ComboFix 11-08-09.02 - Utilisateur 09/08/2011 21:17:38.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.894.537 [GMT 2:00] Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . D:\Autorun.inf . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-07-09 au 2011-08-09 )))))))))))))))))))))))))))))))))))) . . 2011-08-09 13:10 . 2011-08-09 13:10 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes 2011-08-09 13:09 . 2011-08-09 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-09 13:09 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-09 13:09 . 2011-08-09 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-09 13:09 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-06 16:00 . 2011-08-06 16:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-08-06 15:59 . 2011-08-06 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-07-13 16:20 . 2011-07-13 16:20 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Ares 2011-07-13 16:04 . 2011-08-08 13:14 -------- d-----w- c:\documents and settings\LogMeInRemoteUser 2011-07-13 15:49 . 2011-07-13 15:49 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\LogMeIn 2011-07-13 15:49 . 2011-07-06 14:32 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-07-13 15:49 . 2011-07-06 14:32 29568 ----a-w- c:\windows\system32\LMIport.dll 2011-07-13 15:49 . 2011-07-06 14:32 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-07-13 15:49 . 2011-01-11 17:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2011-07-13 15:49 . 2011-07-06 14:32 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-07-13 15:49 . 2011-08-08 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn 2011-07-13 15:49 . 2011-07-13 16:04 -------- d-----w- c:\program files\LogMeIn 2011-07-13 13:22 . 2011-07-13 15:48 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\Deployment . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-04 11:43 . 2010-06-29 11:36 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2010-04-16 15:50 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-06-19 07:09 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2010-04-16 15:50 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2010-04-16 15:50 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:35 . 2010-04-16 15:50 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-04 11:35 . 2010-04-16 15:50 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-04 11:32 . 2010-04-16 15:50 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2010-04-16 15:50 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-04 11:32 . 2010-04-16 15:50 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-06 11:35 . 2004-08-05 08:00 1859072 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-06 14:32 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] 2011-01-11 17:04 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart] 2010-10-20 14:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2] 2011-01-31 11:16 703360 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-01 13:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59 254696 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LMIMaint"=2 (0x2) "LogMeIn"=2 (0x2) "gupdatem"=3 (0x3) "gupdate"=2 (0x2) "TapiSrv"=3 (0x3) "JavaQuickStarterService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\Program Files\\Ares\\Ares.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19/06/2011 09:09 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/04/2010 17:50 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/04/2010 17:50 19544] R2 cvhsvc;Client Virtualization Handler;c:\program files\Fichiers communs\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 03:33 821664] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [06/07/2011 16:32 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/01/2011 19:04 12856] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 02:10 483688] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 23:23 554344] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 23:23 211432] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 23:23 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 23:23 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 02:10 209768] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [09/08/2011 15:09 41272] S3 osppsvc;Office Software Protection Platform;c:\program files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000] S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/07/2010 09:12 135664] S4 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04/07/2010 09:12 135664] . Contenu du dossier 'Tâches planifiées' . 2011-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21] . 2011-08-07 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 15:07] . 2011-08-07 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 15:07] . 2011-08-08 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 15:07] . 2011-08-09 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 15:07] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 07:12] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 07:12] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHELINS SUPPRIMES - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-NeroFilterCheck - c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-09 21:24 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ?????? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Heure de fin: 2011-08-09 21:27:14 ComboFix-quarantined-files.txt 2011-08-09 19:27 . Avant-CF: 2 120 130 560 octets libres Après-CF: 2 118 537 216 octets libres . WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect . - - End Of File - - D325F428BF0DB0FBF58BC0255DFE73BE