Aller au contenu

brugrival

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par brugrival

  1. brugrival
    Oui, oui, j'avais compris, désolée, je me suis mal exprimée (je pense que je commence légèrement à fatiguer). Je fais glisser le fichier txt sur l'icône, et puis j'ai la petite fenêtre qui me propose d'exécuter combofix, je clique sur "oui", et plus rien ne se passe.
  2. brugrival
    Il ne se passe rien en faisant glisser le script sur le lien tout frais ((
  3. brugrival
    J'ai fait ce que tu m'as dit et une fenêtre m'a dit "combofix is uninstalled" et ensuite l'a carrément supprimé. J'ai ressayé deux fois de retélécharger combofix (renommé) et de le faire marcher, et même message puis fermeture. Une idée ?
  4. brugrival
    Voilà, c'est fait. Je te signale juste pour information que la première fois que j'ai fait la manip, j'ai vu le lien se renommer tout seul de svchost en combofix dès le lancement, la seconde fois il a gardé le nom de svchost et cette dernière fois, il s'est renommé tout seul en combofix, comme la première fois. Hop, rapport : ComboFix 09-08-10.06 - cath 15/08/2009 21:37.3.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.191 [GMT 2:00] Running from: c:\documents and settings\cath\Bureau\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 ))))))))))))))))))))))))))))))) . 2009-08-15 18:40 . 2009-08-15 18:40 -------- d-----w- c:\windows\LastGood 2009-08-15 16:48 . 2009-08-15 17:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-15 16:48 . 2009-08-15 17:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-08-15 16:48 . 2009-08-15 17:12 -------- d-----w- c:\program files\Spyware Doctor 2009-08-15 16:39 . 2009-08-15 16:39 138 ----a-w- c:\documents and settings\cath\delself.bat 2009-08-15 11:03 . 2009-08-15 11:03 26686 ----a-w- c:\windows\system32\msword98.exe 2009-08-15 11:03 . 2009-08-15 11:03 26686 ----a-w- c:\documents and settings\cath\msword98.exe 2009-08-13 01:02 . 2009-08-13 01:02 -------- d-----w- c:\windows\ServicePackFiles 2009-08-12 03:03 . 2009-07-10 13:41 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-12 03:02 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-08-06 01:27 . 2009-08-06 01:27 -------- d-----w- c:\documents and settings\william\Local Settings\Application Data\Yahoo 2009-08-06 01:26 . 2009-08-06 01:26 -------- d-----w- c:\documents and settings\william\Application Data\Notepad++ 2009-08-05 14:44 . 2009-08-08 16:44 -------- d-----w- c:\program files\Yahoo! 2009-08-05 09:06 . 2009-08-05 09:06 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-31 13:15 . 2009-07-31 14:02 -------- d-----w- c:\documents and settings\cath\Application Data\Notepad++ 2009-07-31 13:15 . 2009-07-31 13:15 -------- d-----w- c:\program files\Notepad++ 2009-07-29 13:53 . 2009-07-29 13:58 -------- d-----w- c:\documents and settings\cath\Application Data\Spotify 2009-07-29 13:53 . 2009-07-29 13:53 -------- d-----w- c:\documents and settings\cath\Local Settings\Application Data\Spotify 2009-07-29 13:52 . 2009-07-29 13:52 -------- d-----w- c:\program files\Spotify 2009-07-26 22:51 . 2009-07-26 22:53 -------- dc-h--w- c:\windows\ie8 2009-07-26 22:47 . 2009-07-26 22:47 -------- d-----w- C:\c476e5db662a7af319e9601557 2009-07-26 22:40 . 2009-07-26 22:40 86576 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2009-07-26 22:40 . 2009-07-26 22:40 132672 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2009-07-26 22:40 . 2009-07-26 22:40 392728 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2009-07-26 22:40 . 2009-07-26 22:40 135680 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2009-07-26 22:28 . 2009-07-26 22:28 -------- d-sh--w- c:\documents and settings\william\PrivacIE 2009-07-25 23:23 . 2009-07-25 23:23 -------- d-----w- c:\documents and settings\william\Application Data\Uniblue 2009-07-24 00:22 . 2009-07-24 00:22 -------- d-----w- c:\program files\Google 2009-07-21 13:39 . 2009-07-21 13:39 -------- d-----w- c:\documents and settings\cath\Application Data\Media Player Classic 2009-07-21 06:13 . 2009-07-21 07:16 -------- d-----w- c:\documents and settings\william\Application Data\Facebook 2009-07-20 09:57 . 2009-07-20 09:57 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-18 19:47 . 2009-07-18 19:47 -------- d-----w- c:\documents and settings\william\Application Data\DivX 2009-07-18 17:15 . 2009-07-18 17:15 -------- d-sh--w- c:\documents and settings\cath\PrivacIE 2009-07-17 23:55 . 2009-07-17 23:55 -------- d-sh--w- c:\documents and settings\william\IETldCache 2009-07-17 18:56 . 2009-07-17 18:56 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-07-17 18:41 . 2009-07-17 18:41 -------- d-sh--w- c:\documents and settings\cath\IETldCache 2009-07-17 18:35 . 2009-07-17 18:35 -------- d--h--w- c:\windows\msdownld.tmp 2009-07-17 18:33 . 