LOG COMBO FIX
Résolu
flotekno
Messages postés
10
Statut
Membre
-
afideg Messages postés 10970 Statut Contributeur sécurité -
afideg Messages postés 10970 Statut Contributeur sécurité -
Bonjour,
Voici le log combo fix, je pense mon probleme resolu, mais n'en suis pas sur, je vous confirme fin d'aprem
ComboFix 08-07-15.4 - Flo 2008-07-25 3:49:01.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.203 [GMT 2:00]
Endroit: C:\Documents and Settings\Flo\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))))))))
.
2008-07-24 01:54 . 2008-07-24 01:55 <REP> d-------- C:\Program Files\Trojan Remover
2008-07-24 01:54 . 2008-07-24 01:54 <REP> d-------- C:\Documents and Settings\Flo\Application Data\Simply Super Software
2008-07-24 01:54 . 2008-07-24 01:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-24 01:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-24 01:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-24 01:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-24 01:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-24 01:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-22 19:57 . 2008-07-24 03:06 173 --a------ C:\curr_ver.tmp
2008-07-22 13:52 . 2008-07-22 13:52 <REP> d-------- C:\Deckard
2008-07-20 20:02 . 2008-04-14 04:34 70,656 --a------ C:\WINDOWS\system32\notepad.exe
2008-07-20 20:02 . 2008-04-14 04:34 70,656 --a------ C:\WINDOWS\system32\dllcache\notepad.exe
2008-07-19 19:08 . 2008-07-19 19:08 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-07-19 19:08 . 2004-04-10 09:42 2,944 --a------ C:\WINDOWS\system32\mbmiodrvr.sys
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-18 03:32 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 03:23 . 2008-07-18 03:23 <REP> d-------- C:\WINDOWS\EHome
2008-07-18 03:11 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-18 03:11 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-07-18 03:11 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-07-18 03:11 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-18 02:46 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-18 02:34 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-18 02:34 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 02:34 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-18 02:34 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 02:34 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 01:48 . 2008-07-18 01:48 <REP> d-------- C:\Program Files\Avira
2008-07-18 01:48 . 2008-07-18 01:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-15 23:56 . 2008-07-15 23:56 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Documents and Settings\Flo\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 23:48 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 19:15 . 2008-07-15 19:15 <REP> d-------- C:\Program Files\Trend Micro
2008-07-15 19:15 . 2008-07-24 03:15 <REP> d-------- C:\HijackThis
2008-07-15 01:19 . 2008-07-15 22:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-15 01:07 . 2008-07-15 01:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 01:03 . 2008-07-15 01:03 <REP> d-------- C:\Program Files\Yahoo!
2008-07-15 01:03 . 2008-07-15 01:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-14 20:49 . 2008-07-14 20:49 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Lavasoft
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Voisinage réseau
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Voisinage d'impression
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Modèles
2008-07-14 20:43 . 2004-08-20 11:42 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Mes documents
2008-07-14 20:43 . 2004-08-20 11:30 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Menu Démarrer
2008-07-14 20:43 . 2005-06-21 09:35 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Favoris
2008-07-14 20:43 . 2005-06-21 09:36 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Bureau
2008-07-14 20:43 . 2005-06-21 09:36 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\You've Got Pictures Screensaver
2008-07-14 20:43 . 2005-06-21 09:39 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Symantec
2008-07-14 20:43 . 2005-06-21 09:43 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Jasc Software Inc
2008-07-14 20:43 . 2005-06-21 09:29 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Intel
2008-07-14 20:43 . 2008-07-14 20:43 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 22:26 --------- d-----w C:\Program Files\RamBoost XP
2008-07-14 21:58 --------- d-----w C:\Program Files\Hitman Pro
2008-07-14 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 02:01 --------- d-----w C:\Program Files\Orange
2008-05-27 15:05 --------- d-----w C:\Program Files\OpenOffice.org1.1.1
2006-02-06 23:36 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 04:34 172544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-03 12:42:22 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
[HKLM\~\startupfolder\^LuResult.txt]
path=\LuResult.txt
backup=C:\WINDOWS\pss\LuResult.txtCommon Startup
[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
backup=C:\WINDOWS\pss\NTUSER.DATCommon Startup
