OK autant pour moi
ComboFix 08-12-15.01 - Sam 2008-12-15 20:28:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.3071.2641 [GMT 1:00]
Lancé depuis: c:\documents and settings\Sam\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\system32\kavo.exe
c:\windows\system32\kavo0.dll
c:\windows\system32\kavo1.dll
D:\86m2.cmd
D:\9w2.cmd
D:\Autorun.inf
D:\wycgb8.cmd
E:\86m2.cmd
E:\9w2.cmd
E:\Autorun.inf
E:\wycgb8.cmd
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-15 20:29 . 2008-12-15 20:29 0 --a------ c:\windows\ativpsrm.bin
2008-12-15 20:18 . 2008-12-15 20:28 <REP> d-------- c:\documents and settings\Sam\Application Data\Skype
2008-12-15 20:06 . 2008-12-15 20:06 <REP> d-------- c:\program files\Logitech
2008-12-15 20:06 . 2008-12-15 20:06 <REP> d-------- c:\program files\Fichiers communs\Logitech
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 19:26 --------- d-----w c:\documents and settings\Sam\Application Data\SlimBrowser
2008-12-15 19:06 81,920 ------r c:\windows\bwUnin-6.1.4.61-8876480L.exe
2008-12-15 19:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 18:59 315,392 ----a-w c:\windows\HideWin.exe
2008-12-15 18:58 --------- d-----w c:\program files\ATI
2008-12-15 18:57 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-12-15 18:57 --------- d-----w c:\program files\ATI Technologies
2008-12-15 18:47 --------- d-----w c:\documents and settings\Sam\Application Data\Lavasoft
2008-12-15 18:01 108,534 --sh--r C:\bjj3iccf.com
2008-12-15 17:54 --------- d-----w c:\program files\microsoft frontpage
2008-12-15 17:52 --------- d-----w c:\program files\Services en ligne
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2007-08-03 c:\windows\SkyTel.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\ALCWZRD.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-15 169472]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
*Newly Created Service* - ATI_HOTKEY_POLLER
*Newly Created Service* - ATI_SMART
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 20:29:30
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(500)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-15 20:30:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-15 19:30:04
Avant-CF: 11 734 396 928 octets libres
Après-CF: 11,777,138,688 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
112 --- E O F --- 2008-12-15 19:05:06