Rapport Combofix [Problème Bagle]
Dernière réponse : dans Sécurité
Bonjour, je semble être infecté du virus Bagle, et mon antivirus ne fonctionne plus. Je cherche de l'aide pour pouvoir l'éradiquer de mon PC.
Voici mon rapport ComboFix, que puis-je faire pour en finir avec cette peste ?
****************************************************
ComboFix 08-08-01.04 - Jimmy 2008-08-02 15:12:46.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.203 [GMT 2:00]
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jimmy\Application Data\m
C:\Documents and Settings\Jimmy\Application Data\m\flec006.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\bojbjsmb.ini
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\104720.exe
C:\WINDOWS\system32\drivers\downld\113052.exe
C:\WINDOWS\system32\drivers\downld\125280.exe
C:\WINDOWS\system32\drivers\downld\128274.exe
C:\WINDOWS\system32\drivers\downld\199667.exe
C:\WINDOWS\system32\drivers\downld\201910.exe
C:\WINDOWS\system32\drivers\downld\212715.exe
C:\WINDOWS\system32\drivers\downld\222560.exe
C:\WINDOWS\system32\drivers\downld\234176.exe
C:\WINDOWS\system32\drivers\downld\237641.exe
C:\WINDOWS\system32\drivers\downld\247055.exe
C:\WINDOWS\system32\drivers\downld\251721.exe
C:\WINDOWS\system32\drivers\downld\2582233.exe
C:\WINDOWS\system32\drivers\downld\2592337.exe
C:\WINDOWS\system32\drivers\downld\2600078.exe
C:\WINDOWS\system32\drivers\downld\2601691.exe
C:\WINDOWS\system32\drivers\downld\2612156.exe
C:\WINDOWS\system32\drivers\downld\2614890.exe
C:\WINDOWS\system32\drivers\downld\2623322.exe
C:\WINDOWS\system32\drivers\downld\2626566.exe
C:\WINDOWS\system32\drivers\downld\2715204.exe
C:\WINDOWS\system32\drivers\downld\2735172.exe
C:\WINDOWS\system32\drivers\downld\2989098.exe
C:\WINDOWS\system32\drivers\downld\3024909.exe
C:\WINDOWS\system32\drivers\downld\3056014.exe
C:\WINDOWS\system32\drivers\downld\3059329.exe
C:\WINDOWS\system32\drivers\downld\3075342.exe
C:\WINDOWS\system32\drivers\downld\3080809.exe
C:\WINDOWS\system32\drivers\downld\3189245.exe
C:\WINDOWS\system32\drivers\downld\3220831.exe
C:\WINDOWS\system32\drivers\downld\331696.exe
C:\WINDOWS\system32\drivers\downld\428946.exe
C:\WINDOWS\system32\drivers\downld\685445.exe
C:\WINDOWS\system32\drivers\downld\688520.exe
C:\WINDOWS\system32\drivers\downld\700417.exe
C:\WINDOWS\system32\drivers\downld\727275.exe
C:\WINDOWS\system32\drivers\downld\731131.exe
C:\WINDOWS\system32\drivers\downld\744450.exe
C:\WINDOWS\system32\drivers\downld\839467.exe
C:\WINDOWS\system32\drivers\downld\858204.exe
C:\WINDOWS\system32\drivers\downld\96068.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\gifjcyrq.ini
C:\WINDOWS\system32\hhfaxurj.ini
C:\WINDOWS\system32\HhQYFfhk.ini
C:\WINDOWS\system32\HhQYFfhk.ini2
C:\WINDOWS\system32\khebxbrvlp.dat
C:\WINDOWS\system32\khebxbrvlp_nav.dat
C:\WINDOWS\system32\khebxbrvlp_navps.dat
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))))))
.
