Résultat du deuxieme scan
Fermé
hermione08
-
19 sept. 2009 à 16:41
hermione08 Messages postés 8 Date d'inscription samedi 19 septembre 2009 Statut Membre Dernière intervention 19 septembre 2009 - 19 sept. 2009 à 22:31
hermione08 Messages postés 8 Date d'inscription samedi 19 septembre 2009 Statut Membre Dernière intervention 19 septembre 2009 - 19 sept. 2009 à 22:31
A voir également:
- Résultat du deuxieme scan
- Deuxieme ecran pc - Guide
- Scan now - Guide
- Utiliser tablette comme deuxieme ecran - Guide
- Lexer resultat - Télécharger - Sport
- Créer un deuxième compte facebook - Guide
7 réponses
BeFaX
Messages postés
14245
Date d'inscription
mercredi 24 décembre 2008
Statut
Contributeur
Dernière intervention
6 août 2013
3 822
19 sept. 2009 à 16:43
19 sept. 2009 à 16:43
Tu dois les supprimer, en principe Malwarebytes' le fait tout seul, non ?
Utilisateur anonyme
19 sept. 2009 à 16:45
19 sept. 2009 à 16:45
Bonjour hermione08
Continue ici:https://forums.commentcamarche.net/forum/affich-14441108-help-trojan-win32-generic#1
@+
Continue ici:https://forums.commentcamarche.net/forum/affich-14441108-help-trojan-win32-generic#1
@+
hermione08
Messages postés
8
Date d'inscription
samedi 19 septembre 2009
Statut
Membre
Dernière intervention
19 septembre 2009
19 sept. 2009 à 17:13
19 sept. 2009 à 17:13
En fait, il en reste quand même...et puis c'est comme s'il se redéployait ailleurs
Re
Reposte ici merci:
https://forums.commentcamarche.net/forum/affich-14441884-resultat-du-deuxieme-scan#2
@+
Reposte ici merci:
https://forums.commentcamarche.net/forum/affich-14441884-resultat-du-deuxieme-scan#2
@+
hermione08
Messages postés
8
Date d'inscription
samedi 19 septembre 2009
Statut
Membre
Dernière intervention
19 septembre 2009
19 sept. 2009 à 17:17
19 sept. 2009 à 17:17
Très juste... J'ai déjà eu affaire à Win32 il y a + de un an....Je n'ai rien réussi à faire...Là je viens de remettre Internet chez moi ET D2CEPTION!!!! Néanmoins, j'ai entre temps décreté qu'il valait mieux chercher de l'aide! C'est déjà le début de la sagesse et une barrière de moins entre la connaissance informatique et moi (à décharge!!)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
hermione08
Messages postés
8
Date d'inscription
samedi 19 septembre 2009
Statut
Membre
Dernière intervention
19 septembre 2009
19 sept. 2009 à 17:28
19 sept. 2009 à 17:28
Rapport GenProc 2.627 [1] - 19/09/2009 à 17:26:57
@ Windows XP Service Pack 2 - Mode normal
@ Internet Explorer (7.0.5730.11) [Navigateur par défaut]
~~ ECHEC DU TELECHARGEMENT DE CM ~~
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:54, on 19/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Mickael_GenProc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [laeriaw] C:\Documents and Settings\Mickael\laeriaw.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: cru629.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\KILLINGNUT LAND\Studio\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
@ Windows XP Service Pack 2 - Mode normal
@ Internet Explorer (7.0.5730.11) [Navigateur par défaut]
~~ ECHEC DU TELECHARGEMENT DE CM ~~
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:54, on 19/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Mickael_GenProc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [laeriaw] C:\Documents and Settings\Mickael\laeriaw.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: cru629.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\KILLINGNUT LAND\Studio\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
BeFaX
Messages postés
14245
Date d'inscription
mercredi 24 décembre 2008
Statut
Contributeur
Dernière intervention
6 août 2013
3 822
19 sept. 2009 à 18:16
19 sept. 2009 à 18:16
Il y a encore ce fichier :
O4 - HKCU\..\Run: [laeriaw] C:\Documents and Settings\Mickael\laeriaw.exe
Il faudrait utiliser CCleaner, partie Démarrage, et supprimer cette clé de démarrage.
