Virus plantage dordinateur
MARVEL
-
Mndrs78 Messages postés 462 Statut Membre -
Mndrs78 Messages postés 462 Statut Membre -
Bonjour,
ComboFix 09-04-23.02 - DARGA 2009-04-22 23:27.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1575 [GMT 2:00]
Lancé depuis: c:\documents and settings\DARGA\Mes documents\Downloads\Programs\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-23 au 2009-04-23 ))))))))))))))))))))))))))))))))))))
.
2009-04-21 20:03 . 2009-04-21 20:03 -------- d-----w c:\windows\Downloaded Installations
2009-04-21 20:03 . 2009-04-21 20:03 -------- d-----w c:\windows\Dreamweaver 8.0
2009-04-19 07:41 . 2009-04-19 07:41 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Help
2009-04-11 20:38 . 2009-04-11 20:38 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\Help
2009-04-11 10:03 . 2009-04-11 10:03 -------- d-----w c:\documents and settings\DARGA\Application Data\Ahead
2009-04-10 23:04 . 2009-04-10 23:04 -------- d-----w c:\documents and settings\DARGA\Application Data\Apple Computer
2009-04-08 14:38 . 2009-04-08 14:38 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\Apple Computer
2009-04-08 14:37 . 2009-04-10 23:03 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-08 14:37 . 2009-04-08 14:37 1409 ----a-w c:\windows\QTFont.for
2009-04-08 13:50 . 2009-04-08 13:50 0 ----a-w c:\windows\nsreg.dat
2009-04-08 13:50 . 2009-04-08 13:50 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\Mozilla
2009-04-05 09:16 . 2004-04-19 13:17 135168 ----a-w c:\windows\system32\SLMOHServ.dll
2009-04-05 09:16 . 2004-04-19 13:16 65536 ----a-w c:\windows\SmCfg.exe
2009-04-05 09:16 . 2004-04-19 13:12 528384 ----a-w c:\windows\system32\SLLights.dll
2009-04-05 09:16 . 2004-04-19 12:21 167936 ----a-w c:\windows\system32\minirec.exe
2009-04-05 09:16 . 2004-04-19 12:15 15040 ----a-w c:\windows\system32\drivers\winddx.sys
2009-04-05 09:16 . 2004-04-19 11:52 454656 ----a-w c:\windows\system32\slcpappl.cpl
2009-04-05 09:16 . 2004-04-19 11:07 208896 ----a-w c:\windows\system32\amr_cpl.dll
2009-04-05 09:16 . 2004-04-19 10:53 351183 ----a-w c:\windows\system32\slmh.cab
2009-04-05 09:16 . 2004-04-19 10:53 368640 ----a-w c:\windows\system32\slmh.exe
2009-04-05 09:16 . 2004-01-05 08:52 138560 ----a-w c:\windows\system32\slcpappl.chm
2009-04-05 07:12 . 2009-04-05 07:12 -------- d-----w c:\documents and settings\DARGA\rene
2009-04-05 04:51 . 2009-04-05 04:51 -------- d-----w c:\documents and settings\All Users\Application Data\1636B
2009-04-04 00:54 . 2009-04-04 00:54 -------- d-----w c:\documents and settings\DARGA\Application Data\Ambient Design
2009-04-03 22:43 . 2009-04-03 22:43 -------- d-----w c:\documents and settings\All Users\Application Data\260
2009-04-02 05:04 . 2009-04-02 05:04 -------- d-----w c:\documents and settings\All Users\Application Data\1C232
2009-04-01 05:32 . 2009-04-01 05:32 -------- d-----w c:\documents and settings\All Users\Application Data\2EA
2009-03-31 23:24 . 2009-03-31 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\B195
2009-03-31 23:23 . 2009-04-08 14:59 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\BearShare
2009-03-31 23:23 . 2008-09-25 13:20 483328 ----a-w c:\windows\system32\actskn45.ocx
2009-03-27 15:45 . 2009-03-27 15:45 385 ----a-w c:\windows\ODBC.INI
2009-03-27 15:45 . 2003-06-19 00:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-03-27 15:44 . 2009-03-27 15:44 -------- d-----w c:\windows\SHELLNEW
