Bonsoir,
J'ai exécuté combofix. Voici le rapport généré. Je n'y comprends rien et je ne suis pas plus avancé. HELP !
Merci !
ComboFix 08-05-20.1 - 2008-05-20 23:32:39.1 - NTFSx86
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\129805453.exe
C:\WINDOWS\system32\drivers\downld\129812500.exe
C:\WINDOWS\system32\drivers\downld\129817578.exe
C:\WINDOWS\system32\drivers\downld\129826765.exe
C:\WINDOWS\system32\drivers\downld\129863562.exe
C:\WINDOWS\system32\drivers\downld\129908187.exe
C:\WINDOWS\system32\drivers\downld\129941390.exe
C:\WINDOWS\system32\drivers\downld\130279187.exe
C:\WINDOWS\system32\drivers\downld\130311984.exe
C:\WINDOWS\system32\drivers\downld\130322000.exe
C:\WINDOWS\system32\drivers\downld\16847140.exe
C:\WINDOWS\system32\drivers\downld\17167062.exe
C:\WINDOWS\system32\drivers\downld\17173062.exe
C:\WINDOWS\system32\drivers\downld\17179281.exe
C:\WINDOWS\system32\drivers\downld\17238218.exe
C:\WINDOWS\system32\drivers\downld\17260718.exe
C:\WINDOWS\system32\drivers\downld\17266062.exe
C:\WINDOWS\system32\drivers\downld\2262750.exe
C:\WINDOWS\system32\drivers\downld\2308140.exe
C:\WINDOWS\system32\drivers\downld\2325593.exe
C:\WINDOWS\system32\drivers\downld\2339218.exe
C:\WINDOWS\system32\drivers\downld\2414390.exe
C:\WINDOWS\system32\drivers\downld\2431265.exe
C:\WINDOWS\system32\drivers\downld\2439390.exe
C:\WINDOWS\system32\drivers\downld\301984.exe
C:\WINDOWS\system32\drivers\downld\312281.exe
C:\WINDOWS\system32\drivers\downld\322250.exe
C:\WINDOWS\system32\drivers\downld\50093.exe
C:\WINDOWS\system32\drivers\downld\53840640.exe
C:\WINDOWS\system32\drivers\downld\53921640.exe
C:\WINDOWS\system32\drivers\downld\53927468.exe
C:\WINDOWS\system32\drivers\downld\53933484.exe
C:\WINDOWS\system32\drivers\downld\54107390.exe
C:\WINDOWS\system32\drivers\downld\72000.exe
C:\WINDOWS\system32\drivers\downld\86687.exe
C:\WINDOWS\system32\drivers\mdelk.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.
2008-05-18 17:09 . 2006-10-24 09:05 643,072 --a------ C:\WINDOWS\system32\drivers\HLDRRR.EXE.VIR
2008-05-18 16:57 . 2005-02-24 12:10 2,084,864 --a------ C:\WINDOWS\system32\AudDesign.dll
2008-05-18 16:57 . 2005-03-11 17:37 1,986,560 --a------ C:\WINDOWS\system32\AudFile.dll
2008-05-18 16:57 . 2005-02-24 12:11 1,212,416 --a------ C:\WINDOWS\system32\AudioInfos.dll
2008-05-18 16:57 . 2005-02-24 12:11 479,232 --a------ C:\WINDOWS\system32\AudioVisu.dll
2008-05-18 16:57 . 2005-02-24 15:21 458,752 --a------ C:\WINDOWS\system32\AudPlayer.dll
2008-05-18 16:57 . 2005-03-10 16:00 454,656 --a------ C:\WINDOWS\system32\AudioRecord.dll
2008-05-18 16:57 . 2005-02-24 12:10 417,792 --a------ C:\WINDOWS\system32\AudDisplay.dll
2008-05-18 16:57 . 2005-02-24 11:51 348,160 --a------ C:\WINDOWS\system32\WMAFile.dll
2008-05-18 16:57 . 2005-01-10 12:54 116,296 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-05-15 23:28 . 2007-12-14 17:19 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2008-05-15 23:28 . 2007-12-14 17:19 1,046,528 --------- C:\WINDOWS\system32\MFC71LU.DLL
2008-05-15 23:28 . 2007-12-14 17:19 974,848 --------- C:\WINDOWS\system32\mfc70.dll
2008-05-15 23:28 . 2007-12-14 17:19 507,904 --------- C:\WINDOWS\system32\MSLUP71.dll
2008-05-15 23:28 . 2007-12-14 17:19 352,256 --------- C:\WINDOWS\system32\MSLUR71.dll
2008-05-15 19:17 . 2008-02-01 08:40 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-05-15 19:06 . 2008-05-15 19:06 <REP> d-------- C:\Program Files\XviD
2008-05-15 19:06 . 2008-05-15 19:06 <REP> d-------- C:\Program Files\Lame MP3 Codec
2008-05-15 19:06 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-15 19:06 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-15 19:05 . 2008-05-15 19:05 <REP> d-------- C:\Program Files\MarkAny
2008-05-15 19:05 . 2003-04-18 16:46 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2008-05-15 19:05 . 2003-04-18 16:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-05-15 19:05 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-05-08 11:46 . 2008-05-08 11:46 <REP> d-------- C:\Program Files\DVD Shrink
2008-05-08 11:46 . 2008-05-08 11:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-01 15:10 . 2008-05-01 15:10 <REP> d--h----- C:\WINDOWS\PIF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 21:32 --------- d-----w C:\Documents and Settings\Herphine\Application Data\uTorrent
2008-05-20 20:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 19:23 --------- d-----w C:\Program Files\eMule
2008-05-15 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-15 18:14 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 17:06 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-05-15 17:05 --------- d-----w C:\Documents and Settings\Herphine\Application Data\DataCast
2008-04-01 16:59 --------- d-----w C:\Documents and Settings\Herphine\Application Data\BSplayer
2008-03-26 13:29 --------- d-----w C:\Program Files\East-Tec Eraser 2008
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 17:31 --------- d-----w C:\Program Files\uTorrent
2008-03-20 07:56 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 16:15 94,103 ----a-w C:\WINDOWS\Optipix Uninstaller.exe
2008-03-04 16:31 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-22 08:44 172,776 ----a-w C:\WINDOWS\system32\muzapp.exe
2008-02-20 18:50 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-12-27 14:25 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-22 10:12 22,328 ----a-w C:\Documents and Settings\Herphine\Application Data\PnkBstrK.sys
2007-09-11 15:18 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-09-11 15:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-09-11 15:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007091120070912\index.dat
2007-09-11 15:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 11:45 139264]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07 1289000]
"Eraser RiskMonitor"="C:\Program Files\East-Tec Eraser 2008\Launch.exe" [2008-03-22 16:43 18536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 03:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 11:29 7700480]
"nwiz"="nwiz.exe" [2006-11-17 11:29 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 11:29 86016]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 11:16 196608]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-19 11:54 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 17:19 132624]
C:\Documents and Settings\Herphine\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
IcoSauve.lnk - C:\WINDOWS\system32\IcoSauve.exe [2007-09-11 17:22:10 112128]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 23:34:21
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-20 23:35:42
ComboFix-quarantined-files.txt 2008-05-20 21:35:27
Pre-Run: 90,452,328,448 octets libres
Post-Run: 90,496,249,856 octets libres
194 --- E O F --- 2008-05-17 09:26:20
