rapport combofix:
ComboFix 09-08-10.06 - Propriétaire 16/08/2009 14:51.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.255.122 [GMT 2:00]
Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\recycler\S-1-5-21-3522235665-1545004856-4240889815-1003
c:\windows\Installer\1d0886.msi
c:\windows\Installer\2136a7.msi
c:\windows\Installer\3b933.msi
c:\windows\Installer\57d358.msi
c:\windows\Installer\5edc6.msi
c:\windows\Installer\916a1.msi
c:\windows\Installer\956c7.msi
c:\windows\Installer\fe52f.msi
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_securentm
-------\Service_systemntmi
-------\Service_ws2_32sik
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.
2009-08-16 05:56 . 2009-08-16 05:56 -------- d-----w- C:\_OTM
2009-08-12 06:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 11:07 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-02 11:07 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-02 11:07 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-02 11:07 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-02 11:07 . 2009-08-02 11:07 -------- d-----w- c:\program files\Avira
2009-08-02 11:07 . 2009-08-02 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 11:37 . 2009-01-03 19:24 3580 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-05 13:55 . 2003-01-01 16:00 -------- d---a-w- c:\program files\Java
2009-08-05 09:00 . 2002-12-12 13:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 10:07 . 2008-08-30 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-01 12:01 . 2008-11-02 11:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 03:23 . 2009-01-03 19:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2003-01-01 13:59 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2003-01-01 14:22 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 11:36 . 2008-11-02 11:29 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-11-02 11:29 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 07:25 . 2009-07-05 07:26 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 07:25 . 2009-07-05 07:26 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-06-29 15:57 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2003-01-01 13:59 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2003-01-01 14:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2003-01-01 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2003-01-01 21:35 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2003-01-01 13:59 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2003-01-01 14:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2003-01-01 14:03 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2002-12-12 13:14 1297408 ----a-w- c:\windows\system32\quartz.dll
2001-01-02 08:46 . 2001-01-02 08:46 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2003-12-04 20:44 . 2003-12-04 20:44 32 -csha-w- c:\windows\{17F34FB2-75E9-411A-87E2-F7DC352DFCB5}.dat
2003-12-25 01:45 . 2003-12-24 17:45 0 -csha-w- c:\windows\SMINST\HPCD.sys
2004-11-21 11:54 . 2004-11-21 10:52 56 -csh--r- c:\windows\system32\543C9142ED.sys
2004-11-21 11:54 . 2004-11-21 10:52 10856 -csha-w- c:\windows\system32\KGyGaAvL.sys
2003-12-04 20:44 . 2003-12-04 20:44 32 -csha-w- c:\windows\system32\{97765AA2-9F78-48DF-A152-F46CCDDE96B3}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-6-21 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-6-21 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-6-21 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 8.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=3 (0x3)
"Dot3svc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/08/2009 13:07 108289]
S0 isjtwauu;isjtwauu;c:\windows\system32\drivers\ihnc.sys --> c:\windows\system32\drivers\ihnc.sys [?]
S3 SDVC05;USB SDVC05;c:\windows\system32\Drivers\SDVC05.sys --> c:\windows\system32\Drivers\SDVC05.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{788437EB-FFE7-498F-AA45-C6997480BABC} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-ssqqrpqr - (no file)
.
------- Supplementary Scan -------
.
uDefault_Search_URL =
hxxp://srch-fr9.hpwis.com/uStart Page =
hxxp://www.orange.frmStart Page =
hxxp://fr9.hpwis.com/mSearch Bar =
hxxp://srch-fr9.hpwis.com/DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -
hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cabFF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\giqch08e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.orange.frFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-16 15:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="A5D5AA69F6BD036569D1A38A77DB492C5F4706C2D64CDE7780657E51748A7D2D640FF0633B0B353D50232120F0331E956215DF08AB169269BBD3DB9C4386FEC2480572DEE1F544668E0A17A09A269E0C915DCB1798A92DDEC8B6A350D435F6D519855EEBDF3C1453F1B88AA7C3E6CF9D66D83D3AE64FF3A3E6EC5A058A128C8E7FB6EA0BD0AF4D26ABB97F42603D7C0CB915AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67945D575E7D6A3B9808A6171C11EC38DE3D37F00090073CEC5C747935479C21C7B7FCF2FA3034C4655CC9CA657A17D69F05C37D715FF49C9C600B2BB9161CD5A2079147F2517BAEC3FD9050C1CA7642D452391AD7E18DAC373F4C2AE3CF4BAEEF5E6D20D2DE9360127757B261BD2DEEF3D051B7FC5A2B76BB94804072D52560344E05C1EDFA3455F9E9E0D04D564CC26D4E39ED414D61680084E35D3A4CD502CBE73F922D0E47F07BF7E12A22DE1E0704A194F41483F1D52B32251421213F0D6143F79E0D426C75E849826392E21DE951A3782C7D8957733C49E49AA2007763787A01181E08F48BE88960C6623178FCBF306E131732BCDC82F63D4DCE5BC647E6AB9CD084126740F6E78C406B5F14B39027F5D20F920390236C372A48E9ABE055F9834078560083E1998CE09AC4866A55ED7F332902BFEF975E53D3C6A5D63A438BE10445902AA9CA5458DD72FD9C5B766DF1A1B99F3A43AB89831294CC2F44800C575B4CC00CEAA9D45E8F07EBD52AB192A7B12C4C6F330128AECE12614DD0342AF72A022AF864495B7E7302B064DB94CCED987EAB10CD0B7E309933A87F99D7174C77ED527D16C82A0EA9A0B630D80512863042A780079350D726FBAEC5B7B889CE70AB06D7E39A0AD5F7B428566F38D928F59FED583537E767498BC0D62BF9BD7264ED537918844593C723762551BBA1FC8CCEEF6591679396FE0F709C588F7198C6F60E0ADCA22D772464D4A013ED6AA2B91F61283BE7A490E6C915B20544671AB01FCDE3446314A6BF86BC00AE05B7ABE6F2BC54B451EF74421447EC5E366643DCD36C15C089D23BED2BE82E0106929C23C0BED3E3115055F9586550F1D6B8D3AB148AE02D2C444129075A4BCB4E87729E1168C11368A2381716939435EAAD8022F5893D43B448B98CE3D52B348DA818AF057F6F716BC81B4A60B5297E0E97EFE59F12D42663C11ADA1EE1D4C4C788F052CC0C60120328EA655FF62F08ACCC3F454E0E86D8CB1A4BF7274C05E8D2C1D2212F5B4EE86B2B8CDD4D45FB7309A77EADD2AD63C351BA2A6D85A3A873DDEF08E0867F25D1373FD5D1F95399C2B88831359063B43332160866513DE51A6533CD7640CD858CC85511FDC796445E25CFCF120067F158FB1DA836B83093"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1784)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-16 15:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 13:08
Pre-Run: 101 131 780 096 octets libres
Post-Run: 100 998 213 632 octets libres
197 --- E O F --- 2009-08-12 12:49
Merci
A+
Et n'oubliez pas la vie est une fête...