2009-03-27 15:38 . 2009-04-22 15:21 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\Ares
2009-03-26 23:15 . 2009-03-26 23:15 46 ----a-w c:\windows\CDT.ini
2009-03-26 10:17 . 2009-04-22 21:23 -------- d-----w c:\documents and settings\DARGA\Application Data\Skype
2009-03-25 15:43 . 2009-03-25 15:43 -------- d-----w c:\documents and settings\DARGA\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 21:28 . 2009-03-17 04:12 -------- d-----w c:\documents and settings\DARGA\Application Data\DMCache
2009-04-22 20:08 . 2001-09-28 12:00 48692 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 20:08 . 2001-09-28 12:00 366894 ----a-w c:\windows\system32\perfh00C.dat
2009-04-22 20:03 . 2009-03-13 10:56 -------- d-----w c:\program files\SuperCopier2
2009-04-22 19:29 . 2009-03-17 04:12 -------- d-----w c:\documents and settings\DARGA\Application Data\IDM
2009-04-22 19:29 . 2009-04-22 19:29 -------- d-----w c:\program files\Internet Download Manager
2009-04-22 14:06 . 2009-03-24 12:31 81312 ----a-w c:\documents and settings\DARGA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 20:07 . 2009-04-21 20:04 -------- d-----w c:\program files\Fichiers communs\Macromedia
2009-04-21 20:05 . 2009-04-21 20:04 -------- d-----w c:\program files\Macromedia
2009-04-21 20:03 . 2009-04-21 20:03 -------- d-----w c:\program files\Dreamweaver 8.0
2009-04-17 16:10 . 2009-03-17 03:54 -------- d-----w c:\program files\Free Audio Pack
2009-04-08 13:05 . 2009-04-08 12:54 -------- d-----w c:\program files\Yahoo!
2009-04-08 13:05 . 2009-03-14 20:58 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-31 23:23 . 2009-03-31 23:23 -------- d-----w c:\program files\BearShare Applications
2009-03-27 20:24 . 2009-03-14 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-27 15:44 . 2009-03-27 15:44 -------- d-----w c:\program files\Microsoft.NET
2009-03-27 15:38 . 2009-03-27 15:38 -------- d-----w c:\program files\Ares
2009-03-26 10:43 . 2009-03-13 07:35 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 10:17 . 2009-03-26 10:17 -------- d-----r c:\program files\Skype
2009-03-26 10:17 . 2009-03-13 21:03 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-24 09:36 . 2009-03-13 11:09 -------- d-----w c:\program files\CommentCaMarche
2009-03-20 19:59 . 2009-03-13 01:05 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-03-20 19:58 . 2009-03-13 21:06 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-03-20 19:58 . 2009-03-13 21:06 -------- d-----w c:\program files\Fichiers communs\Ulead Systems
2009-03-17 04:20 . 2009-03-13 10:58 -------- d-----w c:\program files\VirtualDJ
2009-03-17 03:55 . 2009-03-17 03:54 -------- d-----w c:\program files\Total Video Converter
2009-03-16 21:04 . 2009-03-13 21:05 -------- d-----w c:\documents and settings\DARGA\Application Data\skypePM
2009-03-15 00:47 . 2009-03-13 21:04 -------- d-----w c:\program files\Google
2009-03-14 22:43 . 2009-03-14 22:43 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-14 21:13 . 2009-03-14 20:51 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-14 21:04 . 2009-03-13 21:14 -------- d-----w c:\documents and settings\DARGA\Application Data\Ulead Systems
2009-03-14 20:58 . 2009-03-14 20:58 -------- d-----w c:\documents and settings\DARGA\Application Data\Yahoo!
