Bonsoir,
mon ordi était infecté par un virus et j'ai du utiliser combofix. est-ce que qqun pourrait m'aider a interpréter le rapport?
le-voici....merci d'avance!
ComboFix 09-02-27.02 - TOLIS 2009-02-28 2:28:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.87 [GMT 1:00]
Running from: c:\documents and settings\TOLIS\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090227-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\autorun.inf
c:\documents and settings\TOLIS\Application Data\PrivacyProtector Free
c:\documents and settings\TOLIS\Application Data\PrivacyProtector Free\Logs\update.log
c:\documents and settings\TOLIS\err.log
C:\MS32DLL.dll.vbs
c:\windows\MS32DLL.dll.vbs
D:\Autorun.inf
D:\MS32DLL.dll.vbs
.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.
2009-02-28 01:03 . 2009-02-28 01:03 <DIR> d-------- c:\program files\Alwil Software
2009-02-27 21:25 . 2009-02-27 21:36 <DIR> d-------- C:\hijackthis
2009-02-27 20:37 . 2009-02-27 23:27 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-27 20:31 . 2009-02-27 20:31 <DIR> d-------- c:\program files\AVG
2009-02-27 20:31 . 2009-02-28 00:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> dr------- c:\program files\Skype
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-29 17:26 . 2009-01-29 17:28 <DIR> d-------- c:\documents and settings\TOLIS\Application Data\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 01:18 --------- d-----w c:\program files\MioNet
2009-02-27 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-27 17:45 --------- d-----w c:\documents and settings\TOLIS\Application Data\Skype
2009-02-27 16:48 --------- d-----w c:\documents and settings\TOLIS\Application Data\skypePM
2009-02-23 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-16 21:00 --------- d-----w c:\documents and settings\TOLIS\Application Data\dvdcss
2009-02-14 17:34 --------- d-----w c:\documents and settings\TOLIS\Application Data\uTorrent
2009-01-27 10:19 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-27 10:10 --------- d-----w c:\program files\Common Files\Real
2009-01-16 19:04 --------- d-----w c:\program files\Lexmark 1200 Series
2009-01-07 22:18 42,576 ----a-w c:\documents and settings\TOLIS\Application Data\GDIPFONTCACHEV1.DAT
2009-01-01 09:15 --------- d-----w c:\program files\Google
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-15 09:56 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 18:14 2,336 ----a-w c:\program files\odp-1.2-bin-windows-en-US.exe.sdm
2008-10-19 17:39 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101920081020\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 352256]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077329]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-08-24 190024]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 1838592]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ATIPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\TOLIS\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\WINDOWS\\system32\\sol.exe"=
"c:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\InvokeSvc2.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"12672:TCP"= 12672:TCP:NortonAV
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2008-04-03 17952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
R2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [2005-07-15 139264]
S3 SPC610NC;Philips SPC500NC Webcam;c:\windows\system32\drivers\SPC610NC.sys [2006-11-16 156800]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
*Deregistered* - NDISRD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04d0c332-fe4a-11dc-a719-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ebd0006-e244-11dc-a6dc-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ebd01cf-e244-11dc-a6dc-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ebd01ff-e244-11dc-a6dc-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e576961-edfe-11dd-a8f2-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d5f5aa2-a3eb-11dc-a66f-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dcd3a2f-ce57-11dc-a6a9-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a71feffe-2788-11dd-a76e-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af671aa6-590b-11db-94f6-00a0d13e2bdf}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
.
Contents of the 'Scheduled Tasks' folder
2009-02-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 14:22]
2008-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2009-02-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-02-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 19:55]
2008-12-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 19:55]
2006-08-24 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 01:12]
2006-08-24 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 01:12]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-internet.fr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
https://onedrive.live.com/?id=favorites
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?b4c4a121e12b4da0a0af6010bc6a7912
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?b4c4a121e12b4da0a0af6010bc6a7912
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\TOLIS\Application Data\Mozilla\Firefox\Profiles\czc11nap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.club-internet.fr/
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-28 02:30:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\GTGina.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-28 2:33:33
ComboFix-quarantined-files.txt 2009-02-28 01:33:11
Pre-Run: 11,732,520,960 bytes free
Post-Run: 11,718,090,752 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
229 --- E O F --- 2009-02-25 19:42:46
Afficher la suite