253 utilisateurs connectés
fichier log combofix
mati6969
le 16 septembre 2008 à 17h46
QkDgUhSfVRrUcm6nt3QBfBmBgm7Pqqn8ComboFix 08-08-28.06 - admin 2008-09-17 17:06:07.2 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.752 [GMT 2:00]
Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\WinXP_FR_PER_BF.EXE
.
- FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-17 to 2008-09-17 ))))))))))))))))))))))))))))))))))))
.
2008-09-16 15:53 . 2008-09-16 15:53 <REP> d-------- C:\Program Files\SAV
2008-09-16 15:53 . 2008-09-16 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nspoterc
2008-09-16 15:53 . 2008-09-08 13:12 165,888 --a------ C:\WINDOWS\system32\sav.cpl
2008-09-16 15:53 . 2008-09-16 15:53 119,300 --a------ C:\WINDOWS\system32\mshtml90.dll
2008-09-16 15:53 . 2008-09-16 15:53 86,016 --a------ C:\WINDOWS\system32\yvajorqn.exe
2008-09-09 12:07 . 2008-09-09 12:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-09-09 11:25 . 2008-09-09 11:25 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-03 16:50 . 2005-04-04 18:59 176,128 --a------ C:\WINDOWS\system32\nvuaudio.exe
2008-08-30 11:08 . 2008-09-06 12:14 <REP> d-------- C:\Program Files\a-squared Free
2008-08-30 10:46 . 2008-08-30 10:46 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-30 10:07 . 2008-08-30 10:07 <REP> d-------- C:\VundoFix Backups
2008-08-30 09:59 . 2008-08-30 09:59 <REP> d-------- C:\Pocket Killbox
2008-08-30 09:51 . 2008-08-30 09:48 92,672 --a------ C:\WINDOWS\system32\KillBox.exe
2008-08-30 09:48 . 2008-08-30 09:48 <REP> d-------- C:\!KillBox
2008-08-29 15:13 . 2008-08-29 15:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-29 15:13 . 2008-08-29 15:13 <REP> d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-08-29 15:07 . 2008-08-29 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-29 15:07 . 2008-08-29 15:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-29 11:18 . 2008-08-29 11:18 <REP> d-------- C:\WINDOWS\system32\Data
2008-08-29 11:18 . 2003-08-28 10:29 35,766 -ra------ C:\WINDOWS\system32\Emu10kx.ini
2008-08-29 11:18 . 2003-08-28 10:28 20,480 --a------ C:\WINDOWS\INRES.DLL
2008-08-29 11:18 . 2003-08-28 10:29 29 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-08-29 10:58 . 2008-08-29 10:58 <REP> d-------- C:\NVIDIA
2008-08-29 10:41 . 2008-08-29 10:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-08-29 10:14 . 2008-08-29 10:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI MMC
2008-08-29 10:14 . 2008-08-30 16:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-29 09:45 . 2008-08-29 09:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-08-29 09:35 . 2008-09-09 12:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
2008-08-29 09:32 . 2008-08-29 09:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-08-29 09:23 . 2007-04-10 16:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-29 09:23 . 2007-04-10 16:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-29 09:23 . 2007-04-10 15:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-29 09:23 . 2008-08-29 10:41 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-29 09:23 . 2007-04-10 16:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-29 09:23 . 2007-04-10 16:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-08-29 09:23 . 2008-08-29 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-29 09:23 . 2008-09-09 11:45 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-25 10:04 . 2008-08-25 11:09 <REP> d-------- C:\Program Files\LimeWire
2008-08-21 15:48 . 2008-08-21 15:49 2,694,725 --a------ C:\Enrique Inglesias - Do You Know What It Feels Like.mp3
2008-08-21 15:35 . 2008-08-25 14:56 37,440 --a------ C:\WINDOWS\system32\drivers\pssdklbf.drv
2008-08-21 15:35 . 2008-08-29 14:26 30,272 --a------ C:\WINDOWS\system32\drivers\pssdk31.drv
2008-08-18 15:02 . 2008-09-17 17:06 <REP> d-------- C:\Documents and Settings\admin\Application Data\BitTorrent
2008-08-18 15:01 . 2008-09-03 13:01 <REP> d-------- C:\Program Files\DNA
2008-08-18 15:01 . 2008-08-18 15:01 <REP> d-------- C:\Program Files\BitTorrent
2008-08-18 15:01 . 2008-09-03 13:01 <REP> d-------- C:\Documents and Settings\admin\Application Data\DNA
2008-08-18 14:23 . 2008-08-18 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-18 14:21 . 2008-08-18 14:21 <REP> d-------- C:\Program Files\AskSBar
2008-08-18 14:18 . 2008-08-19 13:28 <REP> d-------- C:\Program Files\Azureus
2008-08-18 11:08 . 2008-08-21 16:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-18 11:08 . 2008-08-21 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 10:49 . 2008-08-19 17:00 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 09:49 . 2008-08-18 09:49 <REP> d-------- C:\Program Files\Alwil Software
2008-08-18 09:00 . 2008-08-18 09:00 <REP> d-------- C:\Program Files\hxwdxjd
2008-08-18 09:00 . 2008-08-18 09:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ubsxqhcj
2008-08-18 09:00 . 2008-08-18 09:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hmpejqfo
2008-08-17 22:24 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 08:53 3,532 ----a-w C:\drmHeader.bin
2008-09-04 08:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 08:36 --------- d-----w C:\Program Files\Logitech
2008-09-04 08:34 --------- d-----w C:\Program Files\SlySoft
2008-09-04 08:18 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-30 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-08-29 07:30 --------- d-----w C:\Program Files\Yahoo!