2009-07-26 22:42 -------- d-----w- c:\windows\ie8updates 2009-07-17 18:28 . 2009-07-26 22:51 -------- d-----w- c:\windows\system32\fr-FR 2009-07-17 18:22 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-17 18:22 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-17 18:22 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-17 18:22 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-17 18:22 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-17 10:35 . 2009-07-17 10:35 -------- d-----w- c:\program files\WahOO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 18:48 . 2009-05-30 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-15 17:28 . 2009-05-31 18:16 -------- d-----w- c:\program files\BitComet 2009-08-13 18:47 . 2009-05-30 16:11 -------- d-----w- c:\documents and settings\cath\Application Data\FileZilla 2009-08-06 01:26 . 2009-07-07 06:24 17024 ----a-w- c:\documents and settings\william\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:06 . 2004-08-20 07:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-20 10:21 . 2009-05-30 16:23 17024 ----a-w- c:\documents and settings\cath\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-20 10:11 . 2009-06-16 19:18 -------- d-----w- c:\program files\AnglaisFacile.com 2009-07-18 21:07 . 2009-06-18 04:51 -------- d-----w- c:\documents and settings\william\Application Data\FileZilla 2009-07-17 18:56 . 2004-08-20 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 09:45 . 2004-08-20 07:01 76574 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-17 09:45 . 2004-08-20 07:01 470278 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-15 14:56 . 2009-07-15 14:56 -------- d-----w- c:\documents and settings\cath\Application Data\NotMyIp 2009-07-15 14:55 . 2009-07-15 14:55 8704 ----a-w- c:\windows\system32\SpOrder.dll 2009-07-14 13:48 . 2009-07-14 13:48 -------- d-----w- c:\program files\Educatifs Joyeux 2009-07-13 00:18 . 2004-08-20 07:01 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-08 21:58 . 2009-07-08 09:59 1878984 ----a-w- c:\documents and settings\cath\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-07-06 16:59 . 2009-07-06 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-07-06 16:45 . 2004-08-20 09:30 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-07-06 16:43 . 2009-07-06 16:43 -------- d-----w- c:\program files\Adobe Media Player 2009-07-06 16:40 . 2009-07-06 16:40 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR 2009-07-06 16:32 . 2009-07-06 16:32 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared 2009-07-06 16:30 . 2009-07-06 09:58 -------- d-----w- c:\program files\UltraVPN 2009-07-05 18:53 . 2009-07-05 18:53 -------- d-----w- c:\program files\EA GAMES 2009-07-05 04:50 . 2009-05-30 15:37 -------- d-----w- c:\documents and settings\cath\Application Data\AdobeUM 2009-07-04 07:45 . 2009-07-04 07:45 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-07-04 07:45 . 2009-07-04 07:45 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-07-04 07:45 . 2009-07-04 07:45 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys 2009-07-04 07:45 . 2009-07-04 07:45 158192 ------w- c:\windows\system32\pxwma.dll 2009-07-03 07:00 . 2009-07-03 06:59 -------- d-----w- c:\program files\PlayFirst 2009-07-03 06:59 . 2009-07-03 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia 2009-06-26 16:18 . 2004-08-20 07:01 663552 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2009-04-29 04:52 81920 ------w- c:\windows\system32\ieencode.dll 2009-06-24 18:52 . 2004-08-20 08:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-24 18:52 . 2009-06-24 18:34 -------- d-----w- c:\program files\Carambis 2009-06-23 08:58 . 2009-06-23 08:58 -------- d-----w- c:\program files\Dactylo 2009-06-23 08:46 . 2009-06-23 08:46 766 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\TAP2.exe 2009-06-23 08:46 . 2009-06-23 08:46 766 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\EXEDIT.exe 2009-06-23 08:46 . 2009-06-23 08:46 28672 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\_2116CFD0EC48_4F48_A433_344523B6D78D.exe 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\william\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-20 15:38 . 2009-06-20 15:38 -------- d-----w- c:\program files\Ashampoo 2009-06-18 19:54 . 2009-06-18 19:53 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-06-18 11:37 . 2009-06-18 11:27 -------- d-----w- c:\documents and settings\cath\Application Data\Azureus 2009-06-18 11:27 . 2009-06-18 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-06-18 11:23 . 2009-06-18 11:23 -------- d-----w- c:\program files\Fichiers communs\i4j_jres 2009-06-17 15:36 . 2009-06-06 15:31 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-06-16 14:54 . 