Rapport Combofix
Dernière réponse : dans Sécurité
Bonjour a tous je vous mets le log suite a l'analyse de Combofix p-e une ame charitable pourrait y jeter un ptit coup d'oeil et me dire si tout est ok ![:)]( ":)")
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 15:26 --------- d-----w C:\Program Files\Winamp
2008-07-08 15:11 --------- d-----w C:\Program Files\CCleaner
2008-07-07 17:35 --------- d-----w C:\Users\Eliott\AppData\Roaming\LimeWire
2008-07-07 15:50 --------- d-----w C:\Program Files\World of Warcraft
2008-07-07 15:08 --------- d-----w C:\Users\Eliott\AppData\Roaming\uTorrent
2008-07-04 15:38 --------- d-----w C:\Program Files\Movies2iPhone
2008-06-23 09:10 --------- d-----w C:\ProgramData\Nero
2008-06-12 09:13 --------- d-----w C:\Program Files\Windows Mail
2008-06-05 13:51 --------- d-----w C:\Users\Eliott\AppData\Roaming\teamspeak2
2008-06-05 13:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-27 18:02 --------- d-----w C:\Users\Eliott\AppData\Roaming\Winamp
2008-05-20 07:30 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 19:38 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 16:14 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-03-24 19:15 174 --sha-w C:\Program Files\desktop.ini
2008-01-29 19:54 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2008-03-15 16:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-15 16:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-15 16:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 09:33 227840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2006-09-19 09:07 827392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E3B10D89-F9C7-4F73-A3F6-2917ADA1E893}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F93BBA47-00AD-4820-93F6-FA47D6BC8B25}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2172D7F7-ACD5-4E9D-834A-1B1345567555}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DCF6B0AB-D645-4D1F-A48E-97F0BA61454B}C:\\users\\eliott\\desktop\\wow-burningcrusade-frfr-installer-downloader.exe"= UDP:C:\users\eliott\desktop\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"UDP Query User{8A6A7817-D176-4D6F-A662-B45EAFF887E1}C:\\users\\eliott\\desktop\\wow-burningcrusade-frfr-installer-downloader.exe"= TCP:C:\users\eliott\desktop\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"{2A05EC0B-028D-4F96-8677-D5A483123EF4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C6105094-16C9-4D3F-B45A-D2AEC2F142E0}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{BF0FA6D9-C2B9-4255-ABE7-A34CC00DB8AE}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{D44F3A6B-2803-4E7D-99E7-842917BE60F9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DEADABA8-5F9D-4AEB-B624-BDF41869C4ED}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6640384A-9343-4298-8B7B-C8DD7F686666}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3D9A6290-A5FC-4602-AC03-C9254ED50EE3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A8A17EAF-159A-4930-92D2-E9DD646151F8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0493C27E-6C71-4571-811C-DF5092DDA651}C:\\starcraft\\starcraft.exe"= UDP:C:\starcraft\starcraft.exe:Starcraft
"UDP Query User{BD92E198-F792-43D6-8C6F-2F6BDDA54AC5}C:\\starcraft\\starcraft.exe"= TCP:C:\starcraft\starcraft.exe:Starcraft
"TCP Query User{2252F70B-4A81-406C-A2B1-68D7FC0A4BD9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{C0859EE5-2AFF-4297-BC2D-C2DA09758E6D}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"{8CB3B12A-5369-4E82-A4C2-C7F5A0CC56AC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0CE06855-0403-41B1-B652-976828FBF580}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{5629E555-D16F-4BD6-A2FC-F6B074EB1F3A}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{C10DE2D9-4A05-4FA2-8D90-272239AC8F65}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{C3F6FFDD-6EE7-4A16-80BB-CAC8AA8288FA}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EDA50E7B-6CC1-4721-A922-D3946DEB01BA}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DF7B0D3A-EC61-4EC2-9E79-F9794A1C5BB3}C:\\users\\eliott\\desktop\\zerg_reveal_final_french_xvid.avi-downloader.exe"= UDP:C:\users\eliott\desktop\zerg_reveal_final_french_xvid.avi-downloader.exe:zerg_reveal_final_french_xvid.avi-downloader.exe
