Win32:agent ADMR
Fermé
vincent62
-
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,j'ai fait comme on me l'a demander de verifier avec combofix et mr yoan ne me supprime plus merci !
ComboFix 09-02-18.01 - TYRION 2009-02-19 21:06:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.646 [GMT 1:00]
Lancé depuis: c:\documents and settings\TYRION\Mes documents\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\taskmgr.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.
2009-02-19 16:35 . 2009-02-19 20:22 <REP> d-------- C:\ToolBar SD
2009-02-19 16:10 . 2009-02-19 17:42 <REP> d-------- C:\rsit
2009-02-19 16:10 . 2009-02-19 20:19 <REP> d-------- c:\program files\trend micro
2009-02-19 15:23 . 2009-02-19 15:23 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 15:23 . 2009-02-19 15:23 <REP> d-------- c:\documents and settings\TYRION\Application Data\Malwarebytes
2009-02-19 15:23 . 2009-02-19 15:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-19 15:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 15:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-18 00:32 . 2009-02-18 00:32 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-18 00:32 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-18 00:31 . 2009-02-18 00:31 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-16 09:44 . 2009-02-16 09:44 <REP> d-------- c:\windows\system32\XPSViewer
2009-02-16 09:44 . 2009-02-16 09:44 <REP> d-------- c:\program files\Reference Assemblies
2009-02-16 09:44 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-16 09:44 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-16 09:44 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-16 09:44 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-16 09:44 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-16 09:44 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-16 09:44 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-11 22:54 . 2009-02-11 22:54 118 --a------ c:\windows\system32\MRT.INI
2009-02-11 14:12 . 2009-02-11 14:12 <REP> d-------- c:\windows\Cache
2009-02-09 18:32 . 2009-02-09 18:32 <REP> d-------- c:\documents and settings\TYRION\Application Data\CyberLink
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-04 17:59 . 2009-02-04 17:59 <REP> d-------- c:\documents and settings\TYRION\Application Data\EPSON
2009-01-27 19:15 . 2009-01-27 19:15 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-01-21 23:18 . 2009-01-21 23:18 <REP> d-------- c:\program files\ImgBurn
2009-01-21 23:18 . 2009-01-21 23:18 <REP> d-------- c:\documents and settings\TYRION\Application Data\ImgBurn
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 17:31 2,864 ----a-w c:\windows\system32\winsock.dll
2009-02-17 23:32 --------- d-----w c:\program files\Windows Live
2009-02-17 23:11 --------- d-----w c:\documents and settings\TYRION\Application Data\Azureus
2009-02-17 23:08 --------- d-----w c:\program files\eMule
2009-02-16 09:44 --------- d-----w c:\program files\Safari
2009-02-14 08:02 --------- d-----w c:\documents and settings\TYRION\Application Data\Apple Computer
2009-02-11 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-27 18:15 --------- d-----w c:\program files\Microsoft
2008-12-28 23:01 --------- d-----w c:\documents and settings\TYRION\Application Data\ArcSoft
2008-12-28 22:56 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2008-12-27 09:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 11:12 --------- d-----w c:\program files\TomTom HOME 2
2008-12-26 11:12 --------- d-----w c:\program files\TomTom HOME
2008-12-26 11:12 --------- d-----w c:\documents and settings\TYRION\Application Data\TomTom
2008-12-26 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom
2008-12-26 11:05 --------- d-----w c:\program files\TomTom DesktopSuite
2008-12-23 21:44 --------- d-----w c:\program files\adslTV
2008-12-23 18:13 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-23 18:13 --------- d-----w c:\program files\Java
2008-12-22 10:51 --------- d-----w c:\documents and settings\TYRION\Application Data\InterVideo
2008-12-22 08:58 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-21 10:52 --------- d-----w c:\documents and settings\TYRION\Application Data\vghd
2008-12-21 10:21 152,904 ----a-w c:\windows\system32\vghd.scr
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 12:30 --------- d-----w c:\program files\Bonjour
2008-12-20 12:29 --------- d-----w c:\program files\iTunes
2008-12-20 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 12:28 --------- d-----w c:\program files\QuickTime
2008-12-20 12:28 --------- d-----w c:\program files\iPod
2008-12-20 12:28 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-20 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-20 12:15 --------- d-----w c:\program files\Apple Software Update
2008-12-20 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-12-20 12:12 --------- d-----w c:\program files\ISL