2004-08-20 07:01 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:54 . 2004-08-20 07:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 11:33 . 2004-08-20 07:01 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-14 10:37 . 2009-06-14 10:37 159955 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_14_12_36_07_small.dmp.zip 2009-06-10 14:23 . 2004-08-20 07:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:30 . 2004-08-20 07:01 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 07:46 . 2004-08-20 07:12 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-20 07:00 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-06-02 16:11 . 2009-06-18 19:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-05-31 19:54 . 2009-05-31 19:54 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-05-31 19:54 . 2009-05-31 19:54 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-05-31 18:16 . 2009-05-31 18:16 1048576 ----a-w- c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2009-05-30 16:09 . 2009-05-30 16:09 0 ----a-w- c:\windows\nsreg.dat 2009-05-29 21:37 . 2009-06-18 19:53 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-05-29 21:31 . 2009-06-18 19:53 881664 ----a-w- c:\windows\system32\xvidcore.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-15_17.54.51 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-20 07:00 . 2004-08-05 10:00 574592 c:\windows\system32\drivers\ntfs.sys + 2004-08-20 07:00 . 2004-08-05 10:00 574592 c:\windows\system32\dllcache\ntfs.sys + 2009-08-15 18:40 . 2008-04-13 11:15 574976 c:\windows\LastGood\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808] "msword98"="c:\documents and settings\cath\msword98.exe" [2009-08-15 26686] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-27 184320] "CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-18 135168] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 643072] "EzButton"="c:\program files\EzButton\EzButton.EXE" [2004-07-07 712704] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248] "ZoomingHook"="c:\windows\System32\ZoomingHook.exe" [2004-07-14 24576] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-04-30 118784] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-31 198160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "msword98"="c:\windows\system32\msword98.exe" [2009-08-15 26686] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-02-21 88363] "NDSTray.exe"="NDSTray.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\cath\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 24064] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Documents and Settings\\william\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\william\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\documents and settings\william\Application Data\Facebook\facebook.exe"= c:\documents and settings\william\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9282:TCP"= 9282:TCP:BitComet 9282 TCP "9282:UDP"= 9282:UDP:BitComet 9282 UDP "5353:TCP"= 5353:TCP:Adobe CSI CS4 R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [01/08/2008 00:42 25216] --- Other Services/Drivers In Memory --- *NewlyCreated* - MCHINJDRV *Deregistered* - AvgLdx86 *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-51414120-1222227028-1941070343-1007Core.job - c:\documents and settings\william\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 13:10] 2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-51414120-1222227028-1941070343-1007UA.job - c:\documents and settings\william\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 13:10] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm FF - ProfilePath - c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\ FF - component: c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-15 21:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\c:\docume~1\cath\LOCALS~1\Temp\ASFWHide" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(576) c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(1848) c:\program files\Spyware Doctor\pctgmhk.dll c:\windows\system32\msi.dll . Completion time: 2009-08-15 21:53 ComboFix-quarantined-files.txt 2009-08-15 19:53 ComboFix2.txt 2009-08-15 19:07 ComboFix3.txt 2009-08-15 17:59 Pre-Run: 36 150 472 704 octets libres Post-Run: 36 144 181 248 octets libres 229 --- E O F --- 2009-08-13 01:10
  5. brugrival
    (Wahou, quelle réactivité !) Je suis pourtant sûre et certaine de l'avoir utilisée, mais je recommence à tout hasard. (et encore merci)
  6. brugrival
    J'ai bien téléchargé la version de combofix sur ton lien, et elle est bien renommée en svchost.exe. (je l'avais déjà renommé la première fois, d'ailleurs) Le problème c'est qu'il n'y a pas de console de récupération ?
