Aller au contenu

chinche01

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par chinche01

  1. chinche01
    Bonjour, Pourriez-vous m'aider à interpreter le log de Combofix je l'ai lancé après que mon antivirus Avast 4.8 ai trouvé les rootkits suivants: asc3550p.sys Agent-AABX Merci d'avance pour votre aide suit le log: -------------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 08-10-15.06 - Administrateur 2008-10-16 10:17:49.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.147 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\cbf.exe Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3550P -------\Service_asc3550p ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-16 au 2008-10-16 )))))))))))))))))))))))))))))))))))) . 2008-10-16 08:53 . 2008-10-16 08:53 <REP> d-------- C:\hjt 2008-10-15 18:22 . 2008-10-15 18:22 <REP> d-------- C:\Program Files\Defraggler 2008-10-15 18:21 . 2008-10-15 18:21 <REP> d-------- C:\Program Files\CCleaner 2008-10-15 17:47 . 2008-10-15 18:06 <REP> d-------- C:\Program Files\Defrag 2008-10-15 17:41 . 2008-07-17 15:48 <REP> d-------- C:\Program Files\testdisk-6.10 2008-10-15 17:36 . 2008-10-15 17:38 <REP> d-------- C:\Program Files\WinMerge 2008-10-15 17:33 . 2008-10-15 17:33 <REP> d-------- C:\Program Files\GNU 2008-10-15 17:33 . 2008-10-15 17:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\gnupg 2008-10-15 12:14 . 2008-10-15 12:14 <REP> d-------- C:\WINDOWS\Logs 2008-10-13 14:53 . 2008-10-13 14:53 <REP> d-------- C:\Program Files\Avast4 2008-10-12 22:32 . 2008-10-12 23:05 <REP> d-------- C:\Program Files\MapInfo95 2008-10-12 20:16 . 2008-10-12 20:30 <REP> d-------- C:\Program Files\GlobalMapper10 2008-10-08 13:34 . 2008-10-08 13:34 <REP> d-------- C:\Program Files\GoogleView for Mapinfo 2008-10-08 11:35 . 2008-10-08 11:36 <REP> d-------- C:\Program Files\CopyPlus 2008-10-08 10:42 . 2008-10-08 10:42 <REP> d-------- C:\Program Files\BatchIt 2008-10-03 23:57 . 2008-10-12 22:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-10-03 23:44 . 2008-10-03 23:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM 2008-10-03 23:42 . 2008-10-03 23:42 <REP> d-------- C:\Program Files\Bonjour 2008-10-03 23:29 . 2008-10-03 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-10-03 00:17 . 2008-10-03 00:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Deneba 2008-10-03 00:16 . 2008-10-03 00:17 <REP> d-------- C:\Program Files\Canvas 2008-10-02 08:23 . 2008-10-16 10:13 <REP> d-------- C:\BD-Biblio 2008-10-01 23:54 . 2008-10-01 23:54 36 --a------ C:\WINDOWS\system32\msjatdat 2008-10-01 23:52 . 2008-10-01 23:54 <REP> d-------- C:\Program Files\CompeGPS 2008-10-01 23:34 . 2008-10-01 23:34 <REP> d-------- C:\Garmin 2008-10-01 23:31 . 2008-10-01 23:31 <REP> d-------- C:\MapConosur 2008-10-01 17:36 . 2008-10-07 13:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\gtk-2.0 2008-10-01 16:47 . 2008-10-01 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Inkscape 2008-10-01 16:44 . 2008-10-07 13:45 <REP> d-------- C:\Program Files\Inkscape 2008-09-29 18:12 . 2008-09-29 18:12 <REP> d-------- C:\tmp 2008-09-29 13:25 . 2008-09-29 22:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MySQL 2008-09-29 12:57 . 2008-09-29 12:57 <REP> d-------- C:\MySQL InnoDB Datafiles 2008-09-29 12:49 . 2008-09-29 17:46 <REP> d-------- C:\MySQL 2008-09-28 11:28 . 2008-09-28 11:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acreon 2008-09-24 12:57 . 2008-09-24 12:57 <REP> d-------- C:\Program Files\MapInfo85 2008-09-22 12:32 . 2008-09-22 12:32 <REP> d-------- C:\canoco 2008-09-22 00:19 . 2008-09-22 12:33 <REP> d-------- C:\Pcord4 2008-09-22 00:10 . 2008-09-22 00:13 <REP> d-------- C:\mulva 2008-09-22 00:01 . 2008-09-22 00:02 <REP> d-------- C:\Program Files\WinTWINS 2008-09-21 23:30 . 2008-09-22 00:15 <REP> d-------- C:\Program Files\JUICE 6.5 2008-09-21 23:28 . 2008-09-21 23:28 258,048 --------- C:\WINDOWS\Setup1.exe 2008-09-21 23:28 . 2008-09-21 23:28 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-09-21 23:12 . 2008-10-01 12:28 817 --a------ C:\WINDOWS\tvwin.ini 2008-09-21 23:10 . 2008-09-21 23:15 <REP> d-------- C:\Turbowin 2008-09-21 15:30 . 