Tu redémarre la session, et tu va supprimer ce fichier "C:\Documents and Settings\Mickael\laeriaw.exe"
O4 - HKCU\..\Run: [laeriaw] C:\Documents and Settings\Mickael\laeriaw.exe
Il faudrait utiliser CCleaner, partie Démarrage, et supprimer cette clé de démarrage.
Tu redémarre la session, et tu va supprimer ce fichier "C:\Documents and Settings\Mickael\laeriaw.exe"
hermione08
Messages postés
8
Date d'inscription
samedi 19 septembre 2009
Statut
Membre
Dernière intervention
19 septembre 2009
19 sept. 2009 à 22:31
19 sept. 2009 à 22:31
ComboFix 09-09-18.02 - Mickael 19/09/2009 19:07.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.548 [GMT 2:00]
Lancé depuis: c:\documents and settings\Mickael\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090918-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mickael\autorun.inf
c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-19 au 2009-09-19 ))))))))))))))))))))))))))))))))))))
.
2009-09-19 16:34 . 2009-09-19 16:34 -------- d-----w- c:\program files\CCleaner
2009-09-19 15:13 . 2009-09-19 15:26 -------- d-----w- C:\GenProc
2009-09-19 15:12 . 2009-09-19 15:12 -------- d-----w- c:\documents and settings\Mickael\Downloads
2009-09-19 12:57 . 2009-09-19 12:57 -------- d-----w- c:\documents and settings\Mickael\Application Data\Malwarebytes
2009-09-19 12:56 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 12:56 . 2009-09-19 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 12:56 . 2009-09-19 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-19 12:56 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-19 07:56 . 2009-09-19 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-09-19 02:05 . 2009-09-19 12:55 -------- d-----w- c:\documents and settings\Mickael\Application Data\CheckPoint
2009-09-19 02:04 . 2009-09-19 02:04 -------- d-----w- c:\program files\CheckPoint
2009-09-19 02:04 . 2009-09-19 02:04 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-19 02:04 . 2009-08-26 19:09 72584 ----a-w- c:\windows\zllsputility.exe
2009-09-19 02:04 . 2009-08-26 19:08 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-19 02:04 . 2009-08-26 19:08 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-19 02:03 . 2009-09-19 02:04 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-19 02:03 . 2009-08-26 19:08 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-09-19 02:03 . 2009-09-19 02:03 -------- d-----w- c:\program files\Zone Labs
2009-09-19 02:02 . 2009-09-19 20:06 -------- d-----w- c:\windows\Internet Logs
2009-09-19 01:20 . 2009-09-19 09:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-19 01:20 . 2009-09-19 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 01:10 . 2009-09-19 01:13 -------- d-----w- c:\program files\Registry Winner
2009-09-18 22:48 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-18 22:48 . 2009-09-19 16:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 22:48 . 2009-09-18 23:10 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-18 22:48 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-18 22:48 . 2009-09-18 22:49 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-09-18 22:48 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-18 22:48 . 2009-09-19 08:43 -------- d-----w- c:\program files\Spyware Doctor
2009-09-18 22:48 . 2009-09-18 22:48 -------- d-----w- c:\documents and settings\Mickael\Application Data\PC Tools
2009-09-18 22:48 . 2009-09-18 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-18 16:29 . 2009-09-18 16:29 -------- d-----w- c:\program files\Fichiers communs\TSUninstall
2009-09-18 16:28 . 2009-09-18 23:20 -------- d-----w- c:\program files\TS
2009-09-18 14:36 . 2009-09-18 14:36 75648 ----a-w- c:\windows\system32\drivers\wkatemuduqakn.sys
2009-09-18 10:04 . 2009-09-19 14:40 -------- d-----w- c:\documents and settings\Mickael\Tracing
2009-09-18 10:03 . 2009-09-18 10:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-18 10:02 . 2009-09-18 10:02 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-18 10:02 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-18 09:59 . 2009-09-18 09:59 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-18 09:59 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-18 09:59 . 2009-09-18 09:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-18 09:58 . 2009-09-18 09:58 -------- d-----w- c:\program files\Microsoft
2009-09-18 09:57 . 2009-09-18 09:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-18 09:57 . 2009-09-18 10:02 -------- d-----w- c:\program files\Windows Live
2009-09-18 09:51 . 2009-09-18 09:51 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-04 15:57 . 2009-09-04 15:57 -------- d-----w- c:\program files\Sierra On-Line
2009-09-04 15:57 . 1999-04-22 15:49 231936 ----a-r- c:\windows\system32\SNWValid.dll
2009-09-04 15:57 . 1999-04-22 15:49 1022976 ----a-r- c:\windows\system32\SierraNW.dll
2009-09-04 15:56 . 1998-01-23 10:20 305664 ----a-w- c:\windows\IsUn040c.exe
2009-09-04 15:56 . 2009-09-04 15:56 -------- d-----w- c:\documents and settings\Mickael\WINDOWS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 14:40 . 2008-08-18 19:23 -------- d-----w- c:\program files\UltimateZip
