nico-81 : Qu'est ce que je fais avec les éléments que tu m'as cité ??
ep44 : Voici le rapport Combofix :
ComboFix 08-09-28.05 - TIBO 2008-09-30 21:10:35.1 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.174 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\TIBO\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\admintxt.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\windowsupdate.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.
2008-09-27 00:27 . 2008-09-27 00:27 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-27 00:27 . 2008-09-27 00:27 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-27 00:27 . 2008-09-27 00:27 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-27 00:24 . 2008-09-27 00:24 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-27 00:16 . 2008-09-27 00:16 <REP> d-------- C:\WINDOWS\EHome
2008-09-26 23:13 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-08-14 20:52 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-16 21:45 113,888 ----a-w C:\Documents and Settings\TIBO\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-17 67128]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 217088]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [2005-07-13 C:\WINDOWS\system32\SiSPower.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37026:TCP"= 37026:TCP:PORT_37026
"9906:TCP"= 9906:TCP:PORT_9906
"29360:TCP"= 29360:TCP:PORT_29360
"63363:TCP"= 63363:TCP:PORT_63363
"24071:TCP"= 24071:TCP:PORT_24071
"31660:TCP"= 31660:TCP:PORT_31660
"55884:TCP"= 55884:TCP:PORT_55884
"39151:TCP"= 39151:TCP:PORT_39151
"35797:TCP"= 35797:TCP:PORT_35797
"47600:TCP"= 47600:TCP:PORT_47600
"16250:TCP"= 16250:TCP:PORT_16250
"33037:TCP"= 33037:TCP:PORT_33037
"11125:TCP"= 11125:TCP:PORT_11125
"10178:TCP"= 10178:TCP:PORT_10178
"8468:TCP"= 8468:TCP:PORT_8468
"42803:TCP"= 42803:TCP:PORT_42803
"57946:TCP"= 57946:TCP:PORT_57946
"7830:TCP"= 7830:TCP:PORT_7830
"46356:TCP"= 46356:TCP:PORT_46356
"57216:TCP"= 57216:TCP:PORT_57216
"7063:TCP"= 7063:TCP:PORT_7063
"44149:TCP"= 44149:TCP:PORT_44149
"7703:TCP"= 7703:TCP:PORT_7703
"57735:TCP"= 57735:TCP:PORT_57735
"21172:TCP"= 21172:TCP:PORT_21172
"58681:TCP"= 58681:TCP:PORT_58681
"55757:TCP"= 55757:TCP:PORT_55757
"59110:TCP"= 59110:TCP:PORT_59110
"6418:TCP"= 6418:TCP:PORT_6418
"38221:TCP"= 38221:TCP:PORT_38221
"48256:TCP"= 48256:TCP:PORT_48256
"63055:TCP"= 63055:TCP:PORT_63055
"37035:TCP"= 37035:TCP:PORT_37035
"21790:TCP"= 21790:TCP:PORT_21790
"44156:TCP"= 44156:TCP:PORT_44156
"31615:TCP"= 31615:TCP:PORT_31615
"19613:TCP"= 19613:TCP:PORT_19613
"29320:TCP"= 29320:TCP:PORT_29320
"34091:TCP"= 34091:TCP:PORT_34091
"32178:TCP"= 32178:TCP:PORT_32178
"28031:TCP"= 28031:TCP:PORT_28031
"17036:TCP"= 17036:TCP:PORT_17036
"42633:TCP"= 42633:TCP:PORT_42633
"53005:TCP"= 53005:TCP:PORT_53005
"48352:TCP"= 48352:TCP:PORT_48352
"31614:TCP"= 31614:TCP:PORT_31614
"15032:TCP"= 15032:TCP:PORT_15032
"12203:TCP"= 12203:TCP:PORT_12203
"38211:TCP"= 38211:TCP:PORT_38211
"42450:TCP"= 42450:TCP:PORT_42450
"12131:TCP"= 12131:TCP:PORT_12131
"44691:TCP"= 44691:TCP:PORT_44691
"7150:TCP"= 7150:TCP:PORT_7150
"40665:TCP"= 40665:TCP:PORT_40665
"44216:TCP"= 44216:TCP:PORT_44216
"10241:TCP"= 10241:TCP:PORT_10241
"57363:TCP"= 57363:TCP:PORT_57363