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=C:\WINDOWS\pss\ntuser.dat.LOGCommon Startup
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=C:\WINDOWS\pss\ntuser.iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 17:33 155648 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2004-09-15 02:01 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
--a------ 2005-02-02 06:00 98304 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-02-15 16:02 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-02-15 16:02 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 15:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\m6]
--a------ 2007-07-24 11:13 1444352 C:\Program Files\M6Video\M6video.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
--a------ 2005-09-20 19:17 155648 C:\WINDOWS\system32\mafwTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-08-20 12:47 1912832 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAWATCH]
--------- 2004-08-11 12:04 20480 C:\PROGRA~1\Orange\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 09:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-03 01:51 98304 C:\WINDOWS\system32\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBoostXp]
--a------ 2004-03-09 23:48 1542144 C:\Program Files\RamBoost XP\rambxpfr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-07-22 14:13 909392 C:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\M6Video\\M6video.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8443:TCP"= 8443:TCP:serveur du shop
"18048:TCP"= 18048:TCP:NortonAV
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10:22]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:34]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6eb115e-f86c-11dc-94ba-0013ce10a862}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-09-08 11:07:50 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 03:52:20
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Temps d'accomplissement: 2008-07-25 3:56:41
ComboFix-quarantined-files.txt 2008-07-25 01:55:35
ComboFix2.txt 2008-07-20 18:24:47
ComboFix3.txt 2008-07-20 17:55:57
ComboFix4.txt 2008-07-18 00:13:50
ComboFix5.txt 2008-07-25 01:48:29
Pre-Run: 4,243,730,432 octets libres
Post-Run: 4,228,943,872 octets libres
198
Merci à vous tous.
Flo.
Voici le log combo fix, je pense mon probleme resolu, mais n'en suis pas sur, je vous confirme fin d'aprem
ComboFix 08-07-15.4 - Flo 2008-07-25 3:49:01.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.203 [GMT 2:00]
Endroit: C:\Documents and Settings\Flo\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))))))))
.
2008-07-24 01:54 . 2008-07-24 01:55 <REP> d-------- C:\Program Files\Trojan Remover
2008-07-24 01:54 . 2008-07-24 01:54 <REP> d-------- C:\Documents and Settings\Flo\Application Data\Simply Super Software
2008-07-24 01:54 . 2008-07-24 01:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-24 01:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-24 01:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-24 01:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-24 01:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-24 01:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-22 19:57 . 2008-07-24 03:06 173 --a------ C:\curr_ver.tmp
2008-07-22 13:52 . 2008-07-22 13:52 <REP> d-------- C:\Deckard
2008-07-20 20:02 . 2008-04-14 04:34 70,656 --a------ C:\WINDOWS\system32\notepad.exe
2008-07-20 20:02 . 2008-04-14 04:34 70,656 --a------ C:\WINDOWS\system32\dllcache\notepad.exe
2008-07-19 19:08 . 2008-07-19 19:08 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-07-19 19:08 . 2004-04-10 09:42 2,944 --a------ C:\WINDOWS\system32\mbmiodrvr.sys
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-18 03:32 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 03:23 . 2008-07-18 03:23 <REP> d-------- C:\WINDOWS\EHome
2008-07-18 03:11 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-18 03:11 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-07-18 03:11 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-07-18 03:11 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-18 02:46 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-18 02:34 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-18 02:34 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 02:34 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-18 02:34 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 02:34 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 01:48 . 2008-07-18 01:48 <REP> d-------- C:\Program Files\Avira
2008-07-18 01:48 . 2008-07-18 01:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-15 23:56 . 2008-07-15 23:56 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Documents and Settings\Flo\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 23:48 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 19:15 . 2008-07-15 19:15 <REP> d-------- C:\Program Files\Trend Micro
2008-07-15 19:15 . 2008-07-24 03:15 <REP> d-------- C:\HijackThis
2008-07-15 01:19 . 2008-07-15 22:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-15 01:07 . 2008-07-15 01:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 01:03 . 2008-07-15 01:03 <REP> d-------- C:\Program Files\Yahoo!