2008-09-21 15:30 <REP> d-------- C:\WINDOWS\system32\fr 2008-09-21 15:30 . 2008-09-21 15:30 <REP> d-------- C:\WINDOWS\system32\bits 2008-09-21 15:30 . 2008-09-21 15:30 <REP> d-------- C:\WINDOWS\l2schemas 2008-09-21 15:27 . 2008-09-21 15:30 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-09-21 14:06 . 2008-09-21 14:07 <REP> d-------- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-14 10:38 --------- d-----w C:\Program Files\Lexmark X1100 Series 2008-10-13 12:44 --------- d-----w C:\Program Files\eMule 2008-10-12 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\MapInfo 2008-10-12 21:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MapInfo 2008-10-03 21:42 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-10-01 21:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-21 14:53 --------- d-----w C:\Program Files\Google 2008-09-21 13:48 --------- d-----w C:\Program Files\MSN Messenger 2008-09-07 12:01 --------- d-----w C:\Program Files\Vdownloader 2008-09-07 11:54 --------- d-----w C:\Program Files\MediaCoder 2008-09-07 09:41 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WebApps 2008-09-07 09:41 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Prism 2008-09-03 16:31 --------- d-----w C:\Program Files\Amaya 2008-09-03 13:10 --------- d-----w C:\Program Files\PDFCreator 2008-09-03 12:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\KompoZer 2008-08-30 16:36 --------- d-----w C:\Program Files\GMChess 2008-08-30 16:24 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-08-18 12:55 --------- d-----w C:\Program Files\Xper2_1.90 2008-08-18 12:47 --------- d-----w C:\Program Files\Xper2-TaxonEdition 2008-08-17 11:02 --------- d-----w C:\Program Files\PuTTY 2008-08-17 10:57 --------- d-----w C:\Program Files\FLAC 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "OSSelectorReinstall"="C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe" [2006-05-31 1281425] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-07-06 1126497] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe" [2006-07-06 1868040] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-07-05 126976] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 C:\WINDOWS\SOUNDMAN.EXE] "SiSPower"="SiSPower.dll" [2005-03-03 C:\WINDOWS\system32\SiSPower.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Turboveg for Windows - Auto Update.lnk - C:\Turbowin\UpdIntS.exe [2008-09-21 178899] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "SENTINEL"= snti386.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3306:TCP"= 3306:TCP:MySQL Server R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-07-30 52800] R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ] S2 gupdate1c91bf9a764305c;Google Update Service (gupdate1c91bf9a764305c);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-21 133104] S3 ERMLicSrv_ATL64;ERMLicSrv_ATL64;C:\WINDOWS\system32\ERM\6.4\ERMLicSrv_ATL64.exe [2003-11-13 90112] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] . Contenu du dossier 'Tâches planifiées' 2008-10-15 C:\WINDOWS\Tasks\Defraggler Volume C Task.job - C:\Program Files\Defraggler\df.exe [2008-10-08 12:36] 2008-10-16 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-21 17:07] . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qa9hb28k.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\Google\Google Earth Plugin\npgeplugin.dll FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll . . ------- Associations de fichier ------- . txtfile=C:\Program Files\Win32Pad\win32pad.exe "%L" . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-16 10:21:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"C:\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"C:\MySQL\MySQL Server 5.1\my.ini\" MySQL" . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\system32\wdfmgr.exe C:\Turbowin\X_UpdIntS.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-10-16 10:30:00 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-16 08:29:54 Avant-CF: 11 141 718 016 octets libres Après-CF: 11,084,390,400 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] ;timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 213 --- E O F --- 2008-09-22 21:28:54
×
×
  • Créer...