A 3 c mieux...
Résolu
diname
Messages postés
2318
Date d'inscription
Statut
Contributeur
Dernière intervention
-
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Bonjour, mes loulous
ComboFix 08-09-15.01 - ASTER 2008-09-15 22:11:09.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\ASTER\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 20:49 . 2008-09-15 20:49 <REP> d-------- C:\WINDOWS\LastGood
2008-09-15 20:49 . 2008-09-15 21:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-15 19:58 . 2008-09-15 19:58 <REP> d-------- C:\Program Files\FindyKill
2008-09-15 19:41 . 2008-09-15 19:41 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-15 19:32 . 2008-09-15 19:45 <REP> d-------- C:\SDFix
2008-09-15 18:49 . 2008-09-15 18:50 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-09-15 18:39 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\ASTER\Application Data\Comodo
2008-09-15 18:39 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-09-15 18:38 . 2008-05-27 18:10 212 --a------ C:\boot.ini.comodofirewall
2008-09-15 18:37 . 2008-09-15 18:37 <REP> d-------- C:\Program Files\Comodo
2008-09-15 18:26 . 2008-09-15 18:26 <REP> d-------- C:\Program Files\Avira
2008-09-15 18:26 . 2008-09-15 18:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 07:47 . 2008-09-15 20:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 07:47 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-04 07:47 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 17:47 --------- d-----w C:\Program Files\Trend Micro
2008-07-28 13:50 --------- d-----w C:\Documents and Settings\ASTER\Application Data\Malwarebytes
2008-07-28 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 13:41 --------- d-----w C:\Documents and Settings\ASTER\Application Data\U3
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-09-15 1115728]
"VTTimer"="VTTimer.exe" [2008-02-26 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2008-02-26 C:\WINDOWS\system32\S3Trayp.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
C:\Documents and Settings\ASTER\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ASTER.lnk - C:\ASTER\ASTER.exe [2008-05-07 1210687]
Tecmoto.LNK - C:\LGF\Tecmoto.exe [2007-05-15 479232]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 NmPar;MosChip Unusable Parallel Port;C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-12-04 76416]
R1 nmserial;MosChip PCI Serial Port;C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-12-04 60032]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2008-02-26 616960]
S0 3wDrv100;3wDrv100;C:\WINDOWS\system32\drivers\3wDrv100.sys [2007-06-15 49152]
S0 3wFlt100;3wFlt100;C:\WINDOWS\system32\drivers\3wFlt100.sys [2007-06-15 8192]
S0 8wareDrv;8wareDrv;C:\WINDOWS\system32\drivers\8wareDrv.sys [2007-07-13 82184]
S0 fttxr52P;fttxr52P;C:\WINDOWS\system32\drivers\fttxr52P.sys [2007-06-18 150528]
S3 ITHEA;Actikey(R) Ithea USB Driver;C:\WINDOWS\system32\Drivers\ithea.sys [2005-09-20 13120]
S4 10wareDr;10wareDr;C:\WINDOWS\system32\drivers\10wareDr.sys [2007-07-30 72704]
S4 a320raid;a320raid;C:\WINDOWS\system32\drivers\a320raid.sys [2005-10-25 233984]
S4 aac;aac;C:\WINDOWS\system32\drivers\aac.sys [2005-04-07 52088]
S4 aaccin;aaccin;C:\WINDOWS\system32\drivers\aaccin.dll [2005-04-07 23371]
S4 bccfg;bccfg;C:\WINDOWS\system32\drivers\bccfg.sys [2005-10-17 10240]
S4 bcraid;bcraid;C:\WINDOWS\system32\drivers\bcraid.sys [2005-10-17 377344]
S4 raidsrc;raidsrc;C:\WINDOWS\system32\drivers\raidsrc.sys [2004-08-25 41118]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e81435-5c98-11dd-a241-001e8c4cbc82}]
\Shell\AutoRun\command - G:\RavMon.exe
\Shell\explore\Command - G:\RavMon.exe -e
