Virus voici 2 log hijak et combofix
poupoune!
Messages postés
5
Statut
Membre
-
DeNisCoOl Messages postés 2871 Statut Membre -
DeNisCoOl Messages postés 2871 Statut Membre -
Bonjour,je croi etre infecté et je vous envoi 2 scan ,si vous pouviez regardé et me répondre cela serait sympa!!! merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:03, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\dossier setup\Spyware-Secure\Spyware-Secure_trial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Spyware-Secure] D:\dossier setup\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Mozilla Firefox
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\Documents and Settings\CYNTHIA\Local Settings\Application Data\Oberon Media\Oberon Games Host\swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--
End of file - 4195 bytes
ComboFix 08-04-03.5 - CYNTHIA 2008-04-04 17:26:25.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.398 [GMT 2:00]
Endroit: D:\telechargement\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\Documents and Settings\CYNTHIA\Local Settings\Application Data\ibobuhcv.dat
C:\Documents and Settings\CYNTHIA\Local Settings\Application Data\ibobuhcv.exe
c:\Documents and Settings\CYNTHIA\Local Settings\Application Data\ibobuhcv_nav.dat
c:\Documents and Settings\CYNTHIA\Local Settings\Application Data\ibobuhcv_navps.dat
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.
2008-04-04 17:18 . 2008-04-04 17:18 <REP> d-------- C:\Program Files\Trend Micro
2008-03-30 16:42 . 2008-03-30 16:47 5,996,588 --a------ C:\output.wav
2008-03-30 00:39 . 2008-04-04 13:47 230,424 --a------ C:\img2-001.raw
2008-03-29 15:52 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-29 15:52 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-29 00:31 . 2008-04-03 22:58 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\BitTorrent
2008-03-29 00:30 . 2008-03-29 00:30 <REP> d-------- C:\Program Files\DNA
2008-03-29 00:30 . 2008-04-04 17:23 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\DNA
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-29 00:09 . 2008-03-28 21:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-29 00:09 . 2008-03-28 22:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-28 23:54 . 2008-03-28 23:54 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\ATI
2008-03-28 23:40 . 2008-03-28 23:51 <REP> d-------- C:\Program Files\ATI Technologies
2008-03-28 23:40 . 2006-05-03 12:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-28 23:19 . 2008-03-28 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-28 23:04 . 2008-03-28 23:05 <REP> d-------- C:\Program Files\Winamp
2008-03-28 23:04 . 2008-03-28 23:04 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\Winamp
2008-03-28 23:03 . 2008-03-28 23:03 <REP> d-------- C:\Program Files\Alwil Software
2008-03-28 23:03 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-28 23:03 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-28 23:03 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-03-28 23:03 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-28 23:03 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-03-28 23:03 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-28 23:03 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-28 23:03 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-28 23:03 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-28 23:03 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-28 23:03 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-28 23:02 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-28 22:56 . 2008-03-28 22:56 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-03-28 22:50 . 2008-03-28 22:50 <REP> d-------- C:\Documents and Settings\CYNTHIA\Contacts
2008-03-28 22:49 . 2008-03-28 22:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-28 22:46 . 2008-03-28 22:50 <REP> d-------- C:\Program Files\Windows Live
2008-03-28 22:46 . 2008-03-28 22:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-28 22:46 . 2008-03-31 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-28 22:45 . 2008-03-28 22:45 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-28 22:43 . 2008-03-28 22:43 <REP> d-------- C:\Program Files\Microsoft LifeCam
2008-03-28 22:43 . 2008-03-28 22:43 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\Talkback
2008-03-28 22:42 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-28 22:38 . 2006-08-01 16:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-03-28 22:37 . 2008-03-28 22:37 <REP> d-------- C:\Program Files\Realtek AC97
