le rapport de combofix:
ComboFix 09-10-20.03 - x 21/10/2009 21:12.7.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.382.159 [GMT 1:00]
Lancé depuis: c:\documents and settings\x\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-21 au 2009-10-21 ))))))))))))))))))))))))))))))))))))
.
2009-10-21 19:35 . 2009-10-21 19:35 -------- d-----w- C:\_OTM
2009-10-21 18:20 . 2009-10-21 17:24 -------- dc-h--w- c:\windows\ie8
2009-10-21 18:20 . 2009-10-21 17:22 -------- d-----w- c:\windows\system32\fr-FR
2009-10-21 17:44 . 2009-10-21 17:44 -------- d-sh--w- c:\documents and settings\x\PrivacIE
2009-10-21 17:38 . 2009-10-21 17:38 -------- d-sh--w- c:\documents and settings\x\IETldCache
2009-10-21 17:24 . 2009-10-21 17:24 -------- d--h--w- c:\windows\msdownld.tmp
2009-10-21 17:21 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-21 16:42 . 2009-10-21 16:42 -------- d-----w- c:\program files\CCleaner
2009-10-21 14:58 . 2009-10-21 14:58 -------- d-----w- c:\documents and settings\x\Application Data\Malwarebytes
2009-10-21 14:57 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 14:56 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 14:56 . 2009-10-21 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 14:18 . 2009-10-21 14:19 16719449 ----a-w- c:\documents and settings\joomla template.zip
2009-10-21 08:35 . 2009-10-21 08:35 -------- d-----w- C:\ubuntu
2009-10-20 22:29 . 2009-10-20 22:30 -------- d-----w- c:\documents and settings\x\Local Settings\Application Data\Ares
2009-10-20 08:00 . 2009-10-20 08:00 -------- d-----w- c:\program files\Vilma
2009-10-20 04:35 . 2009-09-04 15:08 416824 ----a-w- c:\windows\system32\pwNative.exe
2009-10-20 04:35 . 2009-09-04 15:08 16456 ----a-w- c:\windows\system32\pwdrvio.sys
2009-10-20 04:35 . 2009-09-04 15:07 11088 ----a-w- c:\windows\system32\pwdspio.sys
2009-10-20 04:31 . 2009-10-20 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Registry Helper
2009-10-20 03:38 . 2009-10-21 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-20 03:35 . 2009-10-20 03:57 -------- d-----w- c:\program files\RegCleaner
2009-10-20 03:25 . 2009-10-20 03:25 -------- d-----w- c:\documents and settings\x\Application Data\COWON
2009-10-20 02:54 . 2009-10-20 02:54 -------- d-----w- c:\documents and settings\x\Local Settings\Application Data\Microsoft Help
2009-10-20 02:53 . 2009-10-20 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-20 01:44 . 2009-10-20 01:44 -------- d-----w- c:\program files\xpud
2009-10-20 01:29 . 2001-02-26 03:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-20 01:22 . 2009-10-20 01:22 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-19 22:55 . 2009-10-19 23:03 5409 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-10-19 22:49 . 2009-10-21 19:41 -------- d-----w- c:\documents and settings\x\Tracing
2009-10-19 22:43 . 2009-10-19 22:43 -------- d-----w- c:\program files\Microsoft
2009-10-19 22:42 . 2009-10-19 22:42 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-19 22:41 . 2009-10-19 22:43 -------- d-----w- c:\program files\Windows Live
2009-10-19 22:18 . 2009-10-19 22:18 -------- d-----w- c:\documents and settings\x\Application Data\Foxit
2009-10-19 22:14 . 2009-10-21 02:11 -------- d-----w- c:\documents and settings\x\Application Data\vlc
2009-10-19 22:06 . 2009-10-19 22:06 -------- d-----w- c:\documents and settings\x\Local Settings\Application Data\Yahoo
2009-10-19 22:03 . 2009-10-19 22:03 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-10-19 21:58 . 2009-10-19 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-19 21:58 . 2009-10-19 21:58 -------- d-----w- c:\program files\Yahoo!