\Shell\open\Command - G:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09032192-4d0f-11dd-a224-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1ae57a-2c79-11dd-a216-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d8ed42-4d92-11dd-a226-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfcd6030-2c06-11dd-a215-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fa88dc-79b6-11dd-a258-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
VBSFile=cScript.exe //nologo "%1" %*
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 22:12:17
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-15 22:12:57
ComboFix-quarantined-files.txt 2008-09-15 20:12:52
ComboFix2.txt 2008-09-15 20:03:45
ComboFix3.txt 2008-09-15 20:00:14
ComboFix4.txt 2008-09-15 19:45:32
Avant-CF: 36,696,952,832 octets libres
AprŠs-CF: 36,692,467,712 octets libres
ComboFix 08-09-15.01 - ASTER 2008-09-15 22:11:09.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\ASTER\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 20:49 . 2008-09-15 20:49 <REP> d-------- C:\WINDOWS\LastGood
2008-09-15 20:49 . 2008-09-15 21:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-15 19:58 . 2008-09-15 19:58 <REP> d-------- C:\Program Files\FindyKill
2008-09-15 19:41 . 2008-09-15 19:41 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-15 19:32 . 2008-09-15 19:45 <REP> d-------- C:\SDFix
2008-09-15 18:49 . 2008-09-15 18:50 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-09-15 18:39 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\ASTER\Application Data\Comodo
2008-09-15 18:39 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-09-15 18:38 . 2008-05-27 18:10 212 --a------ C:\boot.ini.comodofirewall
2008-09-15 18:37 . 2008-09-15 18:37 <REP> d-------- C:\Program Files\Comodo
2008-09-15 18:26 . 2008-09-15 18:26 <REP> d-------- C:\Program Files\Avira
2008-09-15 18:26 . 2008-09-15 18:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 07:47 . 2008-09-15 20:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 07:47 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-04 07:47 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 17:47 --------- d-----w C:\Program Files\Trend Micro
2008-07-28 13:50 --------- d-----w C:\Documents and Settings\ASTER\Application Data\Malwarebytes
2008-07-28 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 13:41 --------- d-----w C:\Documents and Settings\ASTER\Application Data\U3
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-09-15 1115728]
"VTTimer"="VTTimer.exe" [2008-02-26 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2008-02-26 C:\WINDOWS\system32\S3Trayp.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
C:\Documents and Settings\ASTER\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ASTER.lnk - C:\ASTER\ASTER.exe [2008-05-07 1210687]
Tecmoto.LNK - C:\LGF\Tecmoto.exe [2007-05-15 479232]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 NmPar;MosChip Unusable Parallel Port;C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-12-04 76416]
R1 nmserial;MosChip PCI Serial Port;C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-12-04 60032]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2008-02-26 616960]
S0 3wDrv100;3wDrv100;C:\WINDOWS\system32\drivers\3wDrv100.sys [2007-06-15 49152]
S0 3wFlt100;3wFlt100;C:\WINDOWS\system32\drivers\3wFlt100.sys [2007-06-15 8192]
S0 8wareDrv;8wareDrv;C:\WINDOWS\system32\drivers\8wareDrv.sys [2007-07-13 82184]
S0 fttxr52P;fttxr52P;C:\WINDOWS\system32\drivers\fttxr52P.sys [2007-06-18 150528]
S3 ITHEA;Actikey(R) Ithea USB Driver;C:\WINDOWS\system32\Drivers\ithea.sys [2005-09-20 13120]
S4 10wareDr;10wareDr;C:\WINDOWS\system32\drivers\10wareDr.sys [2007-07-30 72704]
S4 a320raid;a320raid;C:\WINDOWS\system32\drivers\a320raid.sys [2005-10-25 233984]
S4 aac;aac;C:\WINDOWS\system32\drivers\aac.sys [2005-04-07 52088]
S4 aaccin;aaccin;C:\WINDOWS\system32\drivers\aaccin.dll [2005-04-07 23371]