2009-09-18 23:10 . 2009-09-18 23:10 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-18 22:47 . 2009-06-07 23:03 -------- d-----w- c:\documents and settings\Mickael\Application Data\U3
2009-09-18 14:31 . 2001-08-28 18:00 71596 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-18 14:31 . 2001-08-28 18:00 458562 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-18 10:03 . 2008-08-18 20:28 32384 ----a-w- c:\documents and settings\Mickael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 12:09 . 2009-08-03 12:09 -------- d-----w- c:\documents and settings\Mickael\Application Data\Samsung
2009-08-03 12:08 . 2008-08-18 18:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 12:05 . 2009-08-03 12:05 -------- d-----w- c:\program files\Samsung
2009-08-03 12:04 . 2009-08-03 12:04 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-02 17:23 . 2008-08-18 19:31 -------- d-----w- c:\documents and settings\Mickael\Application Data\OpenOffice.org2
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-24 16:31 . 2009-05-17 21:42 -------- d-----w- c:\documents and settings\Pierre\Application Data\OpenOffice.org2
2009-07-23 17:41 . 2008-08-18 19:28 -------- d-----w- c:\documents and settings\Mickael\Application Data\uTorrent
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
.
------- Sigcheck -------
[-] 2005-06-28 . 77C0C5E7D6CFE2052B8CF28B8722F528 . 359808 . . [5.1.2600.2685] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-07-18 . FA7C7C2B461130A792ADF6A28F1D652B . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2007-08-06 . 7C56D56D6BE0760DDF9A37344731BD3F . 3256832 . . [6.00.2900.2527] . . c:\windows\explorer.exe
[-] 2004-11-28 18:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll
c:\windows\system32\drivers\beep.sys ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LClock"="lclock.exe" - c:\windows\LClock.exe [2004-12-08 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-22 1181064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-08-26 1011080]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-08-26 722288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2006-10-27 123904]
c:\documents and settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\Mickael\Menu D‚marrer\Programmes\D‚marrage\
UltimateZip Quick Start.lnk - c:\program files\UltimateZip\uzqkst.exe [2008-8-18 1087488]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-8-18 237568]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/09/2009 00:48 206256]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [18/08/2008 19:42 16896]
R0 vIdeBus;vIdeBus;c:\windows\system32\drivers\vIdeBus.sys [18/08/2008 19:42 15232]
R0 vIdePort;VIA IDE Controller PORT Driver;c:\windows\system32\drivers\vIdePort.sys [18/08/2008 19:42 40192]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [18/08/2008 19:42 52224]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18/08/2008 21:39 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/08/2008 21:39 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/09/2009 12:02 54752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/08/2009 18:20 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/08/2009 18:20 435568]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/09/2009 00:48 348752]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [18/08/2008 21:18 6400]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [31/10/2003 18:22 77312]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\killingnut land\Studio\Common\Database\bin\fbserver.exe --> d:\killingnut land\Studio\Common\Database\bin\fbserver.exe [?]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S4 uwitgtevi;uwitgtevi;c:\windows\system32\drivers\wkatemuduqakn.sys [18/09/2009 16:36 75648]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-laeriaw - c:\documents and settings\Mickael\laeriaw.exe
AddRemove-Age of Mythology 1.0 - d:\erwin\AOM\UNINSTAL.EXE
AddRemove-Age of Mythology Expansion Pack 1.0 - d:\erwin\AOM\UNINSTXP.EXE
AddRemove-Firebird SQL Server US - d:\killingnut land\Studio\Common\Database\unwise.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
AddRemove-MAGIX Screenshare US - d:\killingnut land\Studio\PCVisit\unwise.exe
AddRemove-TS - c:\program files\TS\tsc.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 22:09
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(592)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(648)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Heure de fin: 2009-09-19 22:20
ComboFix-quarantined-files.txt 2009-09-19 20:20
Avant-CF: 23 188 443 136 octets libres
Après-CF: 23 300 214 784 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=oemkrnl.exe
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=oemkrnl.exe
207
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.548 [GMT 2:00]
Lancé depuis: c:\documents and settings\Mickael\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090918-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mickael\autorun.inf
c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-19 au 2009-09-19 ))))))))))))))))))))))))))))))))))))
.
