\PIERSON\AppData\Roaming\DVDVideoSoft

2012-03-11 12:13 . 2012-03-11 12:13 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2012-03-11 12:13 . 2012-03-11 12:13 -------- d-----w- c:\program files\DVDVideoSoft

2012-03-11 12:13 . 2012-03-11 12:13 -------- d-----w- c:\program files\SweetIM

2012-03-11 12:13 . 2012-03-11 12:13 -------- d-----w- c:\programdata\SweetIM

2012-03-06 15:57 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2012-03-05 16:36 . 2012-03-05 16:36 -------- d-----w- c:\windows\system32\Macromed

2012-03-05 10:54 . 2012-03-05 10:54 -------- d-----w- c:\windows\CheckSur

2012-03-02 18:02 . 2012-02-19 11:47 -------- d-----w- c:\users\PIERSON\AppData\Local\Adobe

2012-03-02 18:00 . 2012-03-02 18:00 -------- d-----w- c:\program files\Common Files\Adobe

2012-03-02 17:20 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2012-03-02 14:30 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2012-03-02 14:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2012-03-02 13:53 . 2012-03-02 13:53 -------- d-----w- c:\windows\system32\Wat

2012-03-02 13:43 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2012-03-02 13:36 . 2012-03-02 13:36 -------- d-----w- c:\users\PIERSON\AppData\Local\ElevatedDiagnostics

2012-03-02 13:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2012-03-02 13:30 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-03-02 13:30 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2012-03-02 13:30 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2012-03-02 13:30 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2012-03-02 13:30 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2012-03-02 13:21 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe

2012-03-02 13:04 . 2012-03-02 13:04 -------- d-----w- c:\users\PIERSON\AppData\Local\Mozilla

2012-03-02 13:03 . 2012-03-08 10:32 -------- d-----w- c:\program files\Google

2012-03-02 13:03 . 2012-02-23 12:39 -------- d-----w- c:\users\PIERSON\AppData\Local\Google

2012-03-02 13:02 . 2012-03-17 15:56 -------- d-sh--w- c:\windows\Installer

2012-03-02 13:02 . 2012-03-02 13:02 -------- d-----w- c:\programdata\AVAST Software

2012-03-02 13:02 . 2012-03-02 13:02 -------- d-----w- c:\program files\AVAST Software

2012-03-02 12:39 . 2012-03-25 16:17 -------- d-----w- c:\users\UpdatusUser

2012-03-02 12:39 . 2012-02-16 08:41 -------- d-----w- c:\programdata\NVIDIA

2012-03-02 12:39 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2012-03-02 12:39 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll

2012-03-02 12:39 . 2011-10-15 08:53 123712 ----a-w- c:\windows\system32\nvshext.dll

2012-03-02 12:39 . 2011-10-15 08:53 1136448 ----a-w- c:\windows\system32\nvvsvc.exe

2012-03-02 12:39 . 2012-03-02 12:39 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-03-02 12:35 . 2009-03-10 23:18 1047552 ----a-w- c:\windows\system32\MFC71u.dll

2012-03-02 12:34 . 2012-03-15 18:07 -------- d-----w- C:\NVIDIA

2012-03-02 12:17 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll

2012-03-02 12:17 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2012-03-02 12:17 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll

2012-03-02 12:17 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll

2012-03-02 12:17 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2012-03-02 12:17 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll

2012-03-02 12:02 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2012-03-02 12:02 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll

2012-03-02 12:02 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-03-02 12:02 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll

2012-03-02 12:02 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll

2012-03-02 12:02 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll

2012-03-02 12:02 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll

2012-03-02 12:02 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll

2012-03-02 12:02 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2012-03-02 11:57 . 2012-03-02 11:57 -------- d-----w- c:\program files\Driver-Soft

2012-03-02 11:57 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-03-02 11:57 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe

2012-03-02 11:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2012-03-02 11:34 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-03-02 11:34 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-03-02 11:34 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll

2012-03-02 11:34 . 2012-02-23 08:18 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-03-02 11:23 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-03-02 11:23 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

2012-03-02 00:31 . 2012-03-02 00:31 -------- d-----w- c:\users\PIERSON\AppData\Local\Diagnostics

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-19 06:47 . 2012-03-02 13:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-01-15 130864]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2012-01-15 11:27 1330480 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"Steam"="c:\program files\Steam\Steam.exe" [2012-03-13 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 163872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Iminent"="c:\program files\Iminent\Iminent.exe" [2011-12-23 445416]

"IminentMessenger"="c:\program files\Iminent\Iminent.Messengers.exe" [2011-12-23 881144]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://search.iminent.com/?appId=02d6a9f8-fa76-4055-84d1-8c6d688f2bca&ref=homepage

mStart Page = hxxp://home.sweetim.com/?crg=4.0003002

IE: Free YouTube to MP3 Converter - c:\users\PIERSON\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\PIERSON\AppData\Roaming\Mozilla\Firefox\Profiles\l5k8jtbx.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=02d6a9f8-fa76-4055-84d1-8c6d688f2bca&lcid=1036&ref=homepage

FF - user.js: extensions.BabylonToolbar_i.id - 227cf811000000000000001d926d7a9b

FF - user.js: extensions.BabylonToolbar_i.hardId - 227cf811000000000000001d926d7a9b

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15389

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:34

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101365

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHELINS SUPPRIMES - - - -

.

URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\uTorrentBar_FR\prxtbuTor.dll

URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

BHO-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\uTorrentBar_FR\prxtbuTor.dll

BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

Toolbar-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\uTorrentBar_FR\prxtbuTor.dll

WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

AddRemove-{BC7B37B1-2C23-4114-AB12-D124C3E59D55} - c:\program files\InstallShield Installation Information\{BC7B37B1-2C23-4114-AB12-D124C3E59D55}\Republishing.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]

"value"="?\02\00\13\0e)*u"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'Explorer.exe'(940)

c:\program files\Iminent\Iminent.WinCore.dll

.

Heure de fin: 2012-03-26 09:14:09

ComboFix-quarantined-files.txt 2012-03-26 07:14

.

Avant-CF: 438 033 846 272 octets libres

Après-CF: 438 297 735 168 octets libres

.

- - End Of File - - CC7C8CFF47E91D11D1ECD05BA9DA7DDF