  7. brugrival
    Je n'ai pas demandé de scan, c'est combofix qui l'a décidé tout seul, et d'ailleurs il l'a refait la deuxième fois. Oui, j'ai vu ça Merci de ton aide, voici le deuxième rapport : ComboFix 09-08-10.06 - cath 15/08/2009 20:52.2.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.236 [GMT 2:00] Running from: c:\documents and settings\cath\Bureau\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 ))))))))))))))))))))))))))))))) . 2009-08-15 16:48 . 2009-08-15 17:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-15 16:48 . 2009-08-15 17:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-08-15 16:48 . 2009-08-15 17:12 -------- d-----w- c:\program files\Spyware Doctor 2009-08-15 16:39 . 2009-08-15 16:39 138 ----a-w- c:\documents and settings\cath\delself.bat 2009-08-15 11:03 . 2009-08-15 11:03 26686 ----a-w- c:\windows\system32\msword98.exe 2009-08-15 11:03 . 2009-08-15 11:03 26686 ----a-w- c:\documents and settings\cath\msword98.exe 2009-08-13 01:02 . 2009-08-13 01:02 -------- d-----w- c:\windows\ServicePackFiles 2009-08-12 03:03 . 2009-07-10 13:41 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-12 03:02 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-08-06 01:27 . 2009-08-06 01:27 -------- d-----w- c:\documents and settings\william\Local Settings\Application Data\Yahoo 2009-08-06 01:26 . 2009-08-06 01:26 -------- d-----w- c:\documents and settings\william\Application Data\Notepad++ 2009-08-05 14:44 . 2009-08-08 16:44 -------- d-----w- c:\program files\Yahoo! 2009-08-05 09:06 . 2009-08-05 09:06 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-31 13:15 . 2009-07-31 14:02 -------- d-----w- c:\documents and settings\cath\Application Data\Notepad++ 2009-07-31 13:15 . 2009-07-31 13:15 -------- d-----w- c:\program files\Notepad++ 2009-07-29 13:53 . 2009-07-29 13:58 -------- d-----w- c:\documents and settings\cath\Application Data\Spotify 2009-07-29 13:53 . 2009-07-29 13:53 -------- d-----w- c:\documents and settings\cath\Local Settings\Application Data\Spotify 2009-07-29 13:52 . 2009-07-29 13:52 -------- d-----w- c:\program files\Spotify 2009-07-26 22:51 . 2009-07-26 22:53 -------- dc-h--w- c:\windows\ie8 2009-07-26 22:47 . 2009-07-26 22:47 -------- d-----w- C:\c476e5db662a7af319e9601557 2009-07-26 22:40 . 2009-07-26 22:40 86576 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2009-07-26 22:40 . 2009-07-26 22:40 132672 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2009-07-26 22:40 . 2009-07-26 22:40 392728 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2009-07-26 22:40 . 2009-07-26 22:40 135680 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2009-07-26 22:28 . 2009-07-26 22:28 -------- d-sh--w- c:\documents and settings\william\PrivacIE 2009-07-25 23:23 . 2009-07-25 23:23 -------- d-----w- c:\documents and settings\william\Application Data\Uniblue 2009-07-24 00:22 . 2009-07-24 00:22 -------- d-----w- c:\program files\Google 2009-07-21 13:39 . 2009-07-21 13:39 -------- d-----w- c:\documents and settings\cath\Application Data\Media Player Classic 2009-07-21 06:13 . 2009-07-21 07:16 -------- d-----w- c:\documents and settings\william\Application Data\Facebook 2009-07-20 09:57 . 2009-07-20 09:57 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-18 19:47 . 2009-07-18 19:47 -------- d-----w- c:\documents and settings\william\Application Data\DivX 2009-07-18 17:15 . 2009-07-18 17:15 -------- d-sh--w- c:\documents and settings\cath\PrivacIE 2009-07-17 23:55 . 2009-07-17 23:55 -------- d-sh--w- c:\documents and settings\william\IETldCache 2009-07-17 18:56 . 2009-07-17 18:56 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-07-17 18:41 . 2009-07-17 18:41 -------- d-sh--w- c:\documents and settings\cath\IETldCache 2009-07-17 18:35 . 2009-07-17 18:35 -------- d--h--w- c:\windows\msdownld.tmp 2009-07-17 18:33 . 2009-07-26 22:42 -------- d-----w- c:\windows\ie8updates 2009-07-17 18:28 . 2009-07-26 22:51 -------- d-----w- c:\windows\system32\fr-FR 2009-07-17 18:22 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-17 18:22 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-17 18:22 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-17 18:22 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-17 18:22 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-17 10:35 . 2009-07-17 10:35 -------- d-----w- c:\program files\WahOO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 18:48 . 2009-05-30 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-15 17:28 . 2009-05-31 18:16 -------- d-----w- c:\program files\BitComet 2009-08-13 18:47 . 2009-05-30 16:11 -------- d-----w- c:\documents and settings\cath\Application Data\FileZilla 2009-08-06 01:26 . 2009-07-07 06:24 17024 ----a-w- c:\documents and settings\william\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:06 . 2004-08-20 07:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-20 10:21 . 2009-05-30 16:23 17024 ----a-w- c:\documents and settings\cath\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-20 10:11 . 2009-06-16 19:18 -------- d-----w- c:\program files\AnglaisFacile.com 2009-07-18 21:07 . 2009-06-18 04:51 -------- d-----w- c:\documents and settings\william\Application Data\FileZilla 2009-07-17 18:56 . 2004-08-20 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 09:45 . 2004-08-20 07:01 76574 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-17 09:45 . 2004-08-20 07:01 470278 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-15 14:56 . 2009-07-15 14:56 -------- d-----w- c:\documents and settings\cath\Application Data\NotMyIp 2009-07-15 14:55 . 