2008-12-20 11:38 --------- d-----w c:\program files\Fichiers communs\ArcSoft
2008-12-20 11:05 --------- d-----w c:\documents and settings\TYRION\Application Data\Ahead
2008-12-19 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-12-19 18:35 --------- d-----w c:\program files\Vuze
2008-12-19 18:34 --------- d-----w c:\program files\Fichiers communs\i4j_jres
2008-12-19 16:38 --------- d-----w c:\program files\Microsoft Works
2008-12-17 22:49 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2008-12-17 19:56 720,896 ----a-w c:\windows\iun6002ev.exe
2008-12-17 19:55 545,280 ----a-w c:\windows\flashax.exe
2008-12-17 19:55 192,000 ----a-w c:\windows\2Fast 2Furious.scr
2008-12-17 19:55 12,288 ----a-w c:\windows\impborl.dll
2008-12-17 19:43 845,968 ----a-w c:\windows\system32\AI - Series.scr
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-11-09 532480]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2004-11-19 3503616]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE" [2003-09-12 99840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"nwiz"="nwiz.exe" [2004-12-15 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-12-18 184320]
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-12-18 40960]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-17 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-18 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2008-12-17 381312]
S0 nqhhetmm;nqhhetmm;c:\windows\system32\drivers\vrwyxxrn.sys --> c:\windows\system32\drivers\vrwyxxrn.sys [?]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a772c44-d33a-11dd-9557-0060b3db72ba}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ba278c2-cc76-11dd-8eca-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe
.
Contenu du dossier 'Tâches planifiées'
2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Microsft managr - c:\windows\taskmgr.exe
HKLM-Run-Microsft managr - c:\windows\taskmgr.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.neufportail.fr/
mWindow Title =
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 21:07:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-02-19 21:08:03
ComboFix-quarantined-files.txt 2009-02-19 20:07:58
Avant-CF: 33 336 610 816 octets libres
Après-CF: 33,761,624,064 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
185 --- E O F --- 2009-02-16 09:19:03
ComboFix 09-02-18.01 - TYRION 2009-02-19 21:06:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.646 [GMT 1:00]
Lancé depuis: c:\documents and settings\TYRION\Mes documents\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\taskmgr.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.
2009-02-19 16:35 . 2009-02-19 20:22 <REP> d-------- C:\ToolBar SD
2009-02-19 16:10 . 2009-02-19 17:42 <REP> d-------- C:\rsit
2009-02-19 16:10 . 2009-02-19 20:19 <REP> d-------- c:\program files\trend micro
2009-02-19 15:23 . 2009-02-19 15:23 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 15:23 . 2009-02-19 15:23 <REP> d-------- c:\documents and settings\TYRION\Application Data\Malwarebytes
2009-02-19 15:23 . 2009-02-19 15:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-19 15:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 15:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-18 00:32 . 2009-02-18 00:32 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-18 00:32 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-18 00:31 . 2009-02-18 00:31 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-16 09:44 . 2009-02-16 09:44 <REP> d-------- c:\windows\system32\XPSViewer
2009-02-16 09:44 . 2009-02-16 09:44 <REP> d-------- c:\program files\Reference Assemblies
2009-02-16 09:44 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-16 09:44 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-16 09:44 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-16 09:44 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-16 09:44 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-16 09:44 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-16 09:44 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-11 22:54 . 2009-02-11 22:54 118 --a------ c:\windows\system32\MRT.INI
2009-02-11 14:12 . 2009-02-11 14:12 <REP> d-------- c:\windows\Cache
2009-02-09 18:32 . 2009-02-09 18:32 <REP> d-------- c:\documents and settings\TYRION\Application Data\CyberLink
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-04 17:59 . 2009-02-04 17:59 <REP> d-------- c:\documents and settings\TYRION\Application Data\EPSON
2009-01-27 19:15 . 2009-01-27 19:15 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-01-21 23:18 . 2009-01-21 23:18 <REP> d-------- c:\program files\ImgBurn
2009-01-21 23:18 . 2009-01-21 23:18 <REP> d-------- c:\documents and settings\TYRION\Application Data\ImgBurn
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 17:31 2,864 ----a-w c:\windows\system32\winsock.dll
2009-02-17 23:32 --------- d-----w c:\program files\Windows Live