S4 bccfg;bccfg;C:\WINDOWS\system32\drivers\bccfg.sys [2005-10-17 10240]
S4 bcraid;bcraid;C:\WINDOWS\system32\drivers\bcraid.sys [2005-10-17 377344]
S4 raidsrc;raidsrc;C:\WINDOWS\system32\drivers\raidsrc.sys [2004-08-25 41118]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e81435-5c98-11dd-a241-001e8c4cbc82}]
\Shell\AutoRun\command - G:\RavMon.exe
\Shell\explore\Command - G:\RavMon.exe -e
\Shell\open\Command - G:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09032192-4d0f-11dd-a224-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1ae57a-2c79-11dd-a216-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d8ed42-4d92-11dd-a226-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfcd6030-2c06-11dd-a215-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fa88dc-79b6-11dd-a258-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
VBSFile=cScript.exe //nologo "%1" %*
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 22:12:17
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-15 22:12:57
ComboFix-quarantined-files.txt 2008-09-15 20:12:52
ComboFix2.txt 2008-09-15 20:03:45
ComboFix3.txt 2008-09-15 20:00:14
ComboFix4.txt 2008-09-15 19:45:32
Avant-CF: 36,696,952,832 octets libres
AprŠs-CF: 36,692,467,712 octets libres
130
ComboFix 08-09-15.01 - ASTER 2008-09-15 22:11:09.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\ASTER\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 20:49 . 2008-09-15 20:49 <REP> d-------- C:\WINDOWS\LastGood
2008-09-15 20:49 . 2008-09-15 21:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-15 19:58 . 2008-09-15 19:58 <REP> d-------- C:\Program Files\FindyKill
2008-09-15 19:41 . 2008-09-15 19:41 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-15 19:32 . 2008-09-15 19:45 <REP> d-------- C:\SDFix
2008-09-15 18:49 . 2008-09-15 18:50 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-09-15 18:39 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\ASTER\Application Data\Comodo
2008-09-15 18:39 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-09-15 18:38 . 2008-05-27 18:10 212 --a------ C:\boot.ini.comodofirewall
2008-09-15 18:37 . 2008-09-15 18:37 <REP> d-------- C:\Program Files\Comodo
2008-09-15 18:26 . 2008-09-15 18:26 <REP> d-------- C:\Program Files\Avira
2008-09-15 18:26 . 2008-09-15 18:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 07:47 . 2008-09-15 20:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 07:47 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-04 07:47 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 17:47 --------- d-----w C:\Program Files\Trend Micro
2008-07-28 13:50 --------- d-----w C:\Documents and Settings\ASTER\Application Data\Malwarebytes
2008-07-28 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 13:41 --------- d-----w C:\Documents and Settings\ASTER\Application Data\U3
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-09-15 1115728]
"VTTimer"="VTTimer.exe" [2008-02-26 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2008-02-26 C:\WINDOWS\system32\S3Trayp.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
C:\Documents and Settings\ASTER\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ASTER.lnk - C:\ASTER\ASTER.exe [2008-05-07 1210687]
Tecmoto.LNK - C:\LGF\Tecmoto.exe [2007-05-15 479232]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 NmPar;MosChip Unusable Parallel Port;C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-12-04 76416]
R1 nmserial;MosChip PCI Serial Port;C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-12-04 60032]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2008-02-26 616960]
S0 3wDrv100;3wDrv100;C:\WINDOWS\system32\drivers\3wDrv100.sys [2007-06-15 49152]
S0 3wFlt100;3wFlt100;C:\WINDOWS\system32\drivers\3wFlt100.sys [2007-06-15 8192]
