Voici le rapport; Merci:
ComboFix 08-12-13.03 - Raphaël 2008-12-14 14:58:59.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.595 [GMT 1:00]
Lancé depuis: c:\documents and settings\Raphaël\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Raphaël\Application Data\urlredir.cfg
c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\dcads-remove.exe
c:\windows\system32\dcads_sidebar_uninstall.exe
c:\windows\system32\DcadsSocial-uninstall.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mysidesearch_sidebar_uninstall.exe
c:\windows\system32\myss_sb_uninstall.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\superiorads-uninst.exe
c:\windows\system32\TDSSerrors.log
c:\windows\system32\tdssinit.dll
c:\windows\system32\tdssservers.dat
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 ))))))))))))))))))))))))))))))))))))
.
2008-12-09 15:21 . 2008-12-09 16:07 <REP> d-------- c:\documents and settings\Raphaël\dwhelper
2008-12-09 15:21 . 2008-12-09 16:07 <REP> d-------- c:\documents and settings\Raphaël\dwhelper
2008-11-30 19:50 . 2008-11-30 19:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-28 17:54 . 2008-11-28 17:54 675,328 --a------ c:\windows\system32\nsm52.dll
2008-11-27 16:02 . 2006-04-29 14:25 40,960 --a------ c:\windows\system32\psfind.dll
2008-11-27 15:56 . 2008-11-27 15:56 <REP> d-------- c:\program files\THQ
2008-11-21 07:45 . 2008-12-14 14:55 <REP> d-------- c:\documents and settings\Raphaël\Application Data\OpenOffice.org2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 07:20 53,966 ----a-w c:\windows\system32\cont_dcads-remove.exe
2008-12-11 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-06 16:59 --------- d-----w c:\documents and settings\Raphaël\Application Data\Azureus
2008-11-27 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 15:20 --------- d-----w c:\program files\Microsoft Games
2008-11-26 13:47 --------- d-----w c:\program files\Azureus
2008-11-19 17:13 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-11 17:39 --------- d-----w c:\program files\Kit ADSL
2008-11-11 17:38 --------- d-----w c:\program files\Pvm
2008-11-04 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\GARMIN
2008-11-02 18:28 --------- d-----w c:\program files\Sony
2008-11-02 18:28 --------- d-----w c:\program files\Fichiers communs\Sony Shared
2008-11-02 18:27 --------- d-----w c:\program files\Common Files
2008-11-01 12:09 --------- d-----w c:\program files\Garmin GPS Plugin
2008-10-26 14:04 --------- d-----w c:\documents and settings\Raphaël\Application Data\SPORE
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-18 14:35 --------- d-----w c:\program files\Electronic Arts
2008-10-18 14:28 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-18 14:28 --------- d--h--r c:\documents and settings\Raphaël\Application Data\SecuROM
2008-10-17 15:27 --------- d-----w c:\program files\VS Revo Group
2008-10-17 15:25 --------- d-----w c:\program files\DivX
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 18:14 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-13 10:14 15,397 ----a-w c:\program files\settings.dat
2008-01-14 20:14 9 ----a-w c:\program files\nomutil.txt
2008-07-15 12:46 322,560 ----a-w c:\program files\mozilla firefox\components\nsBrowserDc.dll
2008-11-28 16:54 642,048 ----a-w c:\program files\mozilla firefox\components\nsdcads.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ed0a4043-4760-075d-bd59-4d484b3588ea}]
2008-11-28 17:54 675328 --a------ c:\windows\system32\nsm52.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-11 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-25 6746112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-25 86016]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-01 385024]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-05-25 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Rapha‰l\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\StubInstaller.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Raphaël\\emule\\emule.exe"=
"d:\\Emmanuel\\limewire\\LimeWire.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-01 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-01 20560]
R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-07 33752]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\DRIVERS\usbiad.sys [2007-12-09 31547]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\Auto\command - L:\RavMonE.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eef46a92-c3a4-11dd-be1a-000e9bbcb4cf}]
\Shell\Shell00\Command - F:\Start.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-{f606efcb-2063-cc7f-fc85-2d845c23c451} - c:\windows\system32\vcuivroryrrsa.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://home.neuf.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Raphaël\Application Data\Mozilla\Firefox\Profiles\kjq3qbdt.default\
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - plugin: c:\documents and settings\Raphaël\Application Data\Mozilla\Firefox\Profiles\kjq3qbdt.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 15:00:38
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\nvappfilter.dll
.
Heure de fin: 2008-12-14 15:01:11
ComboFix-quarantined-files.txt 2008-12-14 14:01:05
Avant-CF: 7 708 835 840 octets libres
Après-CF: 8,053,112,832 octets libres
191 --- E O F --- 2008-12-11 20:59:29
"java plug-in 1.6.0_15" jp2iexp.dll
