ComboFix 08-11-24.01 - Laurence 2008-11-26 16:13:30.1 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.773 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurence\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\fxavx.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
.
2008-11-25 19:30 . 2008-11-25 19:30 <REP> d-------- c:\documents and settings\Laurence\Application Data\MSN6
2008-11-25 19:30 . 2008-11-25 19:30 <REP> d-------- c:\documents and settings\All Users\Application Data\MSN6
2008-11-21 13:51 . 2008-11-21 13:51 <REP> d-------- c:\windows\Tiscali
2008-11-21 13:51 . 2008-11-21 13:51 <REP> d-------- c:\program files\Tiscali_Triway_WiFi
2008-11-15 00:43 . 2008-11-15 00:43 <REP> d-------- c:\documents and settings\Laurence\Application Data\Malwarebytes
2008-11-15 00:43 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 00:43 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 00:42 . 2008-11-15 00:43 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 00:42 . 2008-11-15 00:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-12 10:39 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 10:38 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 07:59 . 2008-11-11 07:59 <REP> d-------- c:\documents and settings\Laurence\Application Data\Teleca
2008-11-10 23:08 . 2008-11-10 23:08 <REP> d-------- c:\documents and settings\Laurence\Application Data\Sony Ericsson
2008-11-10 22:56 . 2008-11-13 11:43 <REP> d-------- c:\program files\Fichiers communs\Teleca Shared
2008-11-10 22:20 . 2008-11-10 22:20 <REP> d-------- c:\program files\Disc2Phone
2008-11-10 22:10 . 2008-11-10 22:10 <REP> d-------- c:\windows\system32\URTTEMP
2008-11-06 11:14 . 2008-11-10 11:02 <REP> d-------- c:\program files\Lx_cats
2008-11-06 11:10 . 2008-11-06 11:10 <REP> d-------- C:\logs
2008-11-06 11:10 . 2007-03-30 23:13 344,064 --a------ c:\windows\system32\lxdjcoin.dll
2008-11-06 11:10 . 2006-05-18 15:47 40,960 --a------ c:\windows\system32\lxdjvs.dll
2008-11-06 11:03 . 2007-01-22 18:53 60 --a------ c:\windows\system32\lxdjrwrd.ini
2008-11-06 11:02 . 2008-11-06 11:09 <REP> d-------- c:\program files\Lexmark 1400 Series
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 15:00 --------- d-----w c:\documents and settings\Laurence\Application Data\skypePM
2008-11-26 15:00 --------- d-----w c:\documents and settings\Laurence\Application Data\Skype
2008-11-25 21:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-25 18:31 --------- d-----w c:\documents and settings\Laurence\Application Data\wsInspector
2008-11-21 08:55 --------- d-----w c:\program files\Opera
2008-11-20 23:33 --------- d-----w c:\program files\eMule
2008-11-13 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-07 08:48 --------- d-----w c:\documents and settings\Laurence\Application Data\dvdcss
2008-11-04 10:05 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-25 16:02 --------- d-----w c:\program files\Ad-aware 6
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-01 14:51 --------- d-----w c:\documents and settings\Laurence\Application Data\AdobeUM
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-02-01 19:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-01-05 20:05 495 ----a-w c:\program files\config_reciprok.ins
2006-12-15 11:42 106 --sha-w c:\program files\desktop.ini
2005-12-20 11:05 50,458 ----a-r c:\program files\LicenseAdobe.htm
2007-03-21 11:30 56 --sh--r c:\windows\system32\355260D9ED.sys
2006-12-06 16:40 56 --sh--r c:\windows\system32\E3C6420EDB.sys
2007-03-23 11:56 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-06 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-12-06 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-12-06 569344]
"avast!"="c:\progra~1\ANTIVI~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMan"="SOUNDMAN.EXE" [2003-03-28 c:\windows\SOUNDMAN.EXE]
"CHotkey"="mHotkey.exe" [2002-05-27 c:\windows\mHotkey.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Laurence\Menu D‚marrer\Programmes\D‚marrage\
hott notes 4.lnk - c:\program files\post it hott notes 4\hottnotes.exe [2007-01-28 1114112]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-06 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-08 110160]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-08 20560]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2008-11-06 99248]
S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2006-12-06 16194]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\Laurence\Bureau\AIRCRA~1\AIRCRA~1.3-W\bin\PEEK5.SYS [2008-09-13 13184]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [2007-03-23 393472]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e030a5a-442a-11dd-88d1-0090f529fc92}]
\Shell\Auto\command - F:\fmt.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fmt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbb36ec0-4916-11dd-88d8-0090f529fc92}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
.
Contenu du dossier 'Tâches planifiées'
2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Laurence\Application Data\Mozilla\Firefox\Profiles\c1qatszg.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.google.fr/.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-26 16:14:34
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Heure de fin: 2008-11-26 16:15:42
ComboFix-quarantined-files.txt 2008-11-26 15:15:02
Avant-CF: 2,614,591,488 octets libres
Après-CF: 4,016,361,472 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
172 --- E O F --- 2008-11-23 18:56:34