S0 8wareDrv;8wareDrv;C:\WINDOWS\system32\drivers\8wareDrv.sys [2007-07-13 82184]
S0 fttxr52P;fttxr52P;C:\WINDOWS\system32\drivers\fttxr52P.sys [2007-06-18 150528]
S3 ITHEA;Actikey(R) Ithea USB Driver;C:\WINDOWS\system32\Drivers\ithea.sys [2005-09-20 13120]
S4 10wareDr;10wareDr;C:\WINDOWS\system32\drivers\10wareDr.sys [2007-07-30 72704]
S4 a320raid;a320raid;C:\WINDOWS\system32\drivers\a320raid.sys [2005-10-25 233984]
S4 aac;aac;C:\WINDOWS\system32\drivers\aac.sys [2005-04-07 52088]
S4 aaccin;aaccin;C:\WINDOWS\system32\drivers\aaccin.dll [2005-04-07 23371]
S4 bccfg;bccfg;C:\WINDOWS\system32\drivers\bccfg.sys [2005-10-17 10240]
S4 bcraid;bcraid;C:\WINDOWS\system32\drivers\bcraid.sys [2005-10-17 377344]
S4 raidsrc;raidsrc;C:\WINDOWS\system32\drivers\raidsrc.sys [2004-08-25 41118]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e81435-5c98-11dd-a241-001e8c4cbc82}]
\Shell\AutoRun\command - G:\RavMon.exe
\Shell\explore\Command - G:\RavMon.exe -e
\Shell\open\Command - G:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09032192-4d0f-11dd-a224-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1ae57a-2c79-11dd-a216-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d8ed42-4d92-11dd-a226-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfcd6030-2c06-11dd-a215-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fa88dc-79b6-11dd-a258-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
VBSFile=cScript.exe //nologo "%1" %*
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 22:12:17
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-15 22:12:57
ComboFix-quarantined-files.txt 2008-09-15 20:12:52
ComboFix2.txt 2008-09-15 20:03:45
ComboFix3.txt 2008-09-15 20:00:14
ComboFix4.txt 2008-09-15 19:45:32
Avant-CF: 36,696,952,832 octets libres
AprŠs-CF: 36,692,467,712 octets libres
ComboFix 08-09-15.01 - ASTER 2008-09-15 22:11:09.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.164 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\ASTER\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 20:49 . 2008-09-15 20:49 <REP> d-------- C:\WINDOWS\LastGood
2008-09-15 20:49 . 2008-09-15 21:25 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-15 19:58 . 2008-09-15 19:58 <REP> d-------- C:\Program Files\FindyKill
2008-09-15 19:41 . 2008-09-15 19:41 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-15 19:32 . 2008-09-15 19:45 <REP> d-------- C:\SDFix
2008-09-15 18:49 . 2008-09-15 18:50 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-09-15 18:39 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\ASTER\Application Data\Comodo
2008-09-15 18:39 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-09-15 18:38 . 2008-05-27 18:10 212 --a------ C:\boot.ini.comodofirewall
2008-09-15 18:37 . 2008-09-15 18:37 <REP> d-------- C:\Program Files\Comodo
2008-09-15 18:26 . 2008-09-15 18:26 <REP> d-------- C:\Program Files\Avira
2008-09-15 18:26 . 2008-09-15 18:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 07:47 . 2008-09-15 20:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 07:47 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-04 07:47 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 17:47 --------- d-----w C:\Program Files\Trend Micro
2008-07-28 13:50 --------- d-----w C:\Documents and Settings\ASTER\Application Data\Malwarebytes
2008-07-28 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 13:41 --------- d-----w C:\Documents and Settings\ASTER\Application Data\U3
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-09-15 1115728]
"VTTimer"="VTTimer.exe" [2008-02-26 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2008-02-26 C:\WINDOWS\system32\S3Trayp.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
C:\Documents and Settings\ASTER\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers ASTER.lnk - C:\ASTER\ASTER.exe [2008-05-07 1210687]
