merci pour ton aide.
voici le rapport :
ComboFix 09-05-29.01 - Chefs deTribu BH 30/05/2009 0:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1040.18.895.563 [GMT 2:00]
Lancé depuis: c:\documents and settings\Chefs deTribu BH\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\CHEFSD~1\IMPOST~1\Temp\tmp1.tmp
c:\docume~1\CHEFSD~1\IMPOST~1\Temp\tmp2.tmp
c:\documents and settings\Chefs deTribu BH\Dati applicazioni\addon.dat
c:\documents and settings\Chefs deTribu BH\Dati applicazioni\inst.exe
c:\windows\system32\drivers\gxvxcmxfmultgrwsunttkdairqlxmoblvahyl.sys
c:\windows\system32\drivers\gxvxcqqtvvrjnswwyuoyiswxdtylrnmupqlmq.sys
c:\windows\system32\drivers\gxvxcttvvmkhbfsfogrrnruocaohodjklsdnm.sys
c:\windows\system32\drivers\gxvxcxfqhtavhoewqxyvbvxudrxroeqboexbi.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcpxjsmieojbqhnnpsbppobtnckidliqpj.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-29 ))))))))))))))))))))))))))))))))))))
.
2009-05-29 21:19 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-29 21:18 . 2009-05-29 21:18 -------- d-----w c:\programmi\Panda Security
2009-05-25 19:12 . 2009-05-25 19:12 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Apple
2009-05-18 19:53 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-18 19:53 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-18 19:53 . 2009-05-18 19:53 -------- d-----w c:\programmi\iPod
2009-05-18 19:37 . 2009-05-20 13:58 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Apple Computer
2009-05-18 19:37 . 2009-05-18 19:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w c:\programmi\Bonjour
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w c:\programmi\QuickTime
2009-05-18 19:36 . 2009-05-18 19:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple Computer
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w c:\documents and settings\Chefs deTribu BH\Impostazioni locali\Dati applicazioni\Apple
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w c:\programmi\Apple Software Update
2009-05-18 19:36 . 2009-03-26 13:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-18 19:36 . 2009-03-26 13:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-18 19:35 . 2009-05-18 19:42 -------- d-----w c:\programmi\File comuni\Apple
2009-05-18 19:35 . 2009-05-18 19:35 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple
2009-05-18 19:35 . 2009-05-18 19:37 -------- d-----w c:\documents and settings\Chefs deTribu BH\Impostazioni locali\Dati applicazioni\Apple Computer
2009-05-15 21:38 . 2009-05-15 21:38 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Conduit
2009-05-15 21:38 . 2009-05-18 19:40 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\IsoBuster
2009-05-15 21:38 . 2009-05-15 21:38 -------- d-----r c:\documents and settings\LocalService.NT AUTHORITY\Preferiti
2009-05-15 21:38 . 2009-05-15 21:38 -------- d-----w c:\programmi\BlueRaTech
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 21:28 . 2008-03-28 20:39 -------- d-----w c:\programmi\Mozilla Thunderbird
2009-05-29 21:28 . 2008-03-28 09:57 -------- d-----w c:\programmi\Wanadoo
2009-05-29 18:27 . 2008-03-28 20:47 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Skype
2009-05-29 18:27 . 2008-07-29 19:50 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\uTorrent
2009-05-29 14:01 . 2008-03-28 20:49 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\skypePM
2009-05-29 13:09 . 2008-03-19 13:59 1 ----a-w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-29 13:09 . 2008-03-19 13:56 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\OpenOffice.org2
2009-05-27 09:17 . 2008-03-23 17:33 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\dvdcss
2009-05-24 19:01 . 2008-09-03 21:56 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\avg8
2009-05-20 13:41 . 2008-03-29 13:05 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\temp
2009-05-20 07:43 . 2008-03-29 20:25 -------- d-----w c:\programmi\eMule
2009-05-13 18:20 . 2008-04-06 14:17 -------- d-----w c:\programmi\TvAnts
2009-05-13 11:14 . 2008-03-18 13:14 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Canon
2009-05-13 10:50 . 2008-12-21 12:03 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\DVD Shrink
2009-05-13 09:58 . 2008-10-29 16:42 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Ahead
2009-05-13 09:57 . 2008-10-29 16:54 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Ahead
2009-04-23 20:57 . 2008-03-28 20:46 -------- d-----r c:\programmi\Skype
2009-04-23 20:57 . 2008-03-28 20:46 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Skype
2009-04-23 20:57 . 2009-04-23 20:57 -------- d-----w c:\programmi\File comuni\Skype
2009-04-05 13:37 . 2008-08-14 11:55 816 ----a-w c:\windows\eReg.dat
2009-04-05 13:31 . 2008-03-16 23:28 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-05 13:28 . 2009-04-05 13:21 -------- d-----w c:\programmi\Maxis
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 07:10 . 2008-03-16 23:01 42156 ----a-w c:\windows\system32\perfc010.dat
2009-03-29 07:10 . 2008-03-16 23:01 323842 ----a-w c:\windows\system32\perfh010.dat
2009-03-23 20:33 . 2008-03-17 17:23 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-23 20:33 . 2008-03-17 17:23 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2008-03-28 08:51 . 2008-03-28 08:51 278528 ----a-w c:\programmi\File comuni\FDEUnInstaller.exe
2008-03-17 17:27 . 2008-03-17 17:27 0 --sha-w c:\windows\crack\klog.dat
.
------- Sigcheck -------
[-] 2008-03-18 10:05 504832 2E4B40A64C2FAFD29480D6516B993B09 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-05-15 21:39 1883672 ----a-w c:\programmi\IsoBuster\tbIso1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2008-10-25 270128]
"WOOKIT"="c:\progra~2\Wanadoo\Shell.exe" [2004-08-23 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-13 7626752]
"AVG8_TRAY"="c:\progra~2\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"WOOWATCH"="c:\progra~2\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~2\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-09-07 160256]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-13 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 07:26 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chefs deTribu BH^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Chefs deTribu BH\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\TvAnts\\Tvants.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Programmi\\Vsk5Online\\Vsk5Online.exe"=
"c:\\Programmi\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Ubisoft\\Chessmaster 10th Edition Demo\\game.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\itunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26135:TCP"= 26135:TCP:ut1
"26135:UDP"= 26135:UDP:ut2
"5222:TCP"= 5222:TCP:emuleTCP
"5322:UDP"= 5322:UDP:emuleUDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/05/2009 23:19 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/09/2008 23:56 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/09/2008 23:56 107272]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [01/04/2008 15:47 94208]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - PAVBOOT
*Deregistered* - AdobeActiveFileMonitor5.0
*Deregistered* - AdobeActiveFileMonitor6.0
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FTRTSVC
*Deregistered* - gupdate1c9abf661f64c10
*Deregistered* - helpsvc
*Deregistered* - InCDsrv
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WZCSVC
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C5CD9787-54F4-6B5A-7054-5E50F28A8F48}]
c:\windows\crack\crack.exe s
.
Contenu du dossier 'Tâches planifiées'
2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-05-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-23 20:31]
.
- - - - ORPHELINS SUPPRIMES - - - -
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
IE: { - c:\programmi\Messenger\msmsgs.exe
FF - ProfilePath - c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Mozilla\Firefox\Profiles\r5hsrwkx.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npSton3D.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: e:\program files\itunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-05-30 00:56
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-05-29 0:57
ComboFix-quarantined-files.txt 2009-05-29 22:57
Avant-CF: 19 992 383 488 byte disponibili
Après-CF: 26 359 595 008 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
253