2009-07-15 14:55 8704 ----a-w- c:\windows\system32\SpOrder.dll 2009-07-14 13:48 . 2009-07-14 13:48 -------- d-----w- c:\program files\Educatifs Joyeux 2009-07-13 00:18 . 2004-08-20 07:01 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-08 21:58 . 2009-07-08 09:59 1878984 ----a-w- c:\documents and settings\cath\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-07-06 16:59 . 2009-07-06 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-07-06 16:45 . 2004-08-20 09:30 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-07-06 16:43 . 2009-07-06 16:43 -------- d-----w- c:\program files\Adobe Media Player 2009-07-06 16:40 . 2009-07-06 16:40 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR 2009-07-06 16:32 . 2009-07-06 16:32 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared 2009-07-06 16:30 . 2009-07-06 09:58 -------- d-----w- c:\program files\UltraVPN 2009-07-05 18:53 . 2009-07-05 18:53 -------- d-----w- c:\program files\EA GAMES 2009-07-05 04:50 . 2009-05-30 15:37 -------- d-----w- c:\documents and settings\cath\Application Data\AdobeUM 2009-07-04 07:45 . 2009-07-04 07:45 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-07-04 07:45 . 2009-07-04 07:45 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-07-04 07:45 . 2009-07-04 07:45 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys 2009-07-04 07:45 . 2009-07-04 07:45 158192 ------w- c:\windows\system32\pxwma.dll 2009-07-03 07:00 . 2009-07-03 06:59 -------- d-----w- c:\program files\PlayFirst 2009-07-03 06:59 . 2009-07-03 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia 2009-06-26 16:18 . 2004-08-20 07:01 663552 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2009-04-29 04:52 81920 ------w- c:\windows\system32\ieencode.dll 2009-06-24 18:52 . 2004-08-20 08:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-24 18:52 . 2009-06-24 18:34 -------- d-----w- c:\program files\Carambis 2009-06-23 08:58 . 2009-06-23 08:58 -------- d-----w- c:\program files\Dactylo 2009-06-23 08:46 . 2009-06-23 08:46 766 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\TAP2.exe 2009-06-23 08:46 . 2009-06-23 08:46 766 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\EXEDIT.exe 2009-06-23 08:46 . 2009-06-23 08:46 28672 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\_2116CFD0EC48_4F48_A433_344523B6D78D.exe 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\william\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-20 15:38 . 2009-06-20 15:38 -------- d-----w- c:\program files\Ashampoo 2009-06-18 19:54 . 2009-06-18 19:53 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-06-18 11:37 . 2009-06-18 11:27 -------- d-----w- c:\documents and settings\cath\Application Data\Azureus 2009-06-18 11:27 . 2009-06-18 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-06-18 11:23 . 2009-06-18 11:23 -------- d-----w- c:\program files\Fichiers communs\i4j_jres 2009-06-17 15:36 . 2009-06-06 15:31 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-06-16 14:54 . 2004-08-20 07:01 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:54 . 2004-08-20 07:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 11:33 . 2004-08-20 07:01 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-14 10:37 . 2009-06-14 10:37 159955 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_14_12_36_07_small.dmp.zip 2009-06-10 14:23 . 2004-08-20 07:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:30 . 2004-08-20 07:01 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 07:46 . 2004-08-20 07:12 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-20 07:00 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-06-02 16:11 . 2009-06-18 19:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-05-31 19:54 . 2009-05-31 19:54 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-05-31 19:54 . 2009-05-31 19:54 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-05-31 18:16 . 2009-05-31 18:16 1048576 ----a-w- c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2009-05-30 16:09 . 2009-05-30 16:09 0 ----a-w- c:\windows\nsreg.dat 2009-05-29 21:37 . 2009-06-18 19:53 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-05-29 21:31 . 2009-06-18 19:53 881664 ----a-w- c:\windows\system32\xvidcore.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-15_17.54.51 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-20 07:00 . 2004-08-05 10:00 574592 c:\windows\system32\drivers\ntfs.sys + 2004-08-20 07:00 . 2004-08-05 10:00 574592 c:\windows\system32\dllcache\ntfs.sys + 2009-08-15 18:40 . 2008-04-13 11:15 574976 c:\windows\LastGood\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808] "msword98"="c:\documents and settings\cath\msword98.exe" [2009-08-15 26686] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-27 184320] "CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-18 135168] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 643072] "EzButton"="c:\program files\EzButton\EzButton.EXE" [2004-07-07 712704] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248] "ZoomingHook"="c:\windows\System32\ZoomingHook.exe" [2004-07-14 24576] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-04-30 118784] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-31 198160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "msword98"="c:\windows\system32\msword98.exe" [2009-08-15 26686] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-02-21 88363] "NDSTray.exe"="NDSTray.