"UDP Query User{BC51169A-7F8B-486A-95A7-3949D8A4686B}C:\\users\\eliott\\desktop\\zerg_reveal_final_french_xvid.avi-downloader.exe"= TCP:C:\users\eliott\desktop\zerg_reveal_final_french_xvid.avi-downloader.exe:zerg_reveal_final_french_xvid.avi-downloader.exe
"{722DA271-E73F-44C4-9C98-79DF1B1926FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{7EE4E379-6F64-48E5-8C4B-8E853CA01E64}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{5E1A951E-B807-4107-A75C-B4922E5C15DA}C:\\users\\eliott\\desktop\\diablo3-cinematictrailer_fr-fr-downloader.exe"= UDP:C:\users\eliott\desktop\diablo3-cinematictrailer_fr-fr-downloader.exe![:D]( ":D")
iablo3-cinematictrailer_fr-fr-downloader.exe
"UDP Query User{E80BD794-C609-4A27-BAD9-82C9DA35A6C0}C:\\users\\eliott\\desktop\\diablo3-cinematictrailer_fr-fr-downloader.exe"= TCP:C:\users\eliott\desktop\diablo3-cinematictrailer_fr-fr-downloader.exe![:D]( ":D")
iablo3-cinematictrailer_fr-fr-downloader.exe
"TCP Query User{4DBA3DAF-C89D-4DC5-8ECE-311FC1179DB4}C:\\users\\eliott\\desktop\\diablo3-cinematictrailer_en-us-downloader.exe"= UDP:C:\users\eliott\desktop\diablo3-cinematictrailer_en-us-downloader.exe![:D]( ":D")
iablo3-cinematictrailer_en-us-downloader.exe
"UDP Query User{65C4F077-EF25-4DE3-A59C-3C49699F1E9B}C:\\users\\eliott\\desktop\\diablo3-cinematictrailer_en-us-downloader.exe"= TCP:C:\users\eliott\desktop\diablo3-cinematictrailer_en-us-downloader.exe![:D]( ":D")
iablo3-cinematictrailer_en-us-downloader.exe
"TCP Query User{E9627C25-E6F0-4393-9322-C0BEE9137C22}C:\\users\\eliott\\desktop\\starcraft2cinematictrailer_englishus-avi-downloader.exe"= UDP:C:\users\eliott\desktop\starcraft2cinematictrailer_englishus-avi-downloader.exe:starcraft2cinematictrailer_englishus-avi-downloader.exe
"UDP Query User{F7FA9CB8-D9FD-4C67-AB01-F4815F5F146E}C:\\users\\eliott\\desktop\\starcraft2cinematictrailer_englishus-avi-downloader.exe"= TCP:C:\users\eliott\desktop\starcraft2cinematictrailer_englishus-avi-downloader.exe:starcraft2cinematictrailer_englishus-avi-downloader.exe
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 06:29]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\Windows\system32\DRIVERS\WlanUZXP.sys [2005-05-14 17:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - D:\ncd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eb02d2a-ce94-11dc-beb9-001a4d5a22ea}]
\shell\Auto\command - Start.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d048cd81-ce90-11dc-a2de-806e6f6e6963}]
\shell\AutoRun\command - D:\Run.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d812c298-1231-11dd-bde2-001a4d5a22ea}]
\shell\AutoRun\command - E:\automenu.exe
*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LSA Shellu - C:\Users\Eliott\lsass.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 18:23:22
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-09 18:24:18
ComboFix-quarantined-files.txt 2008-07-09 16:24:15
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 141,032,828,928 octets libres
135 --- E O F --- 2008-06-25 10:42:52
Merci d'avance j'espere par la suite etre capable de comprend moi meme ce log rgace a votre aide ^^
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 15:26 --------- d-----w C:\Program Files\Winamp
2008-07-08 15:11 --------- d-----w C:\Program Files\CCleaner
2008-07-07 17:35 --------- d-----w C:\Users\Eliott\AppData\Roaming\LimeWire
2008-07-07 15:50 --------- d-----w C:\Program Files\World of Warcraft
2008-07-07 15:08 --------- d-----w C:\Users\Eliott\AppData\Roaming\uTorrent
2008-07-04 15:38 --------- d-----w C:\Program Files\Movies2iPhone
2008-06-23 09:10 --------- d-----w C:\ProgramData\Nero
2008-06-12 09:13 --------- d-----w C:\Program Files\Windows Mail