2009-09-19 16:34 . 2009-09-19 16:34 -------- d-----w- c:\program files\CCleaner
2009-09-19 15:13 . 2009-09-19 15:26 -------- d-----w- C:\GenProc
2009-09-19 15:12 . 2009-09-19 15:12 -------- d-----w- c:\documents and settings\Mickael\Downloads
2009-09-19 12:57 . 2009-09-19 12:57 -------- d-----w- c:\documents and settings\Mickael\Application Data\Malwarebytes
2009-09-19 12:56 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 12:56 . 2009-09-19 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 12:56 . 2009-09-19 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-19 12:56 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-19 07:56 . 2009-09-19 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-09-19 02:05 . 2009-09-19 12:55 -------- d-----w- c:\documents and settings\Mickael\Application Data\CheckPoint
2009-09-19 02:04 . 2009-09-19 02:04 -------- d-----w- c:\program files\CheckPoint
2009-09-19 02:04 . 2009-09-19 02:04 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-19 02:04 . 2009-08-26 19:09 72584 ----a-w- c:\windows\zllsputility.exe
2009-09-19 02:04 . 2009-08-26 19:08 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-19 02:04 . 2009-08-26 19:08 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-19 02:03 . 2009-09-19 02:04 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-19 02:03 . 2009-08-26 19:08 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-09-19 02:03 . 2009-09-19 02:03 -------- d-----w- c:\program files\Zone Labs
2009-09-19 02:02 . 2009-09-19 20:06 -------- d-----w- c:\windows\Internet Logs
2009-09-19 01:20 . 2009-09-19 09:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-19 01:20 . 2009-09-19 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 01:10 . 2009-09-19 01:13 -------- d-----w- c:\program files\Registry Winner
2009-09-18 22:48 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-18 22:48 . 2009-09-19 16:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-18 22:48 . 2009-09-18 23:10 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-18 22:48 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-18 22:48 . 2009-09-18 22:49 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2009-09-18 22:48 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-18 22:48 . 2009-09-19 08:43 -------- d-----w- c:\program files\Spyware Doctor
2009-09-18 22:48 . 2009-09-18 22:48 -------- d-----w- c:\documents and settings\Mickael\Application Data\PC Tools
2009-09-18 22:48 . 2009-09-18 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-18 16:29 . 2009-09-18 16:29 -------- d-----w- c:\program files\Fichiers communs\TSUninstall
2009-09-18 16:28 . 2009-09-18 23:20 -------- d-----w- c:\program files\TS
2009-09-18 14:36 . 2009-09-18 14:36 75648 ----a-w- c:\windows\system32\drivers\wkatemuduqakn.sys
2009-09-18 10:04 . 2009-09-19 14:40 -------- d-----w- c:\documents and settings\Mickael\Tracing
2009-09-18 10:03 . 2009-09-18 10:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-18 10:02 . 2009-09-18 10:02 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-18 10:02 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-18 09:59 . 2009-09-18 09:59 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-18 09:59 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-18 09:59 . 2009-09-18 09:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-18 09:58 . 2009-09-18 09:58 -------- d-----w- c:\program files\Microsoft
2009-09-18 09:57 . 2009-09-18 09:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-18 09:57 . 2009-09-18 10:02 -------- d-----w- c:\program files\Windows Live
2009-09-18 09:51 . 2009-09-18 09:51 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-04 15:57 . 2009-09-04 15:57 -------- d-----w- c:\program files\Sierra On-Line
2009-09-04 15:57 . 1999-04-22 15:49 231936 ----a-r- c:\windows\system32\SNWValid.dll
2009-09-04 15:57 . 1999-04-22 15:49 1022976 ----a-r- c:\windows\system32\SierraNW.dll
2009-09-04 15:56 . 1998-01-23 10:20 305664 ----a-w- c:\windows\IsUn040c.exe
2009-09-04 15:56 . 2009-09-04 15:56 -------- d-----w- c:\documents and settings\Mickael\WINDOWS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 14:40 . 2008-08-18 19:23 -------- d-----w- c:\program files\UltimateZip
2009-09-18 23:10 . 2009-09-18 23:10 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-18 22:47 . 2009-06-07 23:03 -------- d-----w- c:\documents and settings\Mickael\Application Data\U3