2008-08-26 10:26 --------- d-----w C:\Program Files\eMule
2008-08-25 09:08 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-08-18 12:49 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus
2008-08-18 10:43 --------- d-----w C:\Program Files\IVCsoft
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-28 10:27 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-26 21:40 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-07-26 21:40 --------- d-----w C:\Program Files\XviD
2008-07-26 21:40 --------- d-----w C:\Program Files\Lame MP3 Codec
2008-07-26 21:39 --------- d-----w C:\Program Files\Samsung
2008-07-17 08:16 --------- d-----w C:\Program Files\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-01-03 09:40 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
.
------- Sigcheck -------
2001-09-28 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
2001-09-28 14:00 434176 7486a7d62930d64e83cd847c3c69e7cc C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-09-28 14:00 1005056 9e20a8ef0ca524446afee29f4423cc8f C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2001-09-28 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
2001-09-28 14:00 11776 2c2431b30a629123c1757582c9d93f38 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2001-09-28 14:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-11 01:53 58880 36a59559967eb1ae055dbc97be7f5a9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-18 14:21 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-18 14:21 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-12-01 15:28 69709]
"ares"="C:\Program Files\Ares\Ares.exe" [BU]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:40 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-13 19:22 32768]
"hlpsysact"="C:\WINDOWS\system32\dejansxa.exe" [BU]
"ATI Launchpad"="" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\WINDOWS\READREG" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 21:10 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-08 00:13 32768]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 18:03 278528]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [BU]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-05 17:38 155648]
"lphcvvwj0e1da"="C:\WINDOWS\system32\lphcvvwj0e1da.exe" [BU]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [BU]
"Cmaudio"="cmicnfg.cpl" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [BU]
"CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-08 00:13 32768]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-12-08 00:13:08 32768]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-13 19:23:03 450560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"cmdmsgcom"= {5142D186-6DC4-22A7-955E-0ABBD8A6CD53} - C:\Program Files\hxwdxjd\cmdmsgcom.dll [2008-08-18 09:00 106496]
"DRopOF"= {54D03FEF-FE7A-9545-D05E-500E73FE22C9} - C:\WINDOWS\System32\ira.dll [2007-04-16 17:53 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YU12"= ATIYUV12.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 PsSdk31;PsSdk31;C:\WINDOWS\system32\Drivers\pssdk31.drv [2008-08-29 14:26]
S3 PsSdkLBF;PsSdkLBF;C:\WINDOWS\system32\Drivers\pssdklbf.drv [2008-08-25 14:56]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys []
S3 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2005-01-17 20:40]
*Newly Created Service* - SR
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\dpz7cphp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:(...)
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 17:06:24
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
C:\DOCUME~1\admin\LOCALS~1\Temp\RGI10.tmp
Scan terminé avec succès
Les fichiers cachés: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk31]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdkLBF]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\pssdklbf.drv"
.
Temps d'accomplissement: 2008-09-17 17:09:04
ComboFix-quarantined-files.txt 2008-09-17 15:09:02
ComboFix2.txt 2008-09-17 14:47:21
ComboFix3.txt 2008-08-30 10:17:41
Pre-Run: 8,563,716,096 octets libres
Post-Run: 8,512,917,504 octets libres
WinXP_FR_PER_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
224 --- E O F --- 2008-08-18 01:03:51
jai besoin daide merci
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.752 [GMT 2:00]
Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\WinXP_FR_PER_BF.EXE
.
- FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-17 to 2008-09-17 ))))))))))))))))))))))))))))))))))))
.