2009-03-14 00:16 . 2009-03-13 10:56 -------- d-----w c:\program files\Ahead
2009-03-13 21:08 . 2009-03-13 21:08 -------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-03-13 21:08 . 2009-03-13 21:08 -------- d-----w c:\program files\SmartSound Software
2009-03-13 21:08 . 2009-03-13 21:07 -------- d-----w c:\program files\QuickTime
2009-03-13 21:07 . 2009-03-13 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-13 21:07 . 2009-03-13 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-03-13 21:07 . 2009-03-13 21:07 -------- d-----w c:\program files\Windows Media Components
2009-03-13 21:06 . 2009-03-13 01:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 15:10 . 2009-03-13 15:10 -------- d-----w c:\documents and settings\DARGA\Application Data\InterVideo
2009-03-13 15:09 . 2009-03-13 15:09 -------- d-----w c:\program files\InterVideo
2009-03-13 10:58 . 2009-03-13 10:57 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-13 10:56 . 2009-03-13 10:56 -------- d-----w c:\program files\Fichiers communs\Ahead
2009-03-13 10:53 . 2009-03-13 10:53 -------- d-----w c:\program files\Lavalys
2009-03-13 07:28 . 2009-03-13 07:28 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-13 07:27 . 2009-03-13 07:26 -------- d-----w c:\program files\CyberLink
2009-03-13 07:14 . 2009-03-13 07:14 -------- d-----w c:\documents and settings\All Users\Application Data\Prism
2009-03-13 07:12 . 2009-03-13 07:12 -------- d-----w c:\program files\Realtek Sound Manager
2009-03-13 07:12 . 2009-03-13 07:12 -------- d-----w c:\program files\AvRack
2009-03-13 07:11 . 2009-03-13 07:11 -------- d-----w c:\program files\Synaptics
2009-03-13 07:10 . 2009-03-13 07:10 -------- d-----w c:\program files\ATI Technologies
2009-03-13 07:05 . 2009-03-13 07:05 -------- d-----w c:\program files\Fujitsu Siemens Computers
2009-03-13 07:05 . 2009-03-13 07:05 -------- d-----w c:\program files\Fichiers communs\Fujitsu Siemens Computers
2009-03-13 01:48 . 2009-03-13 00:42 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-13 01:12 . 2009-03-13 01:12 -------- d-----w c:\program files\Avira
2009-03-13 01:12 . 2009-03-13 01:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-13 00:44 . 2009-03-13 00:44 -------- d-----w c:\program files\microsoft frontpage
2009-03-13 00:41 . 2009-03-13 00:41 -------- d-----w c:\program files\Services en ligne
2009-03-13 00:39 . 2009-03-13 00:39 21892 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-15 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-22 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 610304]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-13 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"GroupManager"="c:\program files\Dreamweaver 8.0\groupmanager.exe" [2009-02-12 32256]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-20 67584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51 13560]
S3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2005-08-01 191092]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2005-08-01 6100]
S3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-07-19 393280]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d75c76c-2d8c-11de-8679-00030d13ea07}]
\Shell\AutoRun\command - luk1ylq.com
\Shell\open\Command - luk1ylq.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39465f24-1012-11de-b71b-00030d13ea07}]
\Shell\AutoRun\command - G:\yh.cmd
\Shell\open\Command - G:\yh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5e2544-13cb-11de-b72d-00030d13ea07}]
\Shell\AutoRun\command - G:\luk1ylq.com
\Shell\open\Command - G:\luk1ylq.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66274850-194e-11de-b746-00030d13ea07}]
\Shell\AutoRun\command - G:\yh.cmd
\Shell\open\Command - G:\yh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66274851-194e-11de-b746-00030d13ea07}]
\Shell\AutoRun\command - yh.cmd
\Shell\open\Command - yh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6230205-186e-11de-b740-00030d13ea07}]
\Shell\AutoRun\command - G:\yh.cmd
\Shell\open\Command - G:\yh.cmd
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://french.ircfast.com/fr/index.php?rvs=hompag
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://french.ircfast.com/fr/index.php?rvs=hompag
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: {A9F44765-6CE6-45BF-AC9E-F110BD93361F} = 206.82.130.195 199.202.55.2
FF - ProfilePath - c:\documents and settings\DARGA\Application Data\Mozilla\Firefox\Profiles\gr9r3hei.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://french.ircfast.com/fr/index.php?rvs=hompag
FF - prefs.js: keyword.URL - hxxp://french.ircfast.com/fr/index.php?rvs=hompag
FF - component: c:\documents and settings\DARGA\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 23:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\DARGA\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4a,2b,fb,b2,46,28,60,ae,ae,81,a1,e0,14,8d,f2,34,aa,1d,62,87,06,
63,58,9e,38,f1,a5,6f,32,0d,df,75,fb,1e,47,9d,a1,a4,0c,64,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a7e37282-27af-4acd-9cc1-7d078ba269ef}]
@Denied: (Full) (Everyone)
"Model"=dword:00000068
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3020)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Heure de fin: 2009-04-23 23:33
ComboFix-quarantined-files.txt 2009-04-23 21:33
ComboFix2.txt 2009-04-05 05:48
ComboFix3.txt 2009-03-26 09:37
Avant-CF: 19,845,357,568 octets libres
Après-CF: 19,839,578,112 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
239
ComboFix 09-04-23.02 - DARGA 2009-04-22 23:27.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1575 [GMT 2:00]
Lancé depuis: c:\documents and settings\DARGA\Mes documents\Downloads\Programs\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-23 au 2009-04-23 ))))))))))))))))))))))))))))))))))))
.