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\cath\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 24064] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Documents and Settings\\william\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\william\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\documents and settings\william\Application Data\Facebook\facebook.exe"= c:\documents and settings\william\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9282:TCP"= 9282:TCP:BitComet 9282 TCP "9282:UDP"= 9282:UDP:BitComet 9282 UDP "5353:TCP"= 5353:TCP:Adobe CSI CS4 R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [01/08/2008 00:42 25216] --- Other Services/Drivers In Memory --- *NewlyCreated* - MCHINJDRV *Deregistered* - AvgLdx86 *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-51414120-1222227028-1941070343-1007Core.job - c:\documents and settings\william\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 13:10] 2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-51414120-1222227028-1941070343-1007UA.job - c:\documents and settings\william\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 13:10] . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm FF - ProfilePath - c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\ FF - component: c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-15 21:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\c:\docume~1\cath\LOCALS~1\Temp\ASFWHide" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(576) c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(3072) c:\program files\Spyware Doctor\pctgmhk.dll c:\windows\system32\msi.dll c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2009-08-15 21:07 ComboFix-quarantined-files.txt 2009-08-15 19:07 ComboFix2.txt 2009-08-15 17:59 Pre-Run: 36 169 363 456 octets libres Post-Run: 36 137 500 672 octets libres 231 --- E O F --- 2009-08-13 01:10
  8. brugrival
    Bonsoir, Mon antivirus (AVG) m'a signalé cet après-midi les trojan figaro.sys puis bravia.exe, sans parvenir à les mettre en quarantaine ou à les supprimer. J'ai lu que JumpingJack avait le même problème que moi, et j'ai donc suivi les instructions que vous lui aviez données pour utiliser combofix, en espérant que vous voudrez bien m'aider moi aussi. A noter que AVG n'a pas d'options de désactivation, et que, comme une idiote, je n'ai pas pensé à le désactiver via le gestionnaire des tâches de windows. Du coup, au cours de l'analyse de Combofix, AVG m'a alertée trois fois à propos de bravia.exe, et j'ai ignoré ces alertes. Après la fin de l'analyse, AVG m'a alertée à propos d'un "cheval de troie Rootkit.Pakes.M" à C:\WINDOWS\system32\drivers\ntfs.sys. Je vous copie-colle le rapport de combofix ci-après, en vous remerciant d'avance de vos lumières. Cordialement, Catherine. ComboFix 09-08-10.06 - cath 15/08/2009 19:41.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.243 [GMT 2:00] Running from: c:\documents and settings\cath\Bureau\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\cath\Application Data\wiaserva.log c:\documents and settings\cath\oashdihasidhasuidhiasdhiashdiuasdhasd c:\recycler\S-1-5-21-1417001333-1123561945-839522115-1003 c:\recycler\S-1-5-21-2269372287-783901019-1911599710-1003 c:\windows\system32\braviax.exe . ((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 ))))))))))))))))))))))))))))))) . 2009-08-15 16:48 . 2009-08-15 17:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-15 16:48 . 2009-08-15 17:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-08-15 16:48 . 2009-08-15 17:12 -------- d-----w- c:\program files\Spyware Doctor 2009-08-15 16:39 . 2009-08-15 16:39 138 ----a-w- c:\documents and settings\cath\delself.bat 2009-08-15 11:03 . 2009-08-15 11:03 26686 ----a-w- c:\windows\system32\msword98.exe 2009-08-15 11:03 . 2009-08-15 11:03 26686 ----a-w- c:\documents and settings\cath\msword98.exe 2009-08-13 01:02 . 2009-08-13 01:02 -------- d-----w- c:\windows\ServicePackFiles 2009-08-12 03:03 . 2009-07-10 13:41 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-12 03:02 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-08-06 01:27 . 2009-08-06 01:27 -------- d-----w- c:\documents and settings\william\Local Settings\Application Data\Yahoo 2009-08-06 01:26 . 2009-08-06 01:26 -------- d-----w- c:\documents and settings\william\Application Data\Notepad++ 2009-08-05 14:44 . 2009-08-08 16:44 -------- d-----w- c:\program files\Yahoo! 2009-08-05 09:06 . 2009-08-05 09:06 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-31 13:15 . 2009-07-31 14:02 -------- d-----w- c:\documents and settings\cath\Application Data\Notepad++ 2009-07-31 13:15 . 2009-07-31 13:15 -------- d-----w- c:\program files\Notepad++ 2009-07-29 13:53 . 2009-07-29 13:58 -------- d-----w- c:\documents and settings\cath\Application Data\Spotify 2009-07-29 13:53 . 2009-07-29 13:53 -------- d-----w- c:\documents and settings\cath\Local Settings\Application Data\Spotify 2009-07-29 13:52 . 2009-07-29 13:52 -------- d-----w- c:\program files\Spotify 2009-07-26 22:51 . 2009-07-26 22:53 -------- dc-h--w- c:\windows\ie8 2009-07-26 22:47 . 2009-07-26 22:47 -------- d-----w- C:\c476e5db662a7af319e9601557 2009-07-26 22:40 . 2009-07-26 22:40 86576 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2009-07-26 22:40 . 2009-07-26 22:40 132672 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2009-07-26 22:40 . 2009-07-26 22:40 392728 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2009-07-26 22:40 . 2009-07-26 22:40 135680 ----a-w- c:\documents and settings\william\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe 2009-07-26 22:28 . 2009-07-26 22:28 -------- d-sh--w- c:\documents and settings\william\PrivacIE 2009-07-25 23:23 . 