voila le raport de combofix
ComboFix 09-06-13.02 - User 13/06/2009 21:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1535 [GMT 2:00]
Lancé depuis: c:\documents and settings\User\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-13 au 2009-06-13 ))))))))))))))))))))))))))))))))))))
.
2009-06-11 19:38 . 2009-06-11 19:38 -------- d-----w- c:\program files\Common Files
2009-06-10 18:25 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 18:25 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-06 21:22 . 2009-06-06 21:22 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-06-06 21:22 . 2009-06-06 21:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-06 10:07 . 2009-06-06 10:07 -------- d-----w- c:\program files\Bethesda Softworks
2009-06-06 09:49 . 2009-06-06 09:49 -------- d-----w- c:\program files\Alcohol Soft
2009-06-04 16:00 . 2009-06-04 16:01 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-05-31 10:39 . 2009-05-31 10:39 196080 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-25 16:50 . 2009-05-25 16:50 -------- d-----w- c:\program files\Seagate
2009-05-25 16:50 . 2009-05-25 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-05-25 16:50 . 2009-05-25 16:50 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations
2009-05-25 16:49 . 2009-05-25 16:49 -------- d-sh--w- c:\windows\ftpcache
2009-05-25 16:47 . 2009-05-25 16:47 -------- d-----w- c:\documents and settings\User\Application Data\Leadertech
2009-05-19 18:26 . 2009-05-19 18:26 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Nero
2009-05-19 18:25 . 2009-05-25 20:19 -------- d-----w- c:\documents and settings\User\Application Data\Nero
2009-05-19 17:47 . 2009-05-31 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-17 09:06 . 2008-05-09 11:15 45376 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-17 09:06 . 2008-01-21 16:11 22336 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-17 09:06 . 2009-05-27 17:26 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-17 09:06 . 2009-05-17 09:06 -------- d-----w- c:\program files\Avira
2009-05-17 09:06 . 2009-05-17 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-16 17:02 . 2009-06-03 11:02 -------- d-----w- c:\program files\Age of Wonders Shadow Magic
2009-05-16 16:58 . 2009-06-06 09:46 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-16 16:58 . 2009-05-16 16:58 -------- d-----w- c:\documents and settings\User\Application Data\DAEMON Tools
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 19:49 . 2009-05-03 15:38 -------- d-----w- c:\documents and settings\User\Application Data\DNA
2009-06-13 12:34 . 2008-02-14 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-13 09:18 . 2009-05-03 15:38 -------- d-----w- c:\program files\DNA
2009-06-13 08:01 . 2008-09-02 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 21:13 . 2008-03-24 07:35 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-06-09 18:28 . 2009-05-03 15:42 -------- d-----w- c:\documents and settings\User\Application Data\BitTorrent
2009-06-07 19:12 . 2007-11-29 10:42 156036 ----a-w- c:\windows\system32\nvModes.dat
2009-06-06 21:55 . 2009-03-01 08:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-04 16:02 . 2008-08-03 16:05 -------- d-----w- c:\program files\DivX
2009-05-31 18:56 . 2007-07-11 13:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-31 17:55 . 2008-10-19 11:12 -------- d-----w- c:\program files\Ahead
2009-05-20 13:27 . 2008-12-08 20:27 -------- d-----w- c:\program files\QuickMediaConverter
2009-05-20 13:23 . 2009-03-08 16:47 -------- d-----w- c:\program files\ScanSoft
2009-05-20 13:21 . 2009-03-01 08:42 -------- d-----w- c:\program files\Gamenext
2009-05-18 16:23 . 2007-07-11 13:45 -------- d-----w- c:\program files\Google
2009-05-13 18:44 . 2008-04-11 16:13 -------- d-----w- c:\program files\Dofus
2009-05-13 05:04 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 07:17 . 2008-02-16 15:43 -------- d-----w- c:\program files\Warcraft III
2009-05-07 15:33 . 2006-03-02 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 15:40 . 2009-05-03 15:40 -------- d-----w- c:\program files\BitTorrent
2009-05-01 21:02 . 2008-12-11 00:33 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 07:35 . 2008-01-29 17:03 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2009-04-25 20:55 . 2009-04-25 20:55 1878984 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-04-23 15:35 . 2008-03-14 20:46 -------- d-----w- c:\program files\Java
2009-04-23 15:33 . 2009-04-23 15:33 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-23 15:31 . 2006-03-02 12:00 81824 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-23 15:31 . 2006-03-02 12:00 503894 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-20 20:59 . 2008-06-23 18:48 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-19 19:50 . 2006-03-02 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-20 15:37 . 2008-02-16 15:47 133343 -c--a-w- c:\windows\War3Unin.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-03 321344]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-18 8433664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-06-29 89541]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-05-18 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [18/08/2006 09:04 36576]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [21/06/2006 11:09 29184]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
S2 gupdate1c9bdac1ddd6826;Service Google Update (gupdate1c9bdac1ddd6826);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2009 11:25 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - dump_wmimmc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-14 16:53]
2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 09:25]
2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{78687796-5F6C-491D-9606-CD7DA0056FD8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
HKLM-Run-RegistryMechanic - (no file)
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.google.fr/webhp?sourceid=nav ... r&ie=UTF-8uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: CabBuilder -
hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cabFF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-13 21:49
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\docume~1\User\LOCALS~1\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Heure de fin: 2009-06-13 21:51
ComboFix-quarantined-files.txt 2009-06-13 19:51
Avant-CF: 38 766 223 360 octets libres
Après-CF: 40 435 429 376 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
190 --- E O F --- 2009-06-13 08:01