2009-04-21 20:03 . 2009-04-21 20:03 -------- d-----w c:\windows\Downloaded Installations
2009-04-21 20:03 . 2009-04-21 20:03 -------- d-----w c:\windows\Dreamweaver 8.0
2009-04-19 07:41 . 2009-04-19 07:41 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Help
2009-04-11 20:38 . 2009-04-11 20:38 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\Help
2009-04-11 10:03 . 2009-04-11 10:03 -------- d-----w c:\documents and settings\DARGA\Application Data\Ahead
2009-04-10 23:04 . 2009-04-10 23:04 -------- d-----w c:\documents and settings\DARGA\Application Data\Apple Computer
2009-04-08 14:38 . 2009-04-08 14:38 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\Apple Computer
2009-04-08 14:37 . 2009-04-10 23:03 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-08 14:37 . 2009-04-08 14:37 1409 ----a-w c:\windows\QTFont.for
2009-04-08 13:50 . 2009-04-08 13:50 0 ----a-w c:\windows\nsreg.dat
2009-04-08 13:50 . 2009-04-08 13:50 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\Mozilla
2009-04-05 09:16 . 2004-04-19 13:17 135168 ----a-w c:\windows\system32\SLMOHServ.dll
2009-04-05 09:16 . 2004-04-19 13:16 65536 ----a-w c:\windows\SmCfg.exe
2009-04-05 09:16 . 2004-04-19 13:12 528384 ----a-w c:\windows\system32\SLLights.dll
2009-04-05 09:16 . 2004-04-19 12:21 167936 ----a-w c:\windows\system32\minirec.exe
2009-04-05 09:16 . 2004-04-19 12:15 15040 ----a-w c:\windows\system32\drivers\winddx.sys
2009-04-05 09:16 . 2004-04-19 11:52 454656 ----a-w c:\windows\system32\slcpappl.cpl
2009-04-05 09:16 . 2004-04-19 11:07 208896 ----a-w c:\windows\system32\amr_cpl.dll
2009-04-05 09:16 . 2004-04-19 10:53 351183 ----a-w c:\windows\system32\slmh.cab
2009-04-05 09:16 . 2004-04-19 10:53 368640 ----a-w c:\windows\system32\slmh.exe
2009-04-05 09:16 . 2004-01-05 08:52 138560 ----a-w c:\windows\system32\slcpappl.chm
2009-04-05 07:12 . 2009-04-05 07:12 -------- d-----w c:\documents and settings\DARGA\rene
2009-04-05 04:51 . 2009-04-05 04:51 -------- d-----w c:\documents and settings\All Users\Application Data\1636B
2009-04-04 00:54 . 2009-04-04 00:54 -------- d-----w c:\documents and settings\DARGA\Application Data\Ambient Design
2009-04-03 22:43 . 2009-04-03 22:43 -------- d-----w c:\documents and settings\All Users\Application Data\260
2009-04-02 05:04 . 2009-04-02 05:04 -------- d-----w c:\documents and settings\All Users\Application Data\1C232
2009-04-01 05:32 . 2009-04-01 05:32 -------- d-----w c:\documents and settings\All Users\Application Data\2EA
2009-03-31 23:24 . 2009-03-31 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\B195
2009-03-31 23:23 . 2009-04-08 14:59 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\BearShare
2009-03-31 23:23 . 2008-09-25 13:20 483328 ----a-w c:\windows\system32\actskn45.ocx
2009-03-27 15:45 . 2009-03-27 15:45 385 ----a-w c:\windows\ODBC.INI
2009-03-27 15:45 . 2003-06-19 00:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-03-27 15:44 . 2009-03-27 15:44 -------- d-----w c:\windows\SHELLNEW
2009-03-27 15:38 . 2009-04-22 15:21 -------- d-----w c:\documents and settings\DARGA\Local Settings\Application Data\Ares
2009-03-26 23:15 . 2009-03-26 23:15 46 ----a-w c:\windows\CDT.ini
