ComboFix 08-12-09.02 - greg 2008-12-10 13:43:18.3 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.843 [GMT 1:00] Lancé depuis: c:\documents and settings\greg\Bureau\ComboFix.exe [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-10 au 2008-12-10 )))))))))))))))))))))))))))))))))))) . 2008-12-10 13:10 . 2008-12-10 13:10 d-------- c:\documents and settings\greg\Application Data\Bitdefender 2008-12-10 13:09 . 2008-12-10 13:10 d-------- c:\documents and settings\All Users\Application Data\BitDefender 2008-12-10 13:06 . 2008-12-10 13:09 d-------- c:\program files\Fichiers communs\BitDefender 2008-12-10 12:41 . 2008-12-10 12:41 d-------- c:\program files\Trend Micro 2008-12-10 10:24 . 2008-12-10 10:24 d-------- c:\program files\Logitech 2008-12-10 10:24 . 2008-12-10 10:24 d-------- c:\documents and settings\All Users\Application Data\Logitech 2008-12-10 08:56 . 2008-12-10 08:56 d-------- c:\documents and settings\greg\Application Data\GrabIt 2008-12-10 08:54 . 2008-12-10 08:54 d-------- c:\program files\GrabIt 2008-12-09 21:37 . 2008-12-09 21:37 d-------- c:\program files\CCleaner 2008-12-09 21:36 . 2008-12-09 21:36 d-------- c:\documents and settings\All Users\Application Data\Vso 2008-12-09 21:31 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2008-12-09 21:31 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2008-12-09 21:31 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll 2008-12-09 21:31 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll 2008-12-09 21:31 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll 2008-12-09 21:31 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll 2008-12-09 21:31 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll 2008-12-09 21:29 . 2008-12-09 21:31 d-------- c:\program files\VSO 2008-12-09 21:29 . 2008-12-09 21:32 d-------- c:\documents and settings\greg\Application Data\Vso 2008-12-09 21:29 . 2008-12-09 21:29 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-12-09 21:29 . 2008-12-09 21:29 47,360 --a------ c:\documents and settings\greg\Application Data\pcouffin.sys 2008-12-09 17:26 . 2008-12-09 17:26 d-------- c:\program files\FileZilla FTP Client 2008-12-09 17:26 . 2008-12-09 18:00 d-------- c:\documents and settings\greg\Application Data\FileZilla 2008-12-09 12:34 . 2008-12-10 13:35 d-------- c:\program files\Steam 2008-12-09 08:28 . 2008-12-09 08:29 d-------- c:\program files\RegCleaner 2008-12-09 00:42 . 2008-12-09 00:42 d-------- c:\documents and settings\greg\Application Data\MSN6 2008-12-09 00:42 . 2008-12-09 00:42 d-------- c:\documents and settings\All Users\Application Data\MSN6 2008-12-08 23:59 . 2008-12-08 23:59 1,172 --a------ c:\windows\mozver.dat 2008-12-08 23:53 . 2008-12-08 23:53 0 --a------ c:\windows\nsreg.dat 2008-12-08 23:15 . 2008-12-08 23:15 d---s---- c:\documents and settings\greg\UserData 2008-12-08 23:10 . 2008-12-08 23:10 268 --ah----- C:\sqmdata01.sqm 2008-12-08 23:10 . 2008-12-08 23:10 244 --ah----- C:\sqmnoopt01.sqm 2008-12-08 23:10 . 2008-12-10 13:40 121 --a------ c:\windows\bdagent.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 12:37 81,984 ----a-w c:\windows\system32\bdod.bin 2008-12-10 12:09 --------- d-----w c:\program files\BitDefender 2008-12-08 21:56 --------- d-----w c:\program files\MSN Messenger 2008-12-08 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA 2008-12-08 21:16 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-08 21:16 --------- d-----w c:\program files\Realtek AC97 2008-12-08 21:16 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-12-08 21:11 27,904 ----a-w c:\windows\system32\drivers\Ndisprot.sys 2008-12-08 21:04 558,142 ----a-w c:\windows\java\Packages\1RNPZHBB.ZIP 2008-12-08 21:04 155,995 ----a-w c:\windows\java\Packages\NZB937X7.ZIP 2008-12-08 21:04 --------- d-----w c:\program files\microsoft frontpage 2008-12-08 21:01 --------- d-----w c:\program files\Services en ligne 2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584] "Steam"="c:\program files\Steam\Steam.exe" [2008-12-10 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-10-10 7286784] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-10-10 86016] "Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2007-08-07 270336] "nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2007-07-30 87568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . . ------- Examen supplémentaire ------- . TCP: NameServer = 85.255.115.51;85.255.112.187 TCP: {217FAA28-1F2F-4AB3-A175-2A8B53CC2ECA} = 85.255.115.51;85.255.112.187 O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FireFox -: Profile - c:\documents and settings\greg\Application Data\Mozilla\Firefox\Profiles\yklvrfwm.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-10 13:44:11 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys] "imagepath"="\systemroot\system32\drivers\msqpdxmaxtoeqh.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . Heure de fin: 2008-12-10 13:44:30 ComboFix-quarantined-files.txt 2008-12-10 12:44:29 Avant-CF: 74 266 083 328 octets libres Après-CF: 74,286,174,208 octets libres 122