2008-03-28 22:37 . 2008-03-28 23:40 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-28 22:37 . 2008-03-28 23:40 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2008-03-28 22:37 . 2006-11-17 06:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-03-28 22:37 . 2006-12-08 16:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-03-28 22:37 . 2008-01-24 17:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-03-28 22:37 . 2007-04-16 16:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-03-28 22:37 . 2006-07-31 12:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-03-28 22:37 . 2006-07-31 12:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-03-28 22:37 . 2006-10-18 03:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-03-28 22:37 . 2002-02-05 14:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-03-28 22:03 . 2004-08-04 00:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-03-28 22:03 . 2004-08-04 00:15 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-03-28 22:03 . 2004-08-19 17:10 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-28 22:03 . 2004-08-19 17:10 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-03-28 22:03 . 2004-08-04 00:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-03-28 22:03 . 2004-08-04 00:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-03-28 22:03 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-28 22:03 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-28 22:03 . 2004-08-19 17:54 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-28 22:03 . 2004-08-19 17:09 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-28 22:03 . 2004-08-19 17:09 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-03-28 22:01 . 2008-03-31 17:40 <REP> d--hs---- C:\WINDOWS\Installer
2008-03-28 22:00 . 2008-04-04 17:18 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-03-28 22:00 . 2008-03-28 21:19 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-03-28 22:00 . 2008-03-28 22:00 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-03-28 22:00 . 2008-03-28 21:50 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-03-28 22:00 . 2008-03-30 16:44 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-03-28 22:00 . 2008-03-31 17:41 <REP> d-------- C:\Documents and Settings\All Users\Bureau
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-28 19:21 --------- d-----w C:\Program Files\Services en ligne
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-29 00:30 288576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-09-08 17:47 277296]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-07-26 19:22 700416]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"Spyware-Secure"="D:\dossier setup\Spyware-Secure\Spyware-Secure_trial.exe" [2007-12-21 12:38 598528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\dossier setup\\BitTorrent\\bittorrent.exe"=
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-09-08 17:47]
S3 RT80x86;Ralink 802.11n Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2860.sys [2007-05-07 10:30]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 17:27:36
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-04 17:27:58
ComboFix-quarantined-files.txt 2008-04-04 15:27:49
Pre-Run: 16,582,270,976 octets libres
Post-Run: 16,620,752,896 octets libres
.
2008-03-28 21:20:06 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:03, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\dossier setup\Spyware-Secure\Spyware-Secure_trial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Spyware-Secure] D:\dossier setup\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Mozilla Firefox
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\Documents and Settings\CYNTHIA\Local Settings\Application Data\Oberon Media\Oberon Games Host\swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--
End of file - 4195 bytes
ComboFix 08-04-03.5 - CYNTHIA 2008-04-04 17:26:25.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.398 [GMT 2:00]
Endroit: D:\telechargement\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\Documents and Settings\CYNTHIA\Local Settings\Application Data\ibobuhcv.dat
C:\Documents and Settings\CYNTHIA\Local Settings\Application Data\ibobuhcv.exe
c:\Documents and Settings\CYNTHIA\Local Settings\Application Data\ibobuhcv_nav.dat
c:\Documents and Settings\CYNTHIA\Local Settings\Application Data\ibobuhcv_navps.dat
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.
2008-04-04 17:18 . 2008-04-04 17:18 <REP> d-------- C:\Program Files\Trend Micro
2008-03-30 16:42 . 2008-03-30 16:47 5,996,588 --a------ C:\output.wav
2008-03-30 00:39 . 2008-04-04 13:47 230,424 --a------ C:\img2-001.raw
2008-03-29 15:52 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-29 15:52 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-29 00:31 . 2008-04-03 22:58 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\BitTorrent
2008-03-29 00:30 . 2008-03-29 00:30 <REP> d-------- C:\Program Files\DNA
2008-03-29 00:30 . 2008-04-04 17:23 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\DNA
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-29 00:09 . 2008-03-28 21:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-29 00:09 . 2008-03-28 22:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-29 00:09 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-28 23:54 . 2008-03-28 23:54 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\ATI
2008-03-28 23:40 . 2008-03-28 23:51 <REP> d-------- C:\Program Files\ATI Technologies
2008-03-28 23:40 . 2006-05-03 12:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-28 23:19 . 2008-03-28 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-28 23:04 . 2008-03-28 23:05 <REP> d-------- C:\Program Files\Winamp
2008-03-28 23:04 . 2008-03-28 23:04 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\Winamp
2008-03-28 23:03 . 2008-03-28 23:03 <REP> d-------- C:\Program Files\Alwil Software
