Probleme de rundll
Résolu/Fermé
yannlekorrigan
Messages postés
9
Date d'inscription
samedi 1 mars 2008
Statut
Membre
Dernière intervention
3 mars 2008
-
2 mars 2008 à 16:58
yannlekorrigan Messages postés 9 Date d'inscription samedi 1 mars 2008 Statut Membre Dernière intervention 3 mars 2008 - 3 mars 2008 à 14:09
yannlekorrigan Messages postés 9 Date d'inscription samedi 1 mars 2008 Statut Membre Dernière intervention 3 mars 2008 - 3 mars 2008 à 14:09
7 réponses
Utilisateur anonyme
2 mars 2008 à 20:36
2 mars 2008 à 20:36
bonsoir il y a beaucoup de reste de virus et un encore actif fait ceci
Télécharges ComboFix à partir d'un de ces liens :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Télécharges ComboFix à partir d'un de ces liens :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
yannlekorrigan
Messages postés
9
Date d'inscription
samedi 1 mars 2008
Statut
Membre
Dernière intervention
3 mars 2008
2 mars 2008 à 21:18
2 mars 2008 à 21:18
merci M.L King
voici le rapport
ComboFix 08-03-01.3 - la mafieuse 2008-03-02 20:53:44.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.57 [GMT 1:00]
Endroit: C:\Documents and Settings\la mafieuse\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-03-02 18:18 . 2008-03-02 18:18 <REP> d-------- C:\Program Files\Uniblue
2008-03-02 18:18 . 2008-03-02 18:18 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Uniblue
2008-03-02 17:47 . 2008-03-02 17:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-03-02 17:39 . 2008-03-02 17:49 <REP> d-------- C:\Program Files\PowerArchiver
2008-03-02 16:57 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-02 16:57 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-02 16:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-02 16:57 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-02 13:21 . 2008-03-02 13:21 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-03-01 15:43 . 2008-03-01 15:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 11:22 . 2008-02-29 11:22 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Grisoft
2008-02-29 11:21 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-29 11:20 . 2008-02-29 11:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-29 10:55 . 2008-02-29 11:13 <REP> d-------- C:\Program Files\RegCleaner
2008-02-29 10:27 . 2008-03-02 21:02 552,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-29 10:27 . 2008-03-02 21:01 7,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 10:21 . 2008-02-29 10:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-29 10:20 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-29 10:20 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-29 10:20 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-29 10:18 . 2008-02-29 10:21 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-29 10:18 . 2008-02-29 10:18 <REP> d-------- C:\Program Files\Zone Labs
2008-02-29 10:18 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-29 10:17 . 2008-03-02 21:04 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-29 00:32 . 2008-02-29 00:32 700 --ah----- C:\aaw7boot.cmd
2008-02-28 23:43 . 2008-02-28 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-28 23:38 . 2008-02-28 23:57 <REP> d-------- C:\Program Files\Lavasoft
2008-02-28 23:05 . 2008-02-28 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-28 21:58 . 2008-03-01 16:31 99,450 --a------ C:\WINDOWS\BMdb2f3472.xml
2008-02-28 21:58 . 2008-03-01 16:09 22 --a------ C:\WINDOWS\pskt.ini
2008-02-28 21:41 . 2008-02-28 21:41 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 20:01 154,112 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-02 20:01 1,374,208 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-01 15:55 1,352,704 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-28 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-02-06 12:55 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\AdobeUM
2008-01-26 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 11:19 --------- d-----w C:\Program Files\Micro Application
2008-01-23 17:13 --------- d-----w C:\Program Files\Ahead
2008-01-23 11:00 --------- d-----w C:\Program Files\Google
2008-01-10 12:05 --------- d-----w C:\Program Files\Disc2Phone
2008-01-09 16:48 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\Apple Computer
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2005-07-16 08:38 125 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\la mafieuse\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\Default User\user.bat
.