2009-02-17 23:11 --------- d-----w c:\documents and settings\TYRION\Application Data\Azureus
2009-02-17 23:08 --------- d-----w c:\program files\eMule
2009-02-16 09:44 --------- d-----w c:\program files\Safari
2009-02-14 08:02 --------- d-----w c:\documents and settings\TYRION\Application Data\Apple Computer
2009-02-11 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-27 18:15 --------- d-----w c:\program files\Microsoft
2008-12-28 23:01 --------- d-----w c:\documents and settings\TYRION\Application Data\ArcSoft
2008-12-28 22:56 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2008-12-27 09:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 11:12 --------- d-----w c:\program files\TomTom HOME 2
2008-12-26 11:12 --------- d-----w c:\program files\TomTom HOME
2008-12-26 11:12 --------- d-----w c:\documents and settings\TYRION\Application Data\TomTom
2008-12-26 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom
2008-12-26 11:05 --------- d-----w c:\program files\TomTom DesktopSuite
2008-12-23 21:44 --------- d-----w c:\program files\adslTV
2008-12-23 18:13 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-23 18:13 --------- d-----w c:\program files\Java
2008-12-22 10:51 --------- d-----w c:\documents and settings\TYRION\Application Data\InterVideo
2008-12-22 08:58 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-21 10:52 --------- d-----w c:\documents and settings\TYRION\Application Data\vghd
2008-12-21 10:21 152,904 ----a-w c:\windows\system32\vghd.scr
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 12:30 --------- d-----w c:\program files\Bonjour
2008-12-20 12:29 --------- d-----w c:\program files\iTunes
2008-12-20 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 12:28 --------- d-----w c:\program files\QuickTime
2008-12-20 12:28 --------- d-----w c:\program files\iPod
2008-12-20 12:28 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-20 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-20 12:15 --------- d-----w c:\program files\Apple Software Update
2008-12-20 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-12-20 12:12 --------- d-----w c:\program files\ISL
2008-12-20 11:38 --------- d-----w c:\program files\Fichiers communs\ArcSoft
2008-12-20 11:05 --------- d-----w c:\documents and settings\TYRION\Application Data\Ahead
2008-12-19 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-12-19 18:35 --------- d-----w c:\program files\Vuze
2008-12-19 18:34 --------- d-----w c:\program files\Fichiers communs\i4j_jres
2008-12-19 16:38 --------- d-----w c:\program files\Microsoft Works
2008-12-17 22:49 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2008-12-17 19:56 720,896 ----a-w c:\windows\iun6002ev.exe
2008-12-17 19:55 545,280 ----a-w c:\windows\flashax.exe
2008-12-17 19:55 192,000 ----a-w c:\windows\2Fast 2Furious.scr
2008-12-17 19:55 12,288 ----a-w c:\windows\impborl.dll
2008-12-17 19:43 845,968 ----a-w c:\windows\system32\AI - Series.scr
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-11-09 532480]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2004-11-19 3503616]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE" [2003-09-12 99840]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"nwiz"="nwiz.exe" [2004-12-15 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-12-18 184320]
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-12-18 40960]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-17 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-18 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2008-12-17 381312]
S0 nqhhetmm;nqhhetmm;c:\windows\system32\drivers\vrwyxxrn.sys --> c:\windows\system32\drivers\vrwyxxrn.sys [?]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a772c44-d33a-11dd-9557-0060b3db72ba}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ba278c2-cc76-11dd-8eca-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe
.
Contenu du dossier 'Tâches planifiées'
2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Microsft managr - c:\windows\taskmgr.exe
HKLM-Run-Microsft managr - c:\windows\taskmgr.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.neufportail.fr/
mWindow Title =
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 21:07:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-02-19 21:08:03
ComboFix-quarantined-files.txt 2009-02-19 20:07:58
Avant-CF: 33 336 610 816 octets libres
Après-CF: 33,761,624,064 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
185 --- E O F --- 2009-02-16 09:19:03
1 réponse
/!\ DOUBLON /!\
Bonjour,
Tu as déjà ouvert un sujet, merci d'y rester pour obtenir de l'aide : http://www.commentcamarche.net/forum/affich 11136430 win32 agent admr comment peut on le supprime#10
Bonjour,
Tu as déjà ouvert un sujet, merci d'y rester pour obtenir de l'aide : http://www.commentcamarche.net/forum/affich 11136430 win32 agent admr comment peut on le supprime#10