2008-06-05 13:51 --------- d-----w C:\Users\Eliott\AppData\Roaming\teamspeak2
2008-06-05 13:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-27 18:02 --------- d-----w C:\Users\Eliott\AppData\Roaming\Winamp
2008-05-20 07:30 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 19:38 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 16:14 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-03-24 19:15 174 --sha-w C:\Program Files\desktop.ini
2008-01-29 19:54 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2008-03-15 16:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-15 16:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-15 16:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 09:33 227840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2006-09-19 09:07 827392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E3B10D89-F9C7-4F73-A3F6-2917ADA1E893}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F93BBA47-00AD-4820-93F6-FA47D6BC8B25}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2172D7F7-ACD5-4E9D-834A-1B1345567555}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DCF6B0AB-D645-4D1F-A48E-97F0BA61454B}C:\\users\\eliott\\desktop\\wow-burningcrusade-frfr-installer-downloader.exe"= UDP:C:\users\eliott\desktop\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"UDP Query User{8A6A7817-D176-4D6F-A662-B45EAFF887E1}C:\\users\\eliott\\desktop\\wow-burningcrusade-frfr-installer-downloader.exe"= TCP:C:\users\eliott\desktop\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"{2A05EC0B-028D-4F96-8677-D5A483123EF4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C6105094-16C9-4D3F-B45A-D2AEC2F142E0}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{BF0FA6D9-C2B9-4255-ABE7-A34CC00DB8AE}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{D44F3A6B-2803-4E7D-99E7-842917BE60F9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DEADABA8-5F9D-4AEB-B624-BDF41869C4ED}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6640384A-9343-4298-8B7B-C8DD7F686666}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3D9A6290-A5FC-4602-AC03-C9254ED50EE3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A8A17EAF-159A-4930-92D2-E9DD646151F8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0493C27E-6C71-4571-811C-DF5092DDA651}C:\\starcraft\\starcraft.exe"= UDP:C:\starcraft\starcraft.exe:Starcraft
"UDP Query User{BD92E198-F792-43D6-8C6F-2F6BDDA54AC5}C:\\starcraft\\starcraft.exe"= TCP:C:\starcraft\starcraft.exe:Starcraft
"TCP Query User{2252F70B-4A81-406C-A2B1-68D7FC0A4BD9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{C0859EE5-2AFF-4297-BC2D-C2DA09758E6D}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"{8CB3B12A-5369-4E82-A4C2-C7F5A0CC56AC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0CE06855-0403-41B1-B652-976828FBF580}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{5629E555-D16F-4BD6-A2FC-F6B074EB1F3A}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{C10DE2D9-4A05-4FA2-8D90-272239AC8F65}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{C3F6FFDD-6EE7-4A16-80BB-CAC8AA8288FA}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EDA50E7B-6CC1-4721-A922-D3946DEB01BA}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DF7B0D3A-EC61-4EC2-9E79-F9794A1C5BB3}C:\\users\\eliott\\desktop\\zerg_reveal_final_french_xvid.avi-downloader.exe"= UDP:C:\users\eliott\desktop\zerg_reveal_final_french_xvid.avi-downloader.exe:zerg_reveal_final_french_xvid.avi-downloader.exe
"UDP Query User{BC51169A-7F8B-486A-95A7-3949D8A4686B}C:\\users\\eliott\\desktop\\zerg_reveal_final_french_xvid.avi-downloader.exe"= TCP:C:\users\eliott\desktop\zerg_reveal_final_french_xvid.avi-downloader.exe:zerg_reveal_final_french_xvid.avi-downloader.exe
"{722DA271-E73F-44C4-9C98-79DF1B1926FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{7EE4E379-6F64-48E5-8C4B-8E853CA01E64}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{5E1A951E-B807-4107-A75C-B4922E5C15DA}C:\\users\\eliott\\desktop\\diablo3-cinematictrailer_fr-fr-downloader.exe"= UDP:C:\users\eliott\desktop\diablo3-cinematictrailer_fr-fr-downloader.exe
