Rapport Combofix:
1ère partie:
ComboFix 08-12-23.01 - Propriétaire 2008-12-23 20:38:13.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.653 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\Antivirus pour Troj Bagle\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\Antivirus pour Troj Bagle\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Propriétaire\Application Data\addon.dat
C:\Documents
c:\windows\system32\iAlmcoin.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
.
2008-12-23 20:02 . 2008-12-23 20:02 <REP> d-------- c:\program files\Trend Micro
2008-12-23 18:53 . 2008-12-23 19:40 <REP> d-------- c:\program files\FindyKill
2008-12-23 07:24 . 2008-12-23 07:24 21,567,085 --a------ c:\windows\VPTNFILE.727
2008-12-23 07:24 . 2008-12-23 07:24 21,567,085 --a------ c:\windows\LPT$VPN.727
2008-12-23 07:23 . 2008-12-23 07:23 <REP> d-------- c:\windows\AU_Temp
2008-12-20 23:21 . 2008-12-22 11:21 <REP> d-------- c:\windows\BDOSCAN8
2008-12-20 18:53 . 2008-12-20 19:00 <REP> d-------- c:\program files\Spyware Doctor
2008-12-20 18:53 . 2008-12-20 18:53 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\PC Tools
2008-12-20 18:53 . 2008-12-22 08:56 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 18:53 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-01 17:55 . 2008-12-01 17:55 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\ArcSoft
2008-12-01 17:55 . 2008-12-01 17:55 <REP> d--h----- C:\C_DILLA
2008-12-01 17:55 . 2001-09-10 19:09 260,096 --a------ c:\windows\CDILLA32.DLL
2008-12-01 17:55 . 2001-09-10 19:04 63,344 --a------ c:\windows\CDILLA05.DLL
2008-12-01 17:55 . 2001-09-10 19:08 60,416 --a------ c:\windows\CDILLA64.EXE
2008-12-01 17:55 . 2001-09-10 19:09 57,392 --a------ c:\windows\system32\drivers\CDANT.SYS
2008-12-01 17:55 . 2001-09-10 17:38 55,376 --a------ c:\windows\CDILLA40.DLL
2008-12-01 17:55 . 2001-09-10 19:09 45,056 --a------ c:\windows\CDILLA13.DLL
2008-12-01 17:55 . 2001-09-10 19:08 32,256 --a------ c:\windows\system32\drivers\CDANTSRV.EXE
2008-12-01 17:55 . 2001-09-10 19:04 23,856 --a------ c:\windows\CDILLA10.EXE
2008-12-01 17:55 . 2001-09-10 19:04 7,056 --a------ c:\windows\CDILLA16.EXE
2008-12-01 17:51 . 1996-07-01 00:00 77,312 --a------ c:\windows\system32\TWAIN_32.DLL
2008-12-01 11:52 . 2008-12-01 11:52 <REP> d-------- c:\program files\ALDI Service Photo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 06:24 91,744 ----a-w c:\windows\BPMNT.dll
2008-12-23 06:24 1,213,784 ----a-w c:\windows\vsapi32.dll
2008-12-22 07:32 --------- d-----w c:\program files\Alwil Software
2008-12-20 18:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-18 17:39 --------- d-----w c:\program files\Registry Repair 2006
2008-12-01 16:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 16:51 --------- d-----w c:\program files\ArcSoft
2008-11-03 10:17 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Skype
2008-11-03 10:01 --------- d-----w c:\documents and settings\Propriétaire\Application Data\skypePM
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 17:31 71,749 ----a-w c:\windows\hcextoutput.dll
2008-10-22 17:31 348,229 ----a-w c:\windows\tsc.exe
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-02-26 10:21 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-10-07 08:11 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-10-07 08:11 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-07 08:11 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-10-07 08:11 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-10-07 08:11 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIEW"="nview.dll" [2003-03-04 c:\windows\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-03-04 4595712]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-23 1168264]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 c:\windows\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 c:\windows\ALCXMNTR.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg20.dll
"msacm.enc"= ITIG726.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.XVID"= xvid.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2006-10-07 13:20 6266880 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 07:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-12-05 14:41 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-12-05 00:44 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-02-02 20:43 495616 c:\windows\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2003-11-12 23:12 49152 c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2003-12-16 21:37 188416 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2003-12-16 21:39 77824 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowShifter TVTV EPG Daemon]
--------- 2003-04-24 02:02 50247 c:\program files\Home Media Networks Limited\ShowShifter\TVTVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2008-12-22 20:27 1832272 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-09-26 14:50 206184 c:\program files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-03-04 01:44 323584 c:\windows\system32\nwiz.exe
Advanced virus remover