------- Sigcheck -------
0e32ca931db10f6852ee25c7ccd4d8bf C:\WINDOWS\explorer.exe
----a-w 1,036,288 2004-12-03 16:12:56 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:22:28 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34EC78FA-B485-4EBE-9ACB-086F74F660C2}]
C:\WINDOWS\system32\vtssp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD9FCEB-3130-472A-B9D3-8D052F425E6D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dce83648-50ec-4827-b6e0-785c3c9ba77e}]
C:\WINDOWS\system32\jeevsdax.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 11:10 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"LClock"="lclock.exe" [2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2008-01-24 18:36 141352]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-02-01 10:51 1885464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe" [2004-03-02 12:59 24576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"BMdb2f3472"="C:\WINDOWS\system32\rpyqroqd.dll" [ ]
"d81c07ee"="C:\WINDOWS\system32\kqdyvfie.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2002-12-22 13:56 2176]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbc]
iifedbc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1350:UDP"= 1350:UDP:Windows Media Format SDK (iexplore.exe)
"1351:UDP"= 1351:UDP:Windows Media Format SDK (iexplore.exe)
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-12-19 19:23]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:55]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2005-12-19 19:23]
S2 PASSRV;Panda Antispam Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe [2005-12-19 19:23]
S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee957d1-c9d2-11dc-ba3a-0008022ca65a}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-10 13:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 21:04:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 21:13:53 - machine was rebooted
ComboFix2.txt 2008-03-02 12:35:51
voici le rapport
ComboFix 08-03-01.3 - la mafieuse 2008-03-02 20:53:44.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.57 [GMT 1:00]
Endroit: C:\Documents and Settings\la mafieuse\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-03-02 18:18 . 2008-03-02 18:18 <REP> d-------- C:\Program Files\Uniblue
2008-03-02 18:18 . 2008-03-02 18:18 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Uniblue
2008-03-02 17:47 . 2008-03-02 17:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-03-02 17:39 . 2008-03-02 17:49 <REP> d-------- C:\Program Files\PowerArchiver
2008-03-02 16:57 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-02 16:57 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-02 16:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-02 16:57 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-02 13:21 . 2008-03-02 13:21 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-03-01 15:43 . 2008-03-01 15:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 11:22 . 2008-02-29 11:22 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Grisoft
2008-02-29 11:21 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-29 11:20 . 2008-02-29 11:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-29 10:55 . 2008-02-29 11:13 <REP> d-------- C:\Program Files\RegCleaner
2008-02-29 10:27 . 2008-03-02 21:02 552,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-29 10:27 . 2008-03-02 21:01 7,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 10:21 . 2008-02-29 10:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-29 10:20 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-29 10:20 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-29 10:20 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-29 10:18 . 2008-02-29 10:21 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-29 10:18 . 2008-02-29 10:18 <REP> d-------- C:\Program Files\Zone Labs
2008-02-29 10:18 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-29 10:17 . 2008-03-02 21:04 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-29 00:32 . 2008-02-29 00:32 700 --ah----- C:\aaw7boot.cmd
2008-02-28 23:43 . 2008-02-28 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-28 23:38 . 2008-02-28 23:57 <REP> d-------- C:\Program Files\Lavasoft
2008-02-28 23:05 . 2008-02-28 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-28 21:58 . 2008-03-01 16:31 99,450 --a------ C:\WINDOWS\BMdb2f3472.xml
2008-02-28 21:58 . 2008-03-01 16:09 22 --a------ C:\WINDOWS\pskt.ini
2008-02-28 21:41 . 2008-02-28 21:41 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 20:01 154,112 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-02 20:01 1,374,208 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-01 15:55 1,352,704 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-28 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-02-06 12:55 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\AdobeUM
2008-01-26 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 11:19 --------- d-----w C:\Program Files\Micro Application
2008-01-23 17:13 --------- d-----w C:\Program Files\Ahead
2008-01-23 11:00 --------- d-----w C:\Program Files\Google
2008-01-10 12:05 --------- d-----w C:\Program Files\Disc2Phone
2008-01-09 16:48 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\Apple Computer
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2005-07-16 08:38 125 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\la mafieuse\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\Default User\user.bat
.
