Sujet Précédent Sujet Suivant

LOG COMBOFIX HELP

Fermé
flotekno Messages postés 10 Date d'inscription mardi 15 juillet 2008 Statut Membre Dernière intervention 26 juillet 2008 - 25 juil. 2008 à 17:50
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 25 juil. 2008 à 18:59
Bonjour,

Voici le nouveau log combofix,

ComboFix 08-07-15.4 - Flo 2008-07-25 17:11:41.8 - NTFSx86
Endroit: C:\Documents and Settings\Flo\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Flo\Bureau\CFScript.txt

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\curr_ver.tmp
F:\AdobeR.exe
F:\AdobeR.exe e
M:\AdobeR.exe
M:\AdobeR.exe e
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))))))))
.

2008-07-24 01:54 . 2008-07-24 01:55 <REP> d-------- C:\Program Files\Trojan Remover
2008-07-24 01:54 . 2008-07-24 01:54 <REP> d-------- C:\Documents and Settings\Flo\Application Data\Simply Super Software
2008-07-24 01:54 . 2008-07-24 01:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-24 01:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-24 01:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-24 01:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-24 01:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-24 01:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-22 13:52 . 2008-07-22 13:52 <REP> d-------- C:\Deckard
2008-07-20 20:02 . 2008-04-14 04:34 70,656 --a------ C:\WINDOWS\system32\notepad.exe
2008-07-20 20:02 . 2008-04-14 04:34 70,656 --a------ C:\WINDOWS\system32\dllcache\notepad.exe
2008-07-19 19:08 . 2008-07-19 19:08 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-07-19 19:08 . 2004-04-10 09:42 2,944 --a------ C:\WINDOWS\system32\mbmiodrvr.sys
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-18 03:37 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-18 03:32 . 2008-07-18 03:37 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 03:23 . 2008-07-18 03:23 <REP> d-------- C:\WINDOWS\EHome
2008-07-18 03:11 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-07-18 03:11 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-07-18 03:11 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-07-18 03:11 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-18 02:46 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-18 02:34 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-18 02:34 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 02:34 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-18 02:34 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 02:34 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 01:48 . 2008-07-18 01:48 <REP> d-------- C:\Program Files\Avira
2008-07-18 01:48 . 2008-07-18 01:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-15 23:56 . 2008-07-15 23:56 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Documents and Settings\Flo\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-15 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 23:48 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 23:48 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 19:15 . 2008-07-15 19:15 <REP> d-------- C:\Program Files\Trend Micro
2008-07-15 19:15 . 2008-07-24 03:15 <REP> d-------- C:\HijackThis
2008-07-15 01:19 . 2008-07-15 22:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-15 01:07 . 2008-07-15 01:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 01:03 . 2008-07-15 01:03 <REP> d-------- C:\Program Files\Yahoo!
2008-07-15 01:03 . 2008-07-15 01:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-14 20:49 . 2008-07-14 20:49 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Lavasoft
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Voisinage réseau
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Voisinage d'impression
2008-07-14 20:43 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur.BASSQUIKNET\Modèles
2008-07-14 20:43 . 2004-08-20 11:42 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Mes documents
2008-07-14 20:43 . 2004-08-20 11:30 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Menu Démarrer
2008-07-14 20:43 . 2005-06-21 09:35 <REP> dr------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Favoris
2008-07-14 20:43 . 2005-06-21 09:36 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Bureau
2008-07-14 20:43 . 2005-06-21 09:36 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\You've Got Pictures Screensaver
2008-07-14 20:43 . 2005-06-21 09:39 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Symantec
2008-07-14 20:43 . 2005-06-21 09:43 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Jasc Software Inc
2008-07-14 20:43 . 2005-06-21 09:29 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET\Application Data\Intel
2008-07-14 20:43 . 2008-07-14 20:43 <REP> d-------- C:\Documents and Settings\Administrateur.BASSQUIKNET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 22:26 --------- d-----w C:\Program Files\RamBoost XP
2008-07-14 21:58 --------- d-----w C:\Program Files\Hitman Pro
2008-07-14 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 02:01 --------- d-----w C:\Program Files\Orange
2008-05-27 15:05 --------- d-----w C:\Program Files\OpenOffice.org1.1.1
2006-02-06 23:36 21 ----a-w C:\Program Files\AVPersonalAVWIN.INI
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 04:34 172544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-03 12:42:22 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

[HKLM\~\startupfolder\^LuResult.txt]
path=\LuResult.txt
backup=C:\WINDOWS\pss\LuResult.txtCommon Startup

[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
backup=C:\WINDOWS\pss\NTUSER.DATCommon Startup

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=C:\WINDOWS\pss\ntuser.dat.LOGCommon Startup

[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=C:\WINDOWS\pss\ntuser.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 17:33 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2004-09-15 02:01 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
--a------ 2005-02-02 06:00 98304 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-02-15 16:02 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-02-15 16:02 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 15:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\m6]
--a------ 2007-07-24 11:13 1444352 C:\Program Files\M6Video\M6video.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
--a------ 2005-09-20 19:17 155648 C:\WINDOWS\system32\mafwTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-08-20 12:47 1912832 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAWATCH]
--------- 2004-08-11 12:04 20480 C:\PROGRA~1\Orange\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 09:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-03 01:51 98304 C:\WINDOWS\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBoostXp]
--a------ 2004-03-09 23:48 1542144 C:\Program Files\RamBoost XP\rambxpfr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-07-22 14:13 909392 C:\Program Files\Trojan Remover\Trjscan.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\M6Video\\M6video.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8443:TCP"= 8443:TCP:serveur du shop
"18048:TCP"= 18048:TCP:NortonAV

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10:22]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:34]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6eb115e-f86c-11dc-94ba-0013ce10a862}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-09-08 11:07:50 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 17:21:09
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Temps d'accomplissement: 2008-07-25 17:28:05
ComboFix-quarantined-files.txt 2008-07-25 15:26:33
ComboFix2.txt 2008-07-25 14:38:53
ComboFix3.txt 2008-07-25 14:03:24
ComboFix4.txt 2008-07-25 01:56:42
ComboFix5.txt 2008-07-25 15:08:42

Pre-Run: 4,201,938,944 octets libres
Post-Run: 4,186,783,744 octets libres

203


Si vous avez des idées.

Merci.

Flo.

1 réponse

Réponse 1 / 1
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
25 juil. 2008 à 18:59
Salut,

Voilà par quoi t'es infecté :
http://www.malekal.com/Worm.Win32.RJump.a.php
0

Discussions similaires

TI college plus (calculatrice probleme)
help39 -
Whismeril -

3 réponses
logs freebox serveur
cocopops -
lemassykoi -

3 réponses
comment taper log10 sur une TI83plus.fr ?
FFFred -
FFFred -

2 réponses
Peut on supprimer les fichiers du dossier Log sans risque
Benji -
Benji -

4 réponses
Caluculatrice Ti Collège
Lami2toi -
Lami2toi -

4 réponses