je te laisse le rapport fait par combofix
ComboFix 08-07-15.4 - Christophe 2008-07-17 22:28:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1527 [GMT 2:00]
Endroit: C:\Documents and Settings\Christophe\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\evgratsm.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))))))
.
2008-07-17 21:46 . 2008-07-17 21:46 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-17 21:39 . 2008-07-17 22:19 <REP> d-------- C:\SDFix
2008-07-17 18:12 . 2008-07-17 18:12 <REP> d-------- C:\Program Files\Avira
2008-07-17 18:12 . 2008-07-17 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-17 17:17 . 2008-07-17 17:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 17:17 . 2008-07-17 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 17:17 . 2008-07-17 17:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-17 17:17 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-17 17:17 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\dgram Files\Easyc
2008-07-17 17:12 . 2008-07-17 17:13 <REP> d-------- C:\Program Files\CCleaner
2008-07-17 17:06 . 2008-02-17 13:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-17 17:06 . 2008-02-17 13:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-17 17:06 . 2008-02-17 14:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-07-17 17:06 . 2008-02-17 13:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-17 17:06 . 2008-02-17 13:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-17 17:06 . 2008-02-17 13:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-17 17:06 . 2008-07-17 18:04 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-17 17:06 . 2008-07-17 17:13 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-17 12:51 . 2008-07-17 12:51 <REP> d-------- C:\Deckard
2008-07-17 09:07 . 2008-07-17 12:36 <REP> d-------- C:\Program Files\Navilog1
2008-07-17 08:46 . 2008-07-17 08:46 <REP> d-------- C:\Program Files\Zone Labs
2008-07-17 08:45 . 2008-07-17 21:42 <REP> d-------- C:\WINDOWS\Internet Logs
2008-07-16 21:44 . 2008-07-16 21:44 0 --a------ C:\WINDOWS\system32\lo2.txtt
2008-07-16 21:09 . 2008-07-16 21:16 3,232 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-16 17:00 . 2008-07-16 17:00 <REP> d-------- C:\Program Files\Lavasoft
2008-06-29 09:23 . 2008-06-29 09:23 <REP> d-------- C:\Program Files\Easycuisine
2008-06-29 09:23 . 2000-07-14 22:00 311,296 --a------ C:\WINDOWS\system32\MSDBRPT.DLL
2008-06-29 09:23 . 2000-07-14 22:00 148,480 --a------ C:\WINDOWS\system32\TLBINF32.dll
2008-06-29 09:23 . 1998-05-22 01:00 137,736 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-29 09:23 . 1998-07-12 23:00 32,768 --a------ C:\WINDOWS\system32\CmDlgFR.dll
2008-06-27 21:14 . 2008-06-27 21:14 <REP> d-------- C:\Program Files\PDFCreator Toolbar
2008-06-27 21:14 . 2008-06-27 21:14 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_9656.exe
2008-06-27 21:14 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-06-27 21:14 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-27 21:14 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-06-27 21:14 . 2000-10-02 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-27 21:14 . 1998-07-13 01:08 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
2008-06-27 21:14 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-06-27 21:14 . 2008-06-27 21:14 15,397 --a------ C:\Program Files\settings.dat
2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 20:34 2,352,160 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-17 20:32 59,786,528 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-17 20:21 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Skype
2008-07-17 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-17 19:43 818,672 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-17 19:43 228,488 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-17 16:08 --------- d-----w C:\Documents and Settings\Christophe\Application Data\skypePM
2008-07-17 15:13 --------- d-----w C:\Program Files\Yahoo!
2008-07-17 10:47 45,056 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-17 09:46 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-17 08:32 45,568 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-17 08:23 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-17 07:27 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-16 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-16 14:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-16 11:58 --------- d-----w C:\Program Files\Java
2008-07-16 09:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-09 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-09 06:34 --------- d-----w C:\Program Files\IncrediMail
2008-07-02 11:13 --------- d-----w C:\Documents and Settings\Christophe\Application Data\uTorrent
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 09:58 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-06-12 09:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-12 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 09:01 --------- d-----w C:\Program Files\e-Carte Bleue LCL
2008-06-11 19:53 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-06-11 19:22 --------- d-----w C:\Program Files\Sierra On-Line
2008-06-11 09:37 --------- d-----w C:\Program Files\PowerQuest
2008-05-29 17:01 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 14:24 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 14:24 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-23 19:00 --------- d-----w C:\Program Files\SEC
2008-05-22 14:54 --------- d-----w C:\Documents and Settings\Christophe\Application Data\Webshots
2008-05-20 16:07 --------- d-----w C:\Program Files\Virtools
2008-05-18 12:17 --------- d-----w C:\Program Files\Sun
2008-05-18 12:14 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-17 18:49 --------- d-----w C:\Documents and Settings\Christophe\Application Data\U3
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ------w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 18:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 14:15 4,608 ----a-w C:\WINDOWS\system32\9VVK_349.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-06 18:43 243072]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-17 20:24 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="D:\Programmes\Acrobat reader\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 19:34 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-25 19:57:38 110592]
Int‚grateur Diagonal 32 bits.lnk - C:\Program Files\Diagonal\Commun\Integrateur\Int‚grateur Diagonal.exe [2007-12-21 10:08:50 53248]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-05-23 21:00:12 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 D:\Programmes\Acrobat reader\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-30 22:10 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-10-23 15:18 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-10-08 12:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2003-06-18 13:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2006-07-13 07:12 729088 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-12-18 15:34 868352 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-02-17 20:24 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Programmes\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"D:\\Jeux\\Css\\hl2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d131be23-2440-11dd-a1bd-001e8c255e8a}]
\Shell\AutoRun\command - N:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSMDRV
.
- - - - ORPHANS REMOVED - - - -
SSODL-evgratsm-{14192694-7B4A-400B-AF24-DB5947B9DB5E} - C:\WINDOWS\evgratsm.dll
MSConfigStartUp-DAEMON Tools - D:\Programmes\DAEMON Tools\daemon.exe
MSConfigStartUp-ItsTV - D:\Programmes\EoRezo\EoDesk3d\ItsTV.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 22:35:02
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-07-17 22:37:34
ComboFix-quarantined-files.txt 2008-07-17 20:36:31
Pre-Run: 54,522,490,880 octets libres
Post-Run: 55,270,662,144 octets libres
218 --- E O F --- 2008-07-10 07:51:03
![[:laripette]](/images/perso/laripette.gif "[:laripette]")
Tu peux donc l'utiliser pour ton XP ![[:pffft]](/images/perso/pffft.gif "[:pffft]")
Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
ISPLAY -clean
à la lecture de l'analyseur de HijackThis tu es vraiment infesté ![[:sisicaivrai]](/images/perso/sisicaivrai.gif "[:sisicaivrai]")
![[:mr_jo]](/images/perso/mr_jo.gif "[:mr_jo]")