------- Sigcheck -------
0e32ca931db10f6852ee25c7ccd4d8bf C:\WINDOWS\explorer.exe
----a-w 1,036,288 2004-12-03 16:12:56 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:22:28 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34EC78FA-B485-4EBE-9ACB-086F74F660C2}]
C:\WINDOWS\system32\vtssp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD9FCEB-3130-472A-B9D3-8D052F425E6D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dce83648-50ec-4827-b6e0-785c3c9ba77e}]
C:\WINDOWS\system32\jeevsdax.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 11:10 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"LClock"="lclock.exe" [2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2008-01-24 18:36 141352]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-02-01 10:51 1885464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe" [2004-03-02 12:59 24576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"BMdb2f3472"="C:\WINDOWS\system32\rpyqroqd.dll" [ ]
"d81c07ee"="C:\WINDOWS\system32\kqdyvfie.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2002-12-22 13:56 2176]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbc]
iifedbc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1350:UDP"= 1350:UDP:Windows Media Format SDK (iexplore.exe)
"1351:UDP"= 1351:UDP:Windows Media Format SDK (iexplore.exe)
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-12-19 19:23]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:55]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2005-12-19 19:23]
S2 PASSRV;Panda Antispam Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe [2005-12-19 19:23]
S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee957d1-c9d2-11dc-ba3a-0008022ca65a}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-10 13:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 21:04:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 21:13:53 - machine was rebooted
ComboFix2.txt 2008-03-02 12:35:51
Utilisateur anonyme
2 mars 2008 à 21:52
2 mars 2008 à 21:52
ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34EC78FA-B485-4EBE-9ACB-086F74F660C2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD9FCEB-3130-472A-B9D3-8D052F425E6D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dce83648-50ec-4827-b6e0-785c3c9ba77e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMdb2f3472"=-
"d81c07ee"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbc]
iifedbc.dll
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee957d1-c9d2-11dc-ba3a-0008022ca65a}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command -
files::
C:\WINDOWS\BMdb2f3472.xml
C:\WINDOWS\pskt.ini
C:\Documents and Settings\All Users\Application Data\ZangoSA
"C:\WINDOWS\system32\rpyqroqd.dll"
"C:\WINDOWS\system32\kqdyvfie.dll"
C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
C:\WINDOWS\system32\jeevsdax.dll
C:\WINDOWS\system32\vtssp.dll
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
* Sélectionne le texte suivant (en gras) dans son intégralité :
registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34EC78FA-B485-4EBE-9ACB-086F74F660C2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD9FCEB-3130-472A-B9D3-8D052F425E6D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dce83648-50ec-4827-b6e0-785c3c9ba77e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMdb2f3472"=-
"d81c07ee"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbc]
iifedbc.dll
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee957d1-c9d2-11dc-ba3a-0008022ca65a}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command -
files::
C:\WINDOWS\BMdb2f3472.xml
C:\WINDOWS\pskt.ini
C:\Documents and Settings\All Users\Application Data\ZangoSA
"C:\WINDOWS\system32\rpyqroqd.dll"
"C:\WINDOWS\system32\kqdyvfie.dll"
C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
C:\WINDOWS\system32\jeevsdax.dll
C:\WINDOWS\system32\vtssp.dll
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
yannlekorrigan
Messages postés
9
Date d'inscription
samedi 1 mars 2008
Statut
Membre
Dernière intervention
3 mars 2008
3 mars 2008 à 13:54
3 mars 2008 à 13:54
voici le rapport combofix
ComboFix 08-03-01.3 - la mafieuse 2008-03-02 13:17:16.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\la mafieuse\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-03-02 13:21 . 2008-03-02 13:21 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-03-01 15:43 . 2008-03-01 15:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 11:22 . 2008-02-29 11:22 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Grisoft
2008-02-29 11:21 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-29 11:20 . 2008-02-29 11:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-29 10:55 . 2008-02-29 11:13 <REP> d-------- C:\Program Files\RegCleaner
2008-02-29 10:27 . 2008-03-01 17:29 229,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-29 10:27 . 2008-03-01 16:53 3,572 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 10:21 . 2008-02-29 10:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-29 10:20 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-29 10:20 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-29 10:20 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-29 10:18 . 2008-02-29 10:21 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-29 10:18 . 2008-02-29 10:18 <REP> d-------- C:\Program Files\Zone Labs
2008-02-29 10:18 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-29 10:17 . 2008-03-02 13:26 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-29 00:32 . 2008-02-29 00:32 700 --ah----- C:\aaw7boot.cmd
2008-02-28 23:43 . 2008-02-28 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-28 23:38 . 2008-02-28 23:57 <REP> d-------- C:\Program Files\Lavasoft
2008-02-28 23:05 . 2008-02-28 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-28 21:58 . 2008-03-01 16:31 99,450 --a------ C:\WINDOWS\BMdb2f3472.xml
2008-02-28 21:58 . 2008-03-01 16:09 22 --a------ C:\WINDOWS\pskt.ini
2008-02-28 21:41 . 2008-02-28 21:41 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 15:55 1,352,704 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-28 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-02-06 12:55 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\AdobeUM
2008-01-26 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 11:19 --------- d-----w C:\Program Files\Micro Application
2008-01-26 10:56 63,692 ----a-w C:\WINDOWS\system32\pmnol.dll
2008-01-23 17:13 --------- d-----w C:\Program Files\Ahead
2008-01-23 11:00 --------- d-----w C:\Program Files\Google
2008-01-10 12:05 --------- d-----w C:\Program Files\Disc2Phone
2008-01-09 16:48 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\Apple Computer
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-07-16 08:38 125 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\la mafieuse\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\Default User\user.bat
.
