ComboFix 09-03-02.03 - Florent 2009-03-04 20:39:12.1 - [color=red][b]FAT32[/b][/color]x86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.749 [GMT 1:00] Lancé depuis: c:\greenv\CBFIX.COM AV: BitDefender Antivirus *On-access scanning enabled* (Updated) FW: BitDefender Firewall *enabled* AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\XPPoliceAntivirus c:\windows\system32\autorun.ini c:\windows\system32\drivers\npf.sys c:\windows\system32\gUwU4N48.exe.a_a c:\windows\system32\mcenspc.dll c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\tdssinit.dll c:\windows\system32\wpcap.dll c:\windows\system32\xCAb324A.exe.a_a c:\windows\ynh.dx ----- BITS: Il y a peut-être des sites infectés ----- hxxp://vestepau.cn . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-04 au 2009-03-04 )))))))))))))))))))))))))))))))))))) . 2009-03-04 20:16 . 2009-03-04 20:16 d-------- C:\GreenV 2009-03-03 13:58 . 2008-04-14 04:34 26,624 --a------ c:\windows\system32\stu2.exe 2009-02-24 21:37 . 2009-03-04 17:20 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-24 21:37 . 2009-02-24 21:38 1,409 --a------ c:\windows\QTFont.for . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 19:30 81,984 ----a-w c:\windows\system32\bdod.bin 2009-03-04 10:08 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys 2009-03-03 12:58 17,920 ----a-w c:\windows\system32\userinit.exe 2009-01-19 11:35 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys 2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll 2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll 2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll 2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll 2008-12-20 22:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll 2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll 2008-12-20 22:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll 2008-12-20 22:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll 2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll 2008-12-19 09:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2006-12-12 17:25 644 ----a-w c:\documents and settings\Florent\Application Data\wklnhst.dat 2008-09-03 10:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090320080904\index.dat . ------- Sigcheck ------- 2009-03-03 13:58 17920 3d2deea032afd945261542b345733a5f c:\windows\system32\userinit.exe 2004-08-05 05:00 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-07 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-07 126976] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218] "PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416] "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512] "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488] "eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-03-17 32768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-28 741376] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-11-18 69632] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-10-05 169472] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\PVSW\\Bin\\w3dbsmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19631:TCP"= 19631:TCP:BitComet 19631 TCP "19631:UDP"= 19631:UDP:BitComet 19631 UDP "15794:TCP"= 15794:TCP:BitComet 15794 TCP "15794:UDP"= 15794:UDP:BitComet 15794 UDP "15909:TCP"= 15909:TCP:BitComet 15909 TCP "15909:UDP"= 15909:UDP:BitComet 15909 UDP R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82696] R2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [2006-12-07 32768] R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-10-04 4096] R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-10-04 78208] R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-10-04 7296] R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-10-04 4010] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-08-14 104328] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\Florent\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\Florent\LOCALS~1\Temp\DMSKSSRh.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-02-28 c:\windows\Tasks\At1.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At2.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At3.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At4.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At5.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At6.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At7.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At8.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At9.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At10.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At11.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At12.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At13.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At14.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At15.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At16.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At17.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At18.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At19.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At20.job - c:\windows\system32\xCAb324A.exe [] 2009-03-04 c:\windows\Tasks\At21.job - c:\windows\system32\xCAb324A.exe [] 2009-03-03 c:\windows\Tasks\At22.job - c:\windows\system32\xCAb324A.exe [] 2009-03-03 c:\windows\Tasks\At23.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At24.job - c:\windows\system32\xCAb324A.exe [] 2009-02-28 c:\windows\Tasks\At25.job - c:\windows\system32\gUwU4N48.exe [] 2009-02-28 c:\windows\Tasks\At26.job - c:\windows\system32\gUwU4N48.exe [] 2009-02-28 c:\windows\Tasks\At27.job - c:\windows\system32\gUwU4N48.exe [] 2009-02-28 c:\windows\Tasks\At28.job - c:\windows\system32\gUwU4N48.exe [] 2009-02-28 c:\windows\Tasks\At29.job - c:\windows\system32\gUwU4N48.exe [] 2009-02-28 c:\windows\Tasks\At30.job - c:\windows\system32\gUwU4N48.exe [] 2009-02-28 c:\windows\Tasks\At31.job - c:\windows\system32\gUwU4N48.exe [] 2009-02-28 c:\windows\Tasks\At32.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At33.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At34.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At35.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At36.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At37.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At38.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At39.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At40.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At41.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At42.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At43.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At44.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-04 c:\windows\Tasks\At45.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-03 c:\windows\Tasks\At46.job - c:\windows\system32\gUwU4N48.exe [] 2009-03-03 c:\windows\Tasks\At47.job - c:\windows\system32\gUwU4N48.exe [] 2009-02-28 c:\windows\Tasks\At48.job - c:\windows\system32\gUwU4N48.exe [] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-04 20:45:03 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1308) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(544) c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\program files\CyberLink\Shared Files\CLRCEngine.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\Ati2evxx.exe c:\acer\eManager\anbmServ.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\pvsw\BIN\W3dbsmgr.EXE c:\windows\system32\wdfmgr.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\program files\Logitech\MouseWare\system\em_exec.exe c:\program files\acer\eRecovery\Monitor.exe . ************************************************************************** . Heure de fin: 2009-03-04 20:49:26 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-04 19:49:22 Avant-CF: 8 260 354 048 octets libres Après-CF: 7,117,242,368 octets libres 284 --- E O F --- 2008-06-20 15:24:03