voici le rapport combofix:
- Code: Tout sélectionner
ComboFix 10-05-14.06 - mumu 15/05/2010 15:25:31.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.895.571 [GMT 2:00]
Lancé depuis: c:\documents and settings\mumu\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\mumu\LOCALS~1\Temp\svchost.exe
c:\windows\system32\VB40032.DLL
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-15 au 2010-05-15 ))))))))))))))))))))))))))))))))))))
.
2010-05-15 13:08 . 2004-08-03 16:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-15 13:08 . 2004-08-03 16:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-15 13:07 . 2004-08-03 17:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-15 13:07 . 2004-08-03 17:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-15 13:06 . 2004-08-03 17:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-15 13:06 . 2004-08-03 17:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-15 13:03 . 2010-05-15 13:03 -------- d-----w- c:\windows\Sun
2010-05-13 13:16 . 2010-05-13 13:16 -------- d-sh--w- c:\documents and settings\mumu\IECompatCache
2010-05-13 13:16 . 2010-05-13 13:16 -------- d-sh--w- c:\documents and settings\mumu\PrivacIE
2010-05-13 13:15 . 2010-05-13 13:15 -------- d-sh--w- c:\documents and settings\mumu\IETldCache
2010-05-13 13:07 . 2010-05-13 13:09 -------- dc-h--w- c:\windows\ie8
2010-04-22 19:44 . 2010-04-22 19:44 17820 ---ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 13:05 . 2010-05-15 13:04 16 ----a-w- c:\documents and settings\mumu\Application Data\qvjsge.dat
2010-05-14 14:04 . 2010-01-24 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-13 23:53 . 2001-08-24 13:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-13 23:53 . 2001-08-24 13:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-04 13:25 . 2010-02-14 14:53 -------- d-----w- c:\documents and settings\mumu\Application Data\dvdcss
2010-03-19 06:44 . 2010-02-06 22:10 -------- d-----w- c:\documents and settings\mumu\Application Data\Apple Computer
2010-02-24 12:31 . 2006-03-09 09:24 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:33 . 2006-03-09 09:25 2183424 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:33 . 2005-03-02 16:07 2060416 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-03-21 14:20 . 2004-08-19 16:09 162194 --sha-r- c:\windows\system32\zevbcztx.dll
.
------- Sigcheck -------
[-] 2009-10-09 . 67D7DDB8E98D22886360D470DF66526D . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 344064]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\mumu\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
Outil de mise … jour Google.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2010-1-24 124400]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5113:TCP"= 5113:TCP:eyhus
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/01/2010 04:47 108289]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18/04/2005 02:00 200576]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2010 12:59 691696]
S2 acwyblwv;ulmwzrc;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 18:10 14336]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 01:13 135664]
S2 vuiibgt;Driver Time;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 18:10 14336]
S2 yknae;Installer Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 18:10 14336]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [07/02/2010 00:08 17408]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - I2OMGMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yknae
acwyblwv
vuiibgt
.
Contenu du dossier 'Tâches planifiées'
2010-05-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-24 02:54]
2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:13]
2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 15:34
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h????????? ???B?????????????hLC? ??????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acwyblwv]
"ServiceDll"="c:\windows\system32\zevbcztx.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vuiibgt]
"ServiceDll"="c:\windows\system32\zevbcztx.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yknae]
"ServiceDll"="c:\windows\system32\zevbcztx.dll"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-05-15 15:35:35
ComboFix-quarantined-files.txt 2010-05-15 13:35
Avant-CF: 2 309 791 744 octets libres
Après-CF: 3 067 715 584 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - 140F1A8ADFCA19E083207D6464134387
EDIT Skynet : Balises [code] ajoutées.