2009-07-25 23:23 -------- d-----w- c:\documents and settings\william\Application Data\Uniblue 2009-07-24 00:22 . 2009-07-24 00:22 -------- d-----w- c:\program files\Google 2009-07-21 13:39 . 2009-07-21 13:39 -------- d-----w- c:\documents and settings\cath\Application Data\Media Player Classic 2009-07-21 06:13 . 2009-07-21 07:16 -------- d-----w- c:\documents and settings\william\Application Data\Facebook 2009-07-20 09:57 . 2009-07-20 09:57 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-18 19:47 . 2009-07-18 19:47 -------- d-----w- c:\documents and settings\william\Application Data\DivX 2009-07-18 17:15 . 2009-07-18 17:15 -------- d-sh--w- c:\documents and settings\cath\PrivacIE 2009-07-17 23:55 . 2009-07-17 23:55 -------- d-sh--w- c:\documents and settings\william\IETldCache 2009-07-17 18:56 . 2009-07-17 18:56 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-07-17 18:41 . 2009-07-17 18:41 -------- d-sh--w- c:\documents and settings\cath\IETldCache 2009-07-17 18:35 . 2009-07-17 18:35 -------- d--h--w- c:\windows\msdownld.tmp 2009-07-17 18:33 . 2009-07-26 22:42 -------- d-----w- c:\windows\ie8updates 2009-07-17 18:28 . 2009-07-26 22:51 -------- d-----w- c:\windows\system32\fr-FR 2009-07-17 18:22 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-17 18:22 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-17 18:22 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-17 18:22 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-17 18:22 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-17 10:35 . 2009-07-17 10:35 -------- d-----w- c:\program files\WahOO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 17:36 . 2009-05-30 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-15 17:28 . 2009-05-31 18:16 -------- d-----w- c:\program files\BitComet 2009-08-15 11:03 . 2004-08-20 07:00 619200 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-13 18:47 . 2009-05-30 16:11 -------- d-----w- c:\documents and settings\cath\Application Data\FileZilla 2009-08-06 01:26 . 2009-07-07 06:24 17024 ----a-w- c:\documents and settings\william\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:06 . 2004-08-20 07:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-20 10:21 . 2009-05-30 16:23 17024 ----a-w- c:\documents and settings\cath\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-20 10:11 . 2009-06-16 19:18 -------- d-----w- c:\program files\AnglaisFacile.com 2009-07-18 21:07 . 2009-06-18 04:51 -------- d-----w- c:\documents and settings\william\Application Data\FileZilla 2009-07-18 17:15 . 2009-06-29 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-07-17 18:56 . 2004-08-20 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 09:45 . 2004-08-20 07:01 76574 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-17 09:45 . 2004-08-20 07:01 470278 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-15 14:56 . 2009-07-15 14:56 -------- d-----w- c:\documents and settings\cath\Application Data\NotMyIp 2009-07-15 14:55 . 2009-07-15 14:55 8704 ----a-w- c:\windows\system32\SpOrder.dll 2009-07-14 13:48 . 2009-07-14 13:48 -------- d-----w- c:\program files\Educatifs Joyeux 2009-07-13 00:18 . 2004-08-20 07:01 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-08 21:58 . 2009-07-08 09:59 1878984 ----a-w- c:\documents and settings\cath\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-07-06 16:59 . 2009-07-06 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-07-06 16:45 . 2004-08-20 09:30 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-07-06 16:43 . 2009-07-06 16:43 -------- d-----w- c:\program files\Adobe Media Player 2009-07-06 16:40 . 2009-07-06 16:40 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR 2009-07-06 16:32 . 2009-07-06 16:32 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared 2009-07-06 16:30 . 2009-07-06 09:58 -------- d-----w- c:\program files\UltraVPN 2009-07-06 08:41 . 2009-05-30 15:53 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-05 18:53 . 2009-07-05 18:53 -------- d-----w- c:\program files\EA GAMES 2009-07-05 04:50 . 2009-05-30 15:37 -------- d-----w- c:\documents and settings\cath\Application Data\AdobeUM 2009-07-04 07:45 . 2009-07-04 07:45 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-07-04 07:45 . 2009-07-04 07:45 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-07-04 07:45 . 2009-07-04 07:45 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys 2009-07-04 07:45 . 2009-07-04 07:45 158192 ------w- c:\windows\system32\pxwma.dll 2009-07-03 07:00 . 2009-07-03 06:59 -------- d-----w- c:\program files\PlayFirst 2009-07-03 06:59 . 2009-07-03 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia 2009-06-29 08:20 . 2009-06-29 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR 2009-06-29 08:14 . 2009-05-30 15:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 08:14 . 2009-05-30 15:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-26 16:18 . 2004-08-20 07:01 663552 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2009-04-29 04:52 81920 ------w- c:\windows\system32\ieencode.dll 2009-06-24 18:52 . 2004-08-20 08:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-24 18:52 . 2009-06-24 18:34 -------- d-----w- c:\program files\Carambis 2009-06-23 08:58 . 2009-06-23 08:58 -------- d-----w- c:\program files\Dactylo 2009-06-23 08:46 . 2009-06-23 08:46 766 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\TAP2.exe 2009-06-23 08:46 . 2009-06-23 08:46 766 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\EXEDIT.exe 2009-06-23 08:46 . 