2008-08-02 14:24 . 2008-08-02 14:24 <REP> d--hs---- C:\FOUND.018
2008-08-02 14:18 . 2008-08-02 14:18 <REP> d-------- C:\Program Files\Alwil Software
2008-07-24 18:47 . 2008-07-24 18:47 <REP> d-------- C:\Program Files\Dofus
2008-07-24 17:26 . 1998-07-13 00:00 119,568 --a------ C:\WINDOWS\system\VB6FR.DLL
2008-07-24 14:39 . 2008-07-24 14:39 <REP> d--hs---- C:\FOUND.017
2008-07-22 19:41 . 2008-07-22 19:41 4,808 --a------ C:\WINDOWS\system32\gaeffect.sti
2008-07-22 19:41 . 2008-07-22 19:41 3,176 --a------ C:\WINDOWS\system32\gafilter.sti
2008-07-22 19:40 . 2008-07-22 19:40 <REP> d-------- C:\Program Files\Ulead Systems
2008-07-22 19:40 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-07-22 19:40 . 2008-07-23 19:49 427 --a------ C:\WINDOWS\ULEAD32.INI
2008-07-22 11:51 . 2008-07-22 11:51 <REP> d-------- C:\Program Files\iPod
2008-07-21 19:17 . 2008-07-21 19:17 286,720 --a------ C:\WINDOWS\iun506.exe
2008-07-15 13:09 . 2008-07-15 13:09 <REP> d-------- C:\Freebox
2008-07-11 21:16 . 2008-07-11 21:16 <REP> d-------- C:\Program Files\Safari
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 11:28 70,656 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
2008-08-02 11:28 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-07-24 20:42 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-29 19:03 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 10:11 --------- d-----w C:\Documents and Settings\Jimmy\Application Data\Mp3tag
2008-06-14 18:17 290,816 ------w C:\WINDOWS\Setup1.exe
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 18:17 --------- d--h--w C:\Program Files\Zero G Registry
2008-05-29 07:28 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-01-12 17:52 50,816 ----a-w C:\Documents and Settings\Jimmy\Application Data\GDIPFONTCACHEV1.DAT
2006-11-25 21:39 31 ----a-w C:\Documents and Settings\Jimmy\getfile.dat
2006-06-30 20:19 56 --sh--r C:\WINDOWS\system32\CD684F7F10.sys
2006-11-07 17:11 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-30 10:36 80 --sh--r C:\WINDOWS\system32\CD684F7F10.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent Application"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2008-08-02 14:25 69632]
"BitDefender Security Service"="C:\Program Files\Softwin\BitDefender10\vsserv.exe" [2008-08-02 14:09 462848]
"BitDefender Management Console"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2008-08-02 14:25 290816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2005-04-08 18:18 151552]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"G:\\Jimmy\\Logiciels\\Opera\\opera.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Jimmy\\Logiciels\\uTorrent\\utorrent.exe"=
"G:\\Jimmy\\Logiciels\\eMule\\emule.exe"=
"G:\\Jimmy\\Logiciels\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\system32\DRIVERS\fhlpppoe.sys [2002-10-03 16:14]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 17:09]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-29 21:03]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e92b6701-11c5-11dc-bdab-d50abc7a5cef}]
\Shell\AutoRun\command - I:\nideiect.com
\Shell\explore\Command - I:\nideiect.com
\Shell\open\Command - I:\nideiect.com
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2007-12-01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- G:\Jimmy\Logiciels\SpyEraser\SpyEraser.exe [2008-01-29 10:13]
2008-08-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{9D1F87E7-4D72-41AB-9D57-D101A08F20E5} - (no file)
ShellExecuteHooks-{483910AC-20E0-42A6-B6F5-3902EEF878D0} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jimmy\Application Data\Mozilla\Firefox\Profiles\rfswdu2l.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npoji610.dll
FF -: plugin - G:\Jimmy\Logiciels\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npnul32.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin2.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin3.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin4.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin5.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin6.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin7.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npdsplay.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin2.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin3.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin4.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin5.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin6.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin7.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\NPSWF32.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npwmsdrm.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin7.dll
FF -: plugin - G:\Jimmy\Logiciels\Real Alternative\browser\plugins\nppl3260.dll
FF -: plugin - G:\Jimmy\Logiciels\Real Alternative\browser\plugins\nprpjplug.dll
FF -: plugin - G:\Jimmy\Logiciels\VLC\npvlc.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 15:17:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\WINDOWS\SYSTEM32\LOCATOR.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\MSPMSPSV.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-02 15:20:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 13:19:56
Pre-Run: 5,024,624,640 octets libres
Post-Run: 4,887,605,248 octets libres
274 --- E O F --- 2008-07-17 06:54:37
Voici mon rapport ComboFix, que puis-je faire pour en finir avec cette peste ?