2009-09-18 14:31 . 2001-08-28 18:00 71596 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-18 14:31 . 2001-08-28 18:00 458562 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-18 10:03 . 2008-08-18 20:28 32384 ----a-w- c:\documents and settings\Mickael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 12:09 . 2009-08-03 12:09 -------- d-----w- c:\documents and settings\Mickael\Application Data\Samsung
2009-08-03 12:08 . 2008-08-18 18:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 12:05 . 2009-08-03 12:05 -------- d-----w- c:\program files\Samsung
2009-08-03 12:04 . 2009-08-03 12:04 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-02 17:23 . 2008-08-18 19:31 -------- d-----w- c:\documents and settings\Mickael\Application Data\OpenOffice.org2
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-24 16:31 . 2009-05-17 21:42 -------- d-----w- c:\documents and settings\Pierre\Application Data\OpenOffice.org2
2009-07-23 17:41 . 2008-08-18 19:28 -------- d-----w- c:\documents and settings\Mickael\Application Data\uTorrent
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
.
------- Sigcheck -------
[-] 2005-06-28 . 77C0C5E7D6CFE2052B8CF28B8722F528 . 359808 . . [5.1.2600.2685] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-07-18 . FA7C7C2B461130A792ADF6A28F1D652B . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2007-08-06 . 7C56D56D6BE0760DDF9A37344731BD3F . 3256832 . . [6.00.2900.2527] . . c:\windows\explorer.exe
[-] 2004-11-28 18:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll
c:\windows\system32\drivers\beep.sys ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LClock"="lclock.exe" - c:\windows\LClock.exe [2004-12-08 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-22 1181064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-08-26 1011080]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-08-26 722288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2006-10-27 123904]
c:\documents and settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\Mickael\Menu D‚marrer\Programmes\D‚marrage\
UltimateZip Quick Start.lnk - c:\program files\UltimateZip\uzqkst.exe [2008-8-18 1087488]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-8-18 237568]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19/09/2009 00:48 206256]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [18/08/2008 19:42 16896]
R0 vIdeBus;vIdeBus;c:\windows\system32\drivers\vIdeBus.sys [18/08/2008 19:42 15232]
R0 vIdePort;VIA IDE Controller PORT Driver;c:\windows\system32\drivers\vIdePort.sys [18/08/2008 19:42 40192]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [18/08/2008 19:42 52224]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18/08/2008 21:39 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/08/2008 21:39 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/09/2009 12:02 54752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/08/2009 18:20 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/08/2009 18:20 435568]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/09/2009 00:48 348752]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [18/08/2008 21:18 6400]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [31/10/2003 18:22 77312]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\killingnut land\Studio\Common\Database\bin\fbserver.exe --> d:\killingnut land\Studio\Common\Database\bin\fbserver.exe [?]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S4 uwitgtevi;uwitgtevi;c:\windows\system32\drivers\wkatemuduqakn.sys [18/09/2009 16:36 75648]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-laeriaw - c:\documents and settings\Mickael\laeriaw.exe
AddRemove-Age of Mythology 1.0 - d:\erwin\AOM\UNINSTAL.EXE
AddRemove-Age of Mythology Expansion Pack 1.0 - d:\erwin\AOM\UNINSTXP.EXE
AddRemove-Firebird SQL Server US - d:\killingnut land\Studio\Common\Database\unwise.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
AddRemove-MAGIX Screenshare US - d:\killingnut land\Studio\PCVisit\unwise.exe
AddRemove-TS - c:\program files\TS\tsc.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 22:09
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(592)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(648)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Heure de fin: 2009-09-19 22:20
ComboFix-quarantined-files.txt 2009-09-19 20:20
Avant-CF: 23 188 443 136 octets libres
Après-CF: 23 300 214 784 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=oemkrnl.exe
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=oemkrnl.exe
207