2008-09-16 15:53 . 2008-09-16 15:53 <REP> d-------- C:\Program Files\SAV
2008-09-16 15:53 . 2008-09-16 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nspoterc
2008-09-16 15:53 . 2008-09-08 13:12 165,888 --a------ C:\WINDOWS\system32\sav.cpl
2008-09-16 15:53 . 2008-09-16 15:53 119,300 --a------ C:\WINDOWS\system32\mshtml90.dll
2008-09-16 15:53 . 2008-09-16 15:53 86,016 --a------ C:\WINDOWS\system32\yvajorqn.exe
2008-09-09 12:07 . 2008-09-09 12:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-09-09 11:25 . 2008-09-09 11:25 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-03 16:50 . 2005-04-04 18:59 176,128 --a------ C:\WINDOWS\system32\nvuaudio.exe
2008-08-30 11:08 . 2008-09-06 12:14 <REP> d-------- C:\Program Files\a-squared Free
2008-08-30 10:46 . 2008-08-30 10:46 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-30 10:07 . 2008-08-30 10:07 <REP> d-------- C:\VundoFix Backups
2008-08-30 09:59 . 2008-08-30 09:59 <REP> d-------- C:\Pocket Killbox
2008-08-30 09:51 . 2008-08-30 09:48 92,672 --a------ C:\WINDOWS\system32\KillBox.exe
2008-08-30 09:48 . 2008-08-30 09:48 <REP> d-------- C:\!KillBox
2008-08-29 15:13 . 2008-08-29 15:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-29 15:13 . 2008-08-29 15:13 <REP> d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-08-29 15:07 . 2008-08-29 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-29 15:07 . 2008-08-29 15:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-29 11:18 . 2008-08-29 11:18 <REP> d-------- C:\WINDOWS\system32\Data
2008-08-29 11:18 . 2003-08-28 10:29 35,766 -ra------ C:\WINDOWS\system32\Emu10kx.ini
2008-08-29 11:18 . 2003-08-28 10:28 20,480 --a------ C:\WINDOWS\INRES.DLL
2008-08-29 11:18 . 2003-08-28 10:29 29 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-08-29 10:58 . 2008-08-29 10:58 <REP> d-------- C:\NVIDIA
2008-08-29 10:41 . 2008-08-29 10:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-08-29 10:14 . 2008-08-29 10:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI MMC
2008-08-29 10:14 . 2008-08-30 16:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-29 09:45 . 2008-08-29 09:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-08-29 09:35 . 2008-09-09 12:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
2008-08-29 09:32 . 2008-08-29 09:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-08-29 09:23 . 2007-04-10 16:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-29 09:23 . 2007-04-10 16:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-29 09:23 . 2007-04-10 15:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-29 09:23 . 2008-08-29 10:41 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-29 09:23 . 2007-04-10 16:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-29 09:23 . 2007-04-10 16:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-08-29 09:23 . 2008-08-29 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-29 09:23 . 2008-09-09 11:45 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-25 10:04 . 2008-08-25 11:09 <REP> d-------- C:\Program Files\LimeWire
2008-08-21 15:48 . 2008-08-21 15:49 2,694,725 --a------ C:\Enrique Inglesias - Do You Know What It Feels Like.mp3
2008-08-21 15:35 . 2008-08-25 14:56 37,440 --a------ C:\WINDOWS\system32\drivers\pssdklbf.drv
2008-08-21 15:35 . 2008-08-29 14:26 30,272 --a------ C:\WINDOWS\system32\drivers\pssdk31.drv
2008-08-18 15:02 . 2008-09-17 17:06 <REP> d-------- C:\Documents and Settings\admin\Application Data\BitTorrent
2008-08-18 15:01 . 2008-09-03 13:01 <REP> d-------- C:\Program Files\DNA
2008-08-18 15:01 . 2008-08-18 15:01 <REP> d-------- C:\Program Files\BitTorrent
2008-08-18 15:01 . 2008-09-03 13:01 <REP> d-------- C:\Documents and Settings\admin\Application Data\DNA
2008-08-18 14:23 . 2008-08-18 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-18 14:21 . 2008-08-18 14:21 <REP> d-------- C:\Program Files\AskSBar
2008-08-18 14:18 . 2008-08-19 13:28 <REP> d-------- C:\Program Files\Azureus
2008-08-18 11:08 . 2008-08-21 16:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-18 11:08 . 2008-08-21 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 10:49 . 2008-08-19 17:00 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 09:49 . 2008-08-18 09:49 <REP> d-------- C:\Program Files\Alwil Software
2008-08-18 09:00 . 2008-08-18 09:00 <REP> d-------- C:\Program Files\hxwdxjd
2008-08-18 09:00 . 2008-08-18 09:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ubsxqhcj
2008-08-18 09:00 . 2008-08-18 09:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hmpejqfo
2008-08-17 22:24 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 08:53 3,532 ----a-w C:\drmHeader.bin
2008-09-04 08:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 08:36 --------- d-----w C:\Program Files\Logitech
2008-09-04 08:34 --------- d-----w C:\Program Files\SlySoft
2008-09-04 08:18 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-30 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-08-29 07:30 --------- d-----w C:\Program Files\Yahoo!