****************************************************
ComboFix 08-08-01.04 - Jimmy 2008-08-02 15:12:46.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.203 [GMT 2:00]
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jimmy\Application Data\m
C:\Documents and Settings\Jimmy\Application Data\m\flec006.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\bojbjsmb.ini
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\104720.exe
C:\WINDOWS\system32\drivers\downld\113052.exe
C:\WINDOWS\system32\drivers\downld\125280.exe
C:\WINDOWS\system32\drivers\downld\128274.exe
C:\WINDOWS\system32\drivers\downld\199667.exe
C:\WINDOWS\system32\drivers\downld\201910.exe
C:\WINDOWS\system32\drivers\downld\212715.exe
C:\WINDOWS\system32\drivers\downld\222560.exe
C:\WINDOWS\system32\drivers\downld\234176.exe
C:\WINDOWS\system32\drivers\downld\237641.exe
C:\WINDOWS\system32\drivers\downld\247055.exe
C:\WINDOWS\system32\drivers\downld\251721.exe
C:\WINDOWS\system32\drivers\downld\2582233.exe
C:\WINDOWS\system32\drivers\downld\2592337.exe
C:\WINDOWS\system32\drivers\downld\2600078.exe
C:\WINDOWS\system32\drivers\downld\2601691.exe
C:\WINDOWS\system32\drivers\downld\2612156.exe
C:\WINDOWS\system32\drivers\downld\2614890.exe
C:\WINDOWS\system32\drivers\downld\2623322.exe
C:\WINDOWS\system32\drivers\downld\2626566.exe
C:\WINDOWS\system32\drivers\downld\2715204.exe
C:\WINDOWS\system32\drivers\downld\2735172.exe
C:\WINDOWS\system32\drivers\downld\2989098.exe
C:\WINDOWS\system32\drivers\downld\3024909.exe
C:\WINDOWS\system32\drivers\downld\3056014.exe
C:\WINDOWS\system32\drivers\downld\3059329.exe
C:\WINDOWS\system32\drivers\downld\3075342.exe
C:\WINDOWS\system32\drivers\downld\3080809.exe
C:\WINDOWS\system32\drivers\downld\3189245.exe
C:\WINDOWS\system32\drivers\downld\3220831.exe
C:\WINDOWS\system32\drivers\downld\331696.exe
C:\WINDOWS\system32\drivers\downld\428946.exe
C:\WINDOWS\system32\drivers\downld\685445.exe
C:\WINDOWS\system32\drivers\downld\688520.exe
C:\WINDOWS\system32\drivers\downld\700417.exe
C:\WINDOWS\system32\drivers\downld\727275.exe
C:\WINDOWS\system32\drivers\downld\731131.exe
C:\WINDOWS\system32\drivers\downld\744450.exe
C:\WINDOWS\system32\drivers\downld\839467.exe
C:\WINDOWS\system32\drivers\downld\858204.exe
C:\WINDOWS\system32\drivers\downld\96068.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\gifjcyrq.ini
C:\WINDOWS\system32\hhfaxurj.ini
C:\WINDOWS\system32\HhQYFfhk.ini
C:\WINDOWS\system32\HhQYFfhk.ini2
C:\WINDOWS\system32\khebxbrvlp.dat
C:\WINDOWS\system32\khebxbrvlp_nav.dat
C:\WINDOWS\system32\khebxbrvlp_navps.dat
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))))))
.