iablo3-cinematictrailer_fr-fr-downloader.exe"UDP Query User{E80BD794-C609-4A27-BAD9-82C9DA35A6C0}C:\\users\\eliott\\desktop\\diablo3-cinematictrailer_fr-fr-downloader.exe"= TCP:C:\users\eliott\desktop\diablo3-cinematictrailer_fr-fr-downloader.exe
iablo3-cinematictrailer_fr-fr-downloader.exe"TCP Query User{4DBA3DAF-C89D-4DC5-8ECE-311FC1179DB4}C:\\users\\eliott\\desktop\\diablo3-cinematictrailer_en-us-downloader.exe"= UDP:C:\users\eliott\desktop\diablo3-cinematictrailer_en-us-downloader.exe
iablo3-cinematictrailer_en-us-downloader.exe"UDP Query User{65C4F077-EF25-4DE3-A59C-3C49699F1E9B}C:\\users\\eliott\\desktop\\diablo3-cinematictrailer_en-us-downloader.exe"= TCP:C:\users\eliott\desktop\diablo3-cinematictrailer_en-us-downloader.exe
iablo3-cinematictrailer_en-us-downloader.exe"TCP Query User{E9627C25-E6F0-4393-9322-C0BEE9137C22}C:\\users\\eliott\\desktop\\starcraft2cinematictrailer_englishus-avi-downloader.exe"= UDP:C:\users\eliott\desktop\starcraft2cinematictrailer_englishus-avi-downloader.exe:starcraft2cinematictrailer_englishus-avi-downloader.exe
"UDP Query User{F7FA9CB8-D9FD-4C67-AB01-F4815F5F146E}C:\\users\\eliott\\desktop\\starcraft2cinematictrailer_englishus-avi-downloader.exe"= TCP:C:\users\eliott\desktop\starcraft2cinematictrailer_englishus-avi-downloader.exe:starcraft2cinematictrailer_englishus-avi-downloader.exe
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 06:29]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\Windows\system32\DRIVERS\WlanUZXP.sys [2005-05-14 17:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - D:\ncd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eb02d2a-ce94-11dc-beb9-001a4d5a22ea}]
\shell\Auto\command - Start.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d048cd81-ce90-11dc-a2de-806e6f6e6963}]
\shell\AutoRun\command - D:\Run.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d812c298-1231-11dd-bde2-001a4d5a22ea}]
\shell\AutoRun\command - E:\automenu.exe
*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LSA Shellu - C:\Users\Eliott\lsass.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 18:23:22
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-09 18:24:18
ComboFix-quarantined-files.txt 2008-07-09 16:24:15
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 141,032,828,928 octets libres
135 --- E O F --- 2008-06-25 10:42:52
Merci d'avance j'espere par la suite etre capable de comprend moi meme ce log rgace a votre aide ^^
Autres pages sur : rapport combofix
Lassé par la pub ? Créez un compte
Pas tant de problémes que ca juste quelques petits pop up indésirable mais sinon tout va bien ^^
il y avait juste cette ligne sur laquelle je me posais des questions : HKCU-Run-LSA Shellu - C:\Users\Eliott\lsass.exe
lsass.exe dans mes documents c'est generalement pas tres bon.
Je vous remercie d'avoir regarder mon log et je suis tres content de ce forum une reponse rapide des gens prets a vous aider je pense je vais venir vous voir plus souvent ^^
il y avait juste cette ligne sur laquelle je me posais des questions : HKCU-Run-LSA Shellu - C:\Users\Eliott\lsass.exe
lsass.exe dans mes documents c'est generalement pas tres bon.
Je vous remercie d'avoir regarder mon log et je suis tres content de ce forum une reponse rapide des gens prets a vous aider je pense je vais venir vous voir plus souvent ^^
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumRapport combofix attaques chevaux de troie
- ForumInterpretation d'un rapport combofix
- ForumEnvoi rapport combofix pour analyse
- ForumTr crypt.zpack rapport combofix
- ForumJ'ai enfin mon rapport combofix
- ForumSecurity tool interpretation rapport combofix
- ForumRapport combofix et hijackthis uc100
- downloadRapport, combofix
- ForumAnalyse rapport combofix
- ForumRapport combofix a interpretter, svp
- Voir plus