2008-07-15 01:03 . 2008-07-15 01:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-14 20:49 . 2008-07-14 20:49 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Lavasoft
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Voisinage réseau
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Voisinage d'impression
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Modèles
2008-07-14 20:43 . 2004-08-20 11:42 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Mes documents
2008-07-14 20:43 . 2004-08-20 11:30 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Menu Démarrer
2008-07-14 20:43 . 2005-06-21 09:35 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Favoris
2008-07-14 20:43 . 2005-06-21 09:36 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Bureau
2008-07-14 20:43 . 2005-06-21 09:36 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\You've Got Pictures Screensaver
2008-07-14 20:43 . 2005-06-21 09:39 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Symantec
2008-07-14 20:43 . 2005-06-21 09:43 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Jasc Software Inc
2008-07-14 20:43 . 2005-06-21 09:29 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Intel
2008-07-14 20:43 . 2008-07-14 20:43 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 22:26 --------- d-----w C:\Program Files\RamBoost XP
2008-07-14 21:58 --------- d-----w C:\Program Files\Hitman Pro
2008-07-14 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 02:01 --------- d-----w C:\Program Files\Orange
2008-05-27 15:05 --------- d-----w C:\Program Files\OpenOffice.org1.1.1
2006-02-06 23:36 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 04:34 172544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-03 12:42:22 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
[HKLM\~\startupfolder\^LuResult.txt]
path=\LuResult.txt
backup=C:\WINDOWS\pss\LuResult.txtCommon Startup
[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
backup=C:\WINDOWS\pss\NTUSER.DATCommon Startup
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=C:\WINDOWS\pss\ntuser.dat.LOGCommon Startup
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=C:\WINDOWS\pss\ntuser.iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 17:33 155648 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2004-09-15 02:01 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
--a------ 2005-02-02 06:00 98304 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-02-15 16:02 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-02-15 16:02 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 15:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\m6]
--a------ 2007-07-24 11:13 1444352 C:\Program Files\M6Video\M6video.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
--a------ 2005-09-20 19:17 155648 C:\WINDOWS\system32\mafwTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-08-20 12:47 1912832 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAWATCH]
--------- 2004-08-11 12:04 20480 C:\PROGRA~1\Orange\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 09:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-03 01:51 98304 C:\WINDOWS\system32\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBoostXp]
--a------ 2004-03-09 23:48 1542144 C:\Program Files\RamBoost XP\rambxpfr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-07-22 14:13 909392 C:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\M6Video\\M6video.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8443:TCP"= 8443:TCP:serveur du shop
"18048:TCP"= 18048:TCP:NortonAV
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10:22]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:34]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6eb115e-f86c-11dc-94ba-0013ce10a862}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-09-08 11:07:50 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 03:52:20
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Temps d'accomplissement: 2008-07-25 3:56:41
ComboFix-quarantined-files.txt 2008-07-25 01:55:35
ComboFix2.txt 2008-07-20 18:24:47
ComboFix3.txt 2008-07-20 17:55:57
ComboFix4.txt 2008-07-18 00:13:50
ComboFix5.txt 2008-07-25 01:48:29
Pre-Run: 4,243,730,432 octets libres
Post-Run: 4,228,943,872 octets libres
198
Merci à vous tous.
Flo.
A voir également:
- LOG COMBO FIX
- Fix it - Télécharger - Optimisation
- Microsoft fix it - Télécharger - Utilitaires
- Combo de clips story facebook - Guide
- Fix win - Télécharger - Divers Utilitaires
- Autorun fix - Télécharger - Registre
5 réponses
Salut JFK
c est moi ça se passe en MP
rav et flash desinfector =echec
le CFScript est posté
@++
c est moi ça se passe en MP
rav et flash desinfector =echec
le CFScript est posté
@++
salut chiquitine ;
c est moi ça se passe en MP >>pas recommandé !
fermez ce post dans ces cas la .
@+
c est moi ça se passe en MP >>pas recommandé !
fermez ce post dans ces cas la .
@+
Ca y est resolu aujourd'hui apres des jours d'acharnements....
En plus d'avoir un trojan j'avais un probleme hardware, c'est un laptop, et je sors svt avec, le ventilo avait pris la poussiere severe, et ne tournait plus, apres donc qq tours de tournevis, et coup de soufflette et brosse à dents, tout est revenu dans l'ordre.
Merci de votre aide,et surtout à chiquitine29.
Flo.
Vous pouvez fermer tous mes posts ( ou me dire comme on fait :)
En plus d'avoir un trojan j'avais un probleme hardware, c'est un laptop, et je sors svt avec, le ventilo avait pris la poussiere severe, et ne tournait plus, apres donc qq tours de tournevis, et coup de soufflette et brosse à dents, tout est revenu dans l'ordre.
Merci de votre aide,et surtout à chiquitine29.
Flo.
Vous pouvez fermer tous mes posts ( ou me dire comme on fait :)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