2009-03-26 10:17 . 2009-04-22 21:23 -------- d-----w c:\documents and settings\DARGA\Application Data\Skype
2009-03-25 15:43 . 2009-03-25 15:43 -------- d-----w c:\documents and settings\DARGA\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 21:28 . 2009-03-17 04:12 -------- d-----w c:\documents and settings\DARGA\Application Data\DMCache
2009-04-22 20:08 . 2001-09-28 12:00 48692 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 20:08 . 2001-09-28 12:00 366894 ----a-w c:\windows\system32\perfh00C.dat
2009-04-22 20:03 . 2009-03-13 10:56 -------- d-----w c:\program files\SuperCopier2
2009-04-22 19:29 . 2009-03-17 04:12 -------- d-----w c:\documents and settings\DARGA\Application Data\IDM
2009-04-22 19:29 . 2009-04-22 19:29 -------- d-----w c:\program files\Internet Download Manager
2009-04-22 14:06 . 2009-03-24 12:31 81312 ----a-w c:\documents and settings\DARGA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 20:07 . 2009-04-21 20:04 -------- d-----w c:\program files\Fichiers communs\Macromedia
2009-04-21 20:05 . 2009-04-21 20:04 -------- d-----w c:\program files\Macromedia
2009-04-21 20:03 . 2009-04-21 20:03 -------- d-----w c:\program files\Dreamweaver 8.0
2009-04-17 16:10 . 2009-03-17 03:54 -------- d-----w c:\program files\Free Audio Pack
2009-04-08 13:05 . 2009-04-08 12:54 -------- d-----w c:\program files\Yahoo!
2009-04-08 13:05 . 2009-03-14 20:58 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-31 23:23 . 2009-03-31 23:23 -------- d-----w c:\program files\BearShare Applications
2009-03-27 20:24 . 2009-03-14 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-27 15:44 . 2009-03-27 15:44 -------- d-----w c:\program files\Microsoft.NET
2009-03-27 15:38 . 2009-03-27 15:38 -------- d-----w c:\program files\Ares
2009-03-26 10:43 . 2009-03-13 07:35 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 10:17 . 2009-03-26 10:17 -------- d-----r c:\program files\Skype
2009-03-26 10:17 . 2009-03-13 21:03 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-24 09:36 . 2009-03-13 11:09 -------- d-----w c:\program files\CommentCaMarche
2009-03-20 19:59 . 2009-03-13 01:05 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-03-20 19:58 . 2009-03-13 21:06 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-03-20 19:58 . 2009-03-13 21:06 -------- d-----w c:\program files\Fichiers communs\Ulead Systems
2009-03-17 04:20 . 2009-03-13 10:58 -------- d-----w c:\program files\VirtualDJ
2009-03-17 03:55 . 2009-03-17 03:54 -------- d-----w c:\program files\Total Video Converter
2009-03-16 21:04 . 2009-03-13 21:05 -------- d-----w c:\documents and settings\DARGA\Application Data\skypePM
2009-03-15 00:47 . 2009-03-13 21:04 -------- d-----w c:\program files\Google
2009-03-14 22:43 . 2009-03-14 22:43 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-14 21:13 . 2009-03-14 20:51 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-14 21:04 . 2009-03-13 21:14 -------- d-----w c:\documents and settings\DARGA\Application Data\Ulead Systems
2009-03-14 20:58 . 2009-03-14 20:58 -------- d-----w c:\documents and settings\DARGA\Application Data\Yahoo!