2009-06-23 08:46 28672 ----a-r- c:\documents and settings\cath\Application Data\Microsoft\Installer\{9A9AFE08-7245-4DFC-B8AF-C337418BD4E2}\_2116CFD0EC48_4F48_A433_344523B6D78D.exe 2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\william\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-20 15:38 . 2009-06-20 15:38 -------- d-----w- c:\program files\Ashampoo 2009-06-18 19:54 . 2009-06-18 19:53 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-06-18 11:37 . 2009-06-18 11:27 -------- d-----w- c:\documents and settings\cath\Application Data\Azureus 2009-06-18 11:27 . 2009-06-18 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-06-18 11:23 . 2009-06-18 11:23 -------- d-----w- c:\program files\Fichiers communs\i4j_jres 2009-06-17 15:36 . 2009-06-06 15:31 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-06-16 14:54 . 2004-08-20 07:01 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:54 . 2004-08-20 07:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 11:33 . 2004-08-20 07:01 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-14 14:07 . 2009-07-03 13:50 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-06-14 10:37 . 2009-06-14 10:37 159955 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_14_12_36_07_small.dmp.zip 2009-06-10 14:23 . 2004-08-20 07:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:30 . 2004-08-20 07:01 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 07:46 . 2004-08-20 07:12 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-20 07:00 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-06-02 16:11 . 2009-06-18 19:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-05-31 19:54 . 2009-05-31 19:54 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-05-31 19:54 . 2009-05-31 19:54 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-05-31 18:16 . 2009-05-31 18:16 1048576 ----a-w- c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2009-05-30 16:09 . 2009-05-30 16:09 0 ----a-w- c:\windows\nsreg.dat 2009-05-30 15:53 . 2009-05-30 15:53 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-29 21:37 . 2009-06-18 19:53 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-05-29 21:31 . 2009-06-18 19:53 881664 ----a-w- c:\windows\system32\xvidcore.dll . ------- Sigcheck ------- [-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ntfs.sys [-] 2009-08-15 11:03 619200 5D407322AA69AC6E7B17C81B48DEB327 c:\windows\system32\drivers\ntfs.sys c:\windows\system32\appmgmts.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-26 08:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808] "msword98"="c:\documents and settings\cath\msword98.exe" [2009-08-15 26686] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-27 184320] "CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-18 135168] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 643072] "EzButton"="c:\program files\EzButton\EzButton.EXE" [2004-07-07 712704] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248] "ZoomingHook"="c:\windows\System32\ZoomingHook.exe" [2004-07-14 24576] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-04-30 118784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-31 198160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "msword98"="c:\windows\system32\msword98.exe" [2009-08-15 26686] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-02-21 88363] "NDSTray.exe"="NDSTray.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\cath\Menu D‚marrer\Programmes\D‚marrage\ ikowin32.exe [2004-8-5 24064] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-29 08:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Documents and Settings\\william\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\william\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\documents and settings\william\Application Data\Facebook\facebook.exe"= c:\documents and settings\william\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9282:TCP"= 9282:TCP:BitComet 9282 TCP "9282:UDP"= 9282:UDP:BitComet 9282 UDP "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/05/2009 17:53 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/05/2009 17:53 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [30/05/2009 17:53 907032] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [30/05/2009 17:53 298776] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [01/08/2008 00:42 25216] --- Other Services/Drivers In Memory --- *NewlyCreated* - MCHINJDRV *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-51414120-1222227028-1941070343-1007Core.job - c:\documents and settings\william\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 13:10] 2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-51414120-1222227028-1941070343-1007UA.job - c:\documents and settings\william\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 13:10] . - - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeBridge - (no file) . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm FF - ProfilePath - c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\ FF - component: c:\documents and settings\cath\Application Data\Mozilla\Firefox\Profiles\ymo57mvh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-15 19:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\c:\docume~1\cath\LOCALS~1\Temp\ASFWHide" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(576) c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2009-08-15 19:58 ComboFix-quarantined-files.txt 2009-08-15 17:58 Pre-Run: 35 389 734 912 octets libres Post-Run: 36 168 736 768 octets libres 264 --- E O F --- 2009-08-13 01:10
×
×
  • Créer...