Tecmoto.LNK - C:\LGF\Tecmoto.exe [2007-05-15 479232]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 NmPar;MosChip Unusable Parallel Port;C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-12-04 76416]
R1 nmserial;MosChip PCI Serial Port;C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-12-04 60032]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2008-02-26 616960]
S0 3wDrv100;3wDrv100;C:\WINDOWS\system32\drivers\3wDrv100.sys [2007-06-15 49152]
S0 3wFlt100;3wFlt100;C:\WINDOWS\system32\drivers\3wFlt100.sys [2007-06-15 8192]
S0 8wareDrv;8wareDrv;C:\WINDOWS\system32\drivers\8wareDrv.sys [2007-07-13 82184]
S0 fttxr52P;fttxr52P;C:\WINDOWS\system32\drivers\fttxr52P.sys [2007-06-18 150528]
S3 ITHEA;Actikey(R) Ithea USB Driver;C:\WINDOWS\system32\Drivers\ithea.sys [2005-09-20 13120]
S4 10wareDr;10wareDr;C:\WINDOWS\system32\drivers\10wareDr.sys [2007-07-30 72704]
S4 a320raid;a320raid;C:\WINDOWS\system32\drivers\a320raid.sys [2005-10-25 233984]
S4 aac;aac;C:\WINDOWS\system32\drivers\aac.sys [2005-04-07 52088]
S4 aaccin;aaccin;C:\WINDOWS\system32\drivers\aaccin.dll [2005-04-07 23371]
S4 bccfg;bccfg;C:\WINDOWS\system32\drivers\bccfg.sys [2005-10-17 10240]
S4 bcraid;bcraid;C:\WINDOWS\system32\drivers\bcraid.sys [2005-10-17 377344]
S4 raidsrc;raidsrc;C:\WINDOWS\system32\drivers\raidsrc.sys [2004-08-25 41118]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e81435-5c98-11dd-a241-001e8c4cbc82}]
\Shell\AutoRun\command - G:\RavMon.exe
\Shell\explore\Command - G:\RavMon.exe -e
\Shell\open\Command - G:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09032192-4d0f-11dd-a224-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1ae57a-2c79-11dd-a216-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d8ed42-4d92-11dd-a226-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfcd6030-2c06-11dd-a215-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fa88dc-79b6-11dd-a258-001e8c4cbc82}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
VBSFile=cScript.exe //nologo "%1" %*
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 22:12:17
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-15 22:12:57
ComboFix-quarantined-files.txt 2008-09-15 20:12:52
ComboFix2.txt 2008-09-15 20:03:45
ComboFix3.txt 2008-09-15 20:00:14
ComboFix4.txt 2008-09-15 19:45:32
Avant-CF: 36,696,952,832 octets libres
AprŠs-CF: 36,692,467,712 octets libres
130
A voir également:
- A 3 c mieux...
- Ai suite 3 - Télécharger - Optimisation
- Picasa 3 - Télécharger - Albums photo
- Photorecit 3 - Télécharger - Visionnage & Diaporama
- Tableau à 3 entrées - Forum Excel
- Samsung kies galaxy tab 3 ✓ - Forum Mobile
44 réponses
Ok, j'avais pas la berlu! :)
Rhoooo, j'allais oublié, mon collègue hier ma fait savoir qu'il avait débranché une clef usb (un programme ), il me l'avais pas donnée en même temps, je suppose qu'une désinfection comme les autres suffira? :)
(Promis après j'arrête! Promis! :o) )
Rhoooo, j'allais oublié, mon collègue hier ma fait savoir qu'il avait débranché une clef usb (un programme ), il me l'avais pas donnée en même temps, je suppose qu'une désinfection comme les autres suffira? :)
(Promis après j'arrête! Promis! :o) )
Bonsoir Diname
J'arrive tardivement ... suis au taff.
Rhoooo, j'allais oublié, mon collègue hier ma fait savoir qu'il avait débranché une clef usb (un programme ), il me l'avais pas donnée en même temps, je suppose qu'une désinfection comme les autres suffira? :)
Yes, fais péter ;)
Bisous.
J'arrive tardivement ... suis au taff.
Rhoooo, j'allais oublié, mon collègue hier ma fait savoir qu'il avait débranché une clef usb (un programme ), il me l'avais pas donnée en même temps, je suppose qu'une désinfection comme les autres suffira? :)
Yes, fais péter ;)
Bisous.