2009-03-14 00:16 . 2009-03-13 10:56 -------- d-----w c:\program files\Ahead
2009-03-13 21:08 . 2009-03-13 21:08 -------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-03-13 21:08 . 2009-03-13 21:08 -------- d-----w c:\program files\SmartSound Software
2009-03-13 21:08 . 2009-03-13 21:07 -------- d-----w c:\program files\QuickTime
2009-03-13 21:07 . 2009-03-13 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-13 21:07 . 2009-03-13 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-03-13 21:07 . 2009-03-13 21:07 -------- d-----w c:\program files\Windows Media Components
2009-03-13 21:06 . 2009-03-13 01:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 15:10 . 2009-03-13 15:10 -------- d-----w c:\documents and settings\DARGA\Application Data\InterVideo
2009-03-13 15:09 . 2009-03-13 15:09 -------- d-----w c:\program files\InterVideo
2009-03-13 10:58 . 2009-03-13 10:57 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-13 10:56 . 2009-03-13 10:56 -------- d-----w c:\program files\Fichiers communs\Ahead
2009-03-13 10:53 . 2009-03-13 10:53 -------- d-----w c:\program files\Lavalys
2009-03-13 07:28 . 2009-03-13 07:28 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-13 07:27 . 2009-03-13 07:26 -------- d-----w c:\program files\CyberLink
2009-03-13 07:14 . 2009-03-13 07:14 -------- d-----w c:\documents and settings\All Users\Application Data\Prism
2009-03-13 07:12 . 2009-03-13 07:12 -------- d-----w c:\program files\Realtek Sound Manager
2009-03-13 07:12 . 2009-03-13 07:12 -------- d-----w c:\program files\AvRack
2009-03-13 07:11 . 2009-03-13 07:11 -------- d-----w c:\program files\Synaptics
2009-03-13 07:10 . 2009-03-13 07:10 -------- d-----w c:\program files\ATI Technologies
2009-03-13 07:05 . 2009-03-13 07:05 -------- d-----w c:\program files\Fujitsu Siemens Computers
2009-03-13 07:05 . 2009-03-13 07:05 -------- d-----w c:\program files\Fichiers communs\Fujitsu Siemens Computers
2009-03-13 01:48 . 2009-03-13 00:42 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-13 01:12 . 2009-03-13 01:12 -------- d-----w c:\program files\Avira
2009-03-13 01:12 . 2009-03-13 01:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-13 00:44 . 2009-03-13 00:44 -------- d-----w c:\program files\microsoft frontpage
2009-03-13 00:41 . 2009-03-13 00:41 -------- d-----w c:\program files\Services en ligne
2009-03-13 00:39 . 2009-03-13 00:39 21892 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-15 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-22 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 610304]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-13 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"GroupManager"="c:\program files\Dreamweaver 8.0\groupmanager.exe" [2009-02-12 32256]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-20 67584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51 13560]
S3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2005-08-01 191092]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2005-08-01 6100]
S3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-07-19 393280]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d75c76c-2d8c-11de-8679-00030d13ea07}]
\Shell\AutoRun\command - luk1ylq.com
\Shell\open\Command - luk1ylq.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39465f24-1012-11de-b71b-00030d13ea07}]
\Shell\AutoRun\command - G:\yh.cmd
\Shell\open\Command - G:\yh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5e2544-13cb-11de-b72d-00030d13ea07}]
\Shell\AutoRun\command - G:\luk1ylq.com
\Shell\open\Command - G:\luk1ylq.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66274850-194e-11de-b746-00030d13ea07}]
\Shell\AutoRun\command - G:\yh.cmd
\Shell\open\Command - G:\yh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66274851-194e-11de-b746-00030d13ea07}]
\Shell\AutoRun\command - yh.cmd
\Shell\open\Command - yh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6230205-186e-11de-b740-00030d13ea07}]
\Shell\AutoRun\command - G:\yh.cmd
\Shell\open\Command - G:\yh.cmd
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://french.ircfast.com/fr/index.php?rvs=hompag
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://french.ircfast.com/fr/index.php?rvs=hompag
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: {A9F44765-6CE6-45BF-AC9E-F110BD93361F} = 206.82.130.195 199.202.55.2
FF - ProfilePath - c:\documents and settings\DARGA\Application Data\Mozilla\Firefox\Profiles\gr9r3hei.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://french.ircfast.com/fr/index.php?rvs=hompag
FF - prefs.js: keyword.URL - hxxp://french.ircfast.com/fr/index.php?rvs=hompag
FF - component: c:\documents and settings\DARGA\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 23:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\DARGA\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4a,2b,fb,b2,46,28,60,ae,ae,81,a1,e0,14,8d,f2,34,aa,1d,62,87,06,
63,58,9e,38,f1,a5,6f,32,0d,df,75,fb,1e,47,9d,a1,a4,0c,64,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a7e37282-27af-4acd-9cc1-7d078ba269ef}]
@Denied: (Full) (Everyone)
"Model"=dword:00000068
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3020)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Heure de fin: 2009-04-23 23:33
ComboFix-quarantined-files.txt 2009-04-23 21:33
ComboFix2.txt 2009-04-05 05:48
ComboFix3.txt 2009-03-26 09:37
Avant-CF: 19,845,357,568 octets libres
Après-CF: 19,839,578,112 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
239
A voir également:
- Virus plantage dordinateur
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Plantage windows 10 - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