2008-08-26 10:26 --------- d-----w C:\Program Files\eMule
2008-08-25 09:08 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-08-18 12:49 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus
2008-08-18 10:43 --------- d-----w C:\Program Files\IVCsoft
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-28 10:27 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-26 21:40 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-07-26 21:40 --------- d-----w C:\Program Files\XviD
2008-07-26 21:40 --------- d-----w C:\Program Files\Lame MP3 Codec
2008-07-26 21:39 --------- d-----w C:\Program Files\Samsung
2008-07-17 08:16 --------- d-----w C:\Program Files\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-01-03 09:40 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
.
------- Sigcheck -------
2001-09-28 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
2001-09-28 14:00 434176 7486a7d62930d64e83cd847c3c69e7cc C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-09-28 14:00 1005056 9e20a8ef0ca524446afee29f4423cc8f C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2001-09-28 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
2001-09-28 14:00 11776 2c2431b30a629123c1757582c9d93f38 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2001-09-28 14:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-11 01:53 58880 36a59559967eb1ae055dbc97be7f5a9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-18 14:21 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-18 14:21 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-12-01 15:28 69709]
"ares"="C:\Program Files\Ares\Ares.exe" [BU]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:40 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-13 19:22 32768]
"hlpsysact"="C:\WINDOWS\system32\dejansxa.exe" [BU]
"ATI Launchpad"="" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\WINDOWS\READREG" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 21:10 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-08 00:13 32768]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 18:03 278528]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [BU]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-05 17:38 155648]
"lphcvvwj0e1da"="C:\WINDOWS\system32\lphcvvwj0e1da.exe" [BU]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [BU]
"Cmaudio"="cmicnfg.cpl" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [BU]
"CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-08 00:13 32768]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-12-08 00:13:08 32768]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-13 19:23:03 450560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"cmdmsgcom"= {5142D186-6DC4-22A7-955E-0ABBD8A6CD53} - C:\Program Files\hxwdxjd\cmdmsgcom.dll [2008-08-18 09:00 106496]
"DRopOF"= {54D03FEF-FE7A-9545-D05E-500E73FE22C9} - C:\WINDOWS\System32\ira.dll [2007-04-16 17:53 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YU12"= ATIYUV12.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 PsSdk31;PsSdk31;C:\WINDOWS\system32\Drivers\pssdk31.drv [2008-08-29 14:26]
S3 PsSdkLBF;PsSdkLBF;C:\WINDOWS\system32\Drivers\pssdklbf.drv [2008-08-25 14:56]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys []
S3 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2005-01-17 20:40]
*Newly Created Service* - SR
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\dpz7cphp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:(...)
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 17:06:24
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
C:\DOCUME~1\admin\LOCALS~1\Temp\RGI10.tmp
Scan terminé avec succès
Les fichiers cachés: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk31]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdkLBF]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\pssdklbf.drv"
.
Temps d'accomplissement: 2008-09-17 17:09:04
ComboFix-quarantined-files.txt 2008-09-17 15:09:02
ComboFix2.txt 2008-09-17 14:47:21
ComboFix3.txt 2008-08-30 10:17:41
Pre-Run: 8,563,716,096 octets libres
Post-Run: 8,512,917,504 octets libres
WinXP_FR_PER_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
224 --- E O F --- 2008-08-18 01:03:51
jai besoin daide merci
répondre
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
Discussions les plus actives
- mon pc rame a mort j ai des pic de uc a 70 a 100 %
- virus ou anti-virus 360? comment s'en débarrasser, je galère
- PC extremement lent et msg d'erreur
- disque dur,amovible,interne ne s'ouvre plus en 2 clic(virus)
- Connection internet impossible causée par virus
- comment nettoyer mon ordinateur?
- [RESOLU] Avast, pare feu ... tous bloqués !!
- infecté par spyware-secure ? (résolu)
- macrovirus : W97/Thus.AD (résolu)
- virus et disfonctionnement
 |
 |
> Jeu en ligne
Everest Poker Profitez de 300$ de bonus de bienvenue.
|
 |
||
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.