2009-10-19 21:52 . 2009-10-21 14:41 -------- d-----w- c:\documents and settings\x\Application Data\IDM
2009-10-19 21:52 . 2009-10-21 19:40 -------- d-----w- c:\documents and settings\x\Application Data\DMCache
2009-10-19 21:52 . 2009-10-19 21:52 -------- d-----w- c:\program files\Internet Download Manager
2009-10-19 21:51 . 2009-10-19 21:51 -------- d-----w- c:\program files\Fichiers communs\COWON
2009-10-19 21:51 . 2009-10-19 21:51 -------- d-----w- c:\program files\JetAudio
2009-10-19 21:51 . 2009-10-19 21:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-19 21:50 . 2009-10-19 21:50 -------- d-----w- c:\documents and settings\x\Application Data\InstallShield
2009-10-19 21:47 . 2009-10-19 21:47 0 ----a-w- c:\windows\nsreg.dat
2009-10-19 21:47 . 2009-10-19 21:47 -------- d-----w- c:\documents and settings\x\Local Settings\Application Data\Mozilla
2009-10-19 21:37 . 2009-10-19 21:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-19 21:37 . 2009-10-19 21:37 -------- d-----w- c:\program files\Java
2009-10-19 21:35 . 2009-10-19 21:35 -------- d-sh--w- c:\documents and settings\x\UserData
2009-10-19 20:29 . 2009-10-19 20:30 -------- d-----w- c:\windows\system32\NtmsData
2009-10-16 14:53 . 2009-10-19 20:23 -------- d-----w- c:\documents and settings\Ma musique\Gabao show
2009-10-16 14:51 . 2009-10-19 20:25 -------- d-----w- c:\documents and settings\Ma musique\rap américain
2009-10-16 09:49 . 2009-10-19 20:26 -------- d-----w- c:\documents and settings\Ma musique\rap français
2009-10-15 06:09 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-10-13 17:18 . 2009-10-21 19:03 -------- d-----w- c:\documents and settings\Ma musique
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 17:40 . 2001-08-24 12:00 374348 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-21 17:40 . 2001-08-24 12:00 51600 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-21 14:15 . 2009-08-23 13:23 -------- d-----w- c:\program files\Fichiers communs\Real
2009-10-19 23:03 . 2009-08-10 20:54 70677 ----a-w- c:\windows\BricoPackUninst.cmd
2009-10-19 22:26 . 2009-08-06 20:32 -------- d-----w- c:\documents and settings\x\Application Data\dvdcss
2009-08-10 20:54 . 2004-08-03 22:54 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4527344]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-15 3216816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1381712]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
Les clés de Registre SafeBoot doivent être réparées. Cette machine ne peut pas utiliser le Mode Sans Échec. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^x^Menu Démarrer^Programmes^Démarrage^Dos Optimizer.pif]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Movie Maker\\explorer.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqsnotify.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\JetAudio\\JetAudio.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Yahoo!\\YUPDATER\\YUPDATER.EXE"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\oloih.sys --> c:\windows\system32\drivers\oloih.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [20/10/2009 05:35 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [20/10/2009 05:35 11088]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\x\Application Data\Mozilla\Firefox\Profiles\o9i2g7ih.default\
FF - prefs.js: browser.startup.homepage -
hxxp://fr.msn.com/FF - component: c:\documents and settings\x\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-21 21:16
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):63,12,d4,21,5a,e5,5b,73,ac,a1,b0,e8,70,49,23,a8,41,d7,6f,ff,81,
fa,35,c2,23,f9,f8,f1,be,c7,b6,cb,8e,90,45,be,fa,85,c0,23,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b7581cd3-5331-41d0-a8f3-077ccc1bbc04}]
@Denied: (Full) (Everyone)
"Model"=dword:00000125
"Therad"=dword:00000018
.
Heure de fin: 2009-10-21 21:18
ComboFix-quarantined-files.txt 2009-10-21 20:18
ComboFix2.txt 2009-10-21 19:05
Avant-CF: 6 027 247 616 octets libres
Après-CF: 5 983 588 352 octets libres
- - End Of File - - 6A548A1147B4D2EBBEE3F327A0C9CB6D
tout est redevenu pareille, gestionnaire de tâche et éditeur du registre. Et combofix n'a pas fait redémarrer la machine