2008-08-02 14:24 . 2008-08-02 14:24 <REP> d--hs---- C:\FOUND.018
2008-08-02 14:18 . 2008-08-02 14:18 <REP> d-------- C:\Program Files\Alwil Software
2008-07-24 18:47 . 2008-07-24 18:47 <REP> d-------- C:\Program Files\Dofus
2008-07-24 17:26 . 1998-07-13 00:00 119,568 --a------ C:\WINDOWS\system\VB6FR.DLL
2008-07-24 14:39 . 2008-07-24 14:39 <REP> d--hs---- C:\FOUND.017
2008-07-22 19:41 . 2008-07-22 19:41 4,808 --a------ C:\WINDOWS\system32\gaeffect.sti
2008-07-22 19:41 . 2008-07-22 19:41 3,176 --a------ C:\WINDOWS\system32\gafilter.sti
2008-07-22 19:40 . 2008-07-22 19:40 <REP> d-------- C:\Program Files\Ulead Systems
2008-07-22 19:40 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-07-22 19:40 . 2008-07-23 19:49 427 --a------ C:\WINDOWS\ULEAD32.INI
2008-07-22 11:51 . 2008-07-22 11:51 <REP> d-------- C:\Program Files\iPod
2008-07-21 19:17 . 2008-07-21 19:17 286,720 --a------ C:\WINDOWS\iun506.exe
2008-07-15 13:09 . 2008-07-15 13:09 <REP> d-------- C:\Freebox
2008-07-11 21:16 . 2008-07-11 21:16 <REP> d-------- C:\Program Files\Safari
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 11:28 70,656 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
2008-08-02 11:28 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-07-24 20:42 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-29 19:03 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 10:11 --------- d-----w C:\Documents and Settings\Jimmy\Application Data\Mp3tag
2008-06-14 18:17 290,816 ------w C:\WINDOWS\Setup1.exe
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 18:17 --------- d--h--w C:\Program Files\Zero G Registry
2008-05-29 07:28 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-01-12 17:52 50,816 ----a-w C:\Documents and Settings\Jimmy\Application Data\GDIPFONTCACHEV1.DAT
2006-11-25 21:39 31 ----a-w C:\Documents and Settings\Jimmy\getfile.dat
2006-06-30 20:19 56 --sh--r C:\WINDOWS\system32\CD684F7F10.sys
2006-11-07 17:11 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-30 10:36 80 --sh--r C:\WINDOWS\system32\CD684F7F10.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent Application"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2008-08-02 14:25 69632]
"BitDefender Security Service"="C:\Program Files\Softwin\BitDefender10\vsserv.exe" [2008-08-02 14:09 462848]
"BitDefender Management Console"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2008-08-02 14:25 290816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2005-04-08 18:18 151552]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"G:\\Jimmy\\Logiciels\\Opera\\opera.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Jimmy\\Logiciels\\uTorrent\\utorrent.exe"=
"G:\\Jimmy\\Logiciels\\eMule\\emule.exe"=
"G:\\Jimmy\\Logiciels\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\system32\DRIVERS\fhlpppoe.sys [2002-10-03 16:14]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-23 17:09]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-29 21:03]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e92b6701-11c5-11dc-bdab-d50abc7a5cef}]
\Shell\AutoRun\command - I:\nideiect.com
\Shell\explore\Command - I:\nideiect.com
\Shell\open\Command - I:\nideiect.com
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2007-12-01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- G:\Jimmy\Logiciels\SpyEraser\SpyEraser.exe [2008-01-29 10:13]
2008-08-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{9D1F87E7-4D72-41AB-9D57-D101A08F20E5} - (no file)
ShellExecuteHooks-{483910AC-20E0-42A6-B6F5-3902EEF878D0} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jimmy\Application Data\Mozilla\Firefox\Profiles\rfswdu2l.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_01\bin\npoji610.dll
FF -: plugin - G:\Jimmy\Logiciels\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npnul32.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin2.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin3.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin4.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin5.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin6.dll
FF -: plugin - G:\Jimmy\Logiciels\Mozilla\Firefox\plugins\npqtplugin7.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npdsplay.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin2.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin3.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin4.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin5.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin6.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npqtplugin7.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\NPSWF32.dll
FF -: plugin - G:\Jimmy\Logiciels\Opera\program\plugins\npwmsdrm.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - G:\Jimmy\Logiciels\QuickTime\Plugins\npqtplugin7.dll
FF -: plugin - G:\Jimmy\Logiciels\Real Alternative\browser\plugins\nppl3260.dll
FF -: plugin - G:\Jimmy\Logiciels\Real Alternative\browser\plugins\nprpjplug.dll
FF -: plugin - G:\Jimmy\Logiciels\VLC\npvlc.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 15:17:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\WINDOWS\SYSTEM32\LOCATOR.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\MSPMSPSV.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-02 15:20:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 13:19:56
Pre-Run: 5,024,624,640 octets libres
Post-Run: 4,887,605,248 octets libres
274 --- E O F --- 2008-07-17 06:54:37
Autres pages sur : rapport combofix probleme bagle
Lassé par la pub ? Créez un compte
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumUn diagnostic sur rapport combofix
- ForumRapport combofix avis
- ForumRapport combofix suite a infection ordi.
- ForumAnalyse de rapport combofix
- ForumJ'ai enfin mon rapport combofix
- ForumComment interpreter rapport combofix
- downloadRapport combofix et hijackthis uc100
- ForumEnvoi rapport combofix pour analyse
- ForumRapport combofix supprimer rogue
- ForumRapport combofix a interpretter, svp
- Voir plus