"34468:TCP"= 34468:TCP:PORT_34468
"35353:TCP"= 35353:TCP:PORT_35353
"24611:TCP"= 24611:TCP:PORT_24611
"53793:TCP"= 53793:TCP:PORT_53793
"31736:TCP"= 31736:TCP:PORT_31736
"33800:TCP"= 33800:TCP:PORT_33800
"63135:TCP"= 63135:TCP:PORT_63135
"17676:TCP"= 17676:TCP:PORT_17676
"60696:TCP"= 60696:TCP:PORT_60696
"42181:TCP"= 42181:TCP:PORT_42181
"21620:TCP"= 21620:TCP:PORT_21620
"12887:TCP"= 12887:TCP:PORT_12887
"38578:TCP"= 38578:TCP:PORT_38578
"47010:TCP"= 47010:TCP:PORT_47010
"65093:TCP"= 65093:TCP:PORT_65093
"14173:TCP"= 14173:TCP:PORT_14173
"49253:TCP"= 49253:TCP:PORT_49253
"23543:TCP"= 23543:TCP:PORT_23543
"6071:TCP"= 6071:TCP:PORT_6071
"9383:TCP"= 9383:TCP:PORT_9383
"10093:TCP"= 10093:TCP:PORT_10093
"51629:TCP"= 51629:TCP:PORT_51629
"16691:TCP"= 16691:TCP:PORT_16691
"38785:TCP"= 38785:TCP:PORT_38785
"12615:TCP"= 12615:TCP:PORT_12615
"38973:TCP"= 38973:TCP:PORT_38973
"45725:TCP"= 45725:TCP:PORT_45725
"24635:TCP"= 24635:TCP:PORT_24635
"36719:TCP"= 36719:TCP:PORT_36719
"41449:TCP"= 41449:TCP:PORT_41449
"26434:TCP"= 26434:TCP:PORT_26434
"13246:TCP"= 13246:TCP:PORT_13246
"17943:TCP"= 17943:TCP:PORT_17943
"47866:TCP"= 47866:TCP:PORT_47866
"44203:TCP"= 44203:TCP:PORT_44203
"49859:TCP"= 49859:TCP:PORT_49859
"50504:TCP"= 50504:TCP:PORT_50504
"15621:TCP"= 15621:TCP:PORT_15621
"7750:TCP"= 7750:TCP:PORT_7750
"29538:TCP"= 29538:TCP:PORT_29538
"55363:TCP"= 55363:TCP:PORT_55363
"32677:TCP"= 32677:TCP:PORT_32677
"42840:TCP"= 42840:TCP:PORT_42840
"40328:TCP"= 40328:TCP:PORT_40328
"22470:TCP"= 22470:TCP:PORT_22470
"14708:TCP"= 14708:TCP:PORT_14708
"8313:TCP"= 8313:TCP:PORT_8313
"55146:TCP"= 55146:TCP:PORT_55146
"18525:TCP"= 18525:TCP:PORT_18525
"58700:TCP"= 58700:TCP:PORT_58700
"9228:TCP"= 9228:TCP:PORT_9228
"26342:TCP"= 26342:TCP:PORT_26342
"26316:TCP"= 26316:TCP:PORT_26316
"51737:TCP"= 51737:TCP:PORT_51737
"48883:TCP"= 48883:TCP:PORT_48883
"45615:TCP"= 45615:TCP:PORT_45615
"62804:TCP"= 62804:TCP:PORT_62804
"39745:TCP"= 39745:TCP:PORT_39745
"10391:TCP"= 10391:TCP:PORT_10391
"7771:TCP"= 7771:TCP:PORT_7771
"58455:TCP"= 58455:TCP:PORT_58455
"36353:TCP"= 36353:TCP:PORT_36353
"28431:TCP"= 28431:TCP:@xpsp2res.dll,-22005
"26257:TCP"= 26257:TCP:@xpsp2res.dll,-22005
"13345:TCP"= 13345:TCP:@xpsp2res.dll,-22005
"13512:TCP"= 13512:TCP:@xpsp2res.dll,-22005
"29289:TCP"= 29289:TCP:@xpsp2res.dll,-22005
"14939:TCP"= 14939:TCP:@xpsp2res.dll,-22005
"23318:TCP"= 23318:TCP:@xpsp2res.dll,-22005
"30769:TCP"= 30769:TCP:@xpsp2res.dll,-22005
"19236:TCP"= 19236:TCP:@xpsp2res.dll,-22005
"30433:TCP"= 30433:TCP:@xpsp2res.dll,-22005
"31686:TCP"= 31686:TCP:@xpsp2res.dll,-22005
"20564:TCP"= 20564:TCP:@xpsp2res.dll,-22005
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\TIBO\LOCALS~1\Temp\DMSKSSRh.sys [ ]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-MSI Installer - C:\WINDOWS\system32\SSL.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\TIBO\Application Data\Mozilla\Firefox\Profiles\2971flnp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 21:12:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-30 21:12:52
ComboFix-quarantined-files.txt 2008-09-30 19:12:52
Avant-CF: 48ÿ883ÿ040ÿ256 octets libres
Après-CF: 48,993,566,720 octets libres
274 --- E O F --- 2008-09-27 17:03:22
Anti virus gratuit