2008-03-28 23:03 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-28 23:03 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-28 23:03 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-03-28 23:03 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-28 23:03 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-03-28 23:03 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-28 23:03 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-28 23:03 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-28 23:03 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-28 23:03 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-28 23:03 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-28 23:02 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-28 22:56 . 2008-03-28 22:56 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-03-28 22:50 . 2008-03-28 22:50 <REP> d-------- C:\Documents and Settings\CYNTHIA\Contacts
2008-03-28 22:49 . 2008-03-28 22:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-28 22:46 . 2008-03-28 22:50 <REP> d-------- C:\Program Files\Windows Live
2008-03-28 22:46 . 2008-03-28 22:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-28 22:46 . 2008-03-31 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-28 22:45 . 2008-03-28 22:45 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-28 22:43 . 2008-03-28 22:43 <REP> d-------- C:\Program Files\Microsoft LifeCam
2008-03-28 22:43 . 2008-03-28 22:43 <REP> d-------- C:\Documents and Settings\CYNTHIA\Application Data\Talkback
2008-03-28 22:42 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-28 22:38 . 2006-08-01 16:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-03-28 22:37 . 2008-03-28 22:37 <REP> d-------- C:\Program Files\Realtek AC97
2008-03-28 22:37 . 2008-03-28 23:40 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-28 22:37 . 2008-03-28 23:40 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2008-03-28 22:37 . 2006-11-17 06:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-03-28 22:37 . 2006-12-08 16:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-03-28 22:37 . 2008-01-24 17:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-03-28 22:37 . 2007-04-16 16:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-03-28 22:37 . 2006-07-31 12:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-03-28 22:37 . 2006-07-31 12:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-03-28 22:37 . 2006-10-18 03:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-03-28 22:37 . 2002-02-05 14:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-03-28 22:03 . 2004-08-04 00:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-03-28 22:03 . 2004-08-04 00:15 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-03-28 22:03 . 2004-08-19 17:10 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-28 22:03 . 2004-08-19 17:10 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-03-28 22:03 . 2004-08-04 00:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-03-28 22:03 . 2004-08-04 00:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-03-28 22:03 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-28 22:03 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-28 22:03 . 2004-08-19 17:54 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-28 22:03 . 2004-08-19 17:09 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-28 22:03 . 2004-08-19 17:09 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-03-28 22:01 . 2008-03-31 17:40 <REP> d--hs---- C:\WINDOWS\Installer
2008-03-28 22:00 . 2008-04-04 17:18 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-03-28 22:00 . 2008-03-28 21:19 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-03-28 22:00 . 2008-03-28 22:00 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-03-28 22:00 . 2008-03-28 21:50 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-03-28 22:00 . 2008-03-28 22:00 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-03-28 22:00 . 2008-03-30 16:44 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-03-28 22:00 . 2008-03-31 17:41 <REP> d-------- C:\Documents and Settings\All Users\Bureau
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-28 19:21 --------- d-----w C:\Program Files\Services en ligne
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-29 00:30 288576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-09-08 17:47 277296]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-07-26 19:22 700416]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"Spyware-Secure"="D:\dossier setup\Spyware-Secure\Spyware-Secure_trial.exe" [2007-12-21 12:38 598528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\dossier setup\\BitTorrent\\bittorrent.exe"=
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-09-08 17:47]
S3 RT80x86;Ralink 802.11n Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2860.sys [2007-05-07 10:30]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 17:27:36
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-04 17:27:58
ComboFix-quarantined-files.txt 2008-04-04 15:27:49
Pre-Run: 16,582,270,976 octets libres
Post-Run: 16,620,752,896 octets libres
.
2008-03-28 21:20:06 --- E O F ---
Configuration: Windows XP Internet Explorer 6.0
A voir également:
- Virus voici 2 log hijak et combofix
- Virus mcafee - Accueil - Piratage
- Supercopier 2 - Télécharger - Gestion de fichiers
- Faire 2 colonnes sur word - Guide
- 2 écrans - Guide
- Atterrissage artemis 2 - Guide