------- Sigcheck -------
0e32ca931db10f6852ee25c7ccd4d8bf C:\WINDOWS\explorer.exe
----a-w 1,036,288 2004-12-03 16:12:56 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34EC78FA-B485-4EBE-9ACB-086F74F660C2}]
C:\WINDOWS\system32\vtssp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD9FCEB-3130-472A-B9D3-8D052F425E6D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dce83648-50ec-4827-b6e0-785c3c9ba77e}]
C:\WINDOWS\system32\jeevsdax.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 11:10 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"LClock"="lclock.exe" [2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe" [2004-03-02 12:59 24576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"BMdb2f3472"="C:\WINDOWS\system32\rpyqroqd.dll" [ ]
"d81c07ee"="C:\WINDOWS\system32\kqdyvfie.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2002-12-22 13:56 2176]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbc]
iifedbc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1350:UDP"= 1350:UDP:Windows Media Format SDK (iexplore.exe)
"1351:UDP"= 1351:UDP:Windows Media Format SDK (iexplore.exe)
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-12-19 19:23]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:55]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2005-12-19 19:23]
S2 PASSRV;Panda Antispam Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe [2005-12-19 19:23]
S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee957d1-c9d2-11dc-ba3a-0008022ca65a}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-10 13:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 13:26:09
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 13:35:48 - machine was rebooted [la mafieuse]
ComboFix 08-03-01.3 - la mafieuse 2008-03-02 13:17:16.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\la mafieuse\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-03-02 13:21 . 2008-03-02 13:21 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-03-01 15:43 . 2008-03-01 15:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 11:22 . 2008-02-29 11:22 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Grisoft
2008-02-29 11:21 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-29 11:20 . 2008-02-29 11:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-29 10:55 . 2008-02-29 11:13 <REP> d-------- C:\Program Files\RegCleaner
2008-02-29 10:27 . 2008-03-01 17:29 229,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-29 10:27 . 2008-03-01 16:53 3,572 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 10:21 . 2008-02-29 10:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-29 10:20 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-29 10:20 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-29 10:20 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-29 10:18 . 2008-02-29 10:21 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-29 10:18 . 2008-02-29 10:18 <REP> d-------- C:\Program Files\Zone Labs
2008-02-29 10:18 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-29 10:17 . 2008-03-02 13:26 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-29 00:32 . 2008-02-29 00:32 700 --ah----- C:\aaw7boot.cmd
2008-02-28 23:43 . 2008-02-28 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-28 23:38 . 2008-02-28 23:57 <REP> d-------- C:\Program Files\Lavasoft
2008-02-28 23:05 . 2008-02-28 23:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-28 21:58 . 2008-03-01 16:31 99,450 --a------ C:\WINDOWS\BMdb2f3472.xml
2008-02-28 21:58 . 2008-03-01 16:09 22 --a------ C:\WINDOWS\pskt.ini
2008-02-28 21:41 . 2008-02-28 21:41 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 15:55 1,352,704 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-28 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-02-06 12:55 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\AdobeUM
2008-01-26 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 11:19 --------- d-----w C:\Program Files\Micro Application
2008-01-26 10:56 63,692 ----a-w C:\WINDOWS\system32\pmnol.dll
2008-01-23 17:13 --------- d-----w C:\Program Files\Ahead
2008-01-23 11:00 --------- d-----w C:\Program Files\Google
2008-01-10 12:05 --------- d-----w C:\Program Files\Disc2Phone
2008-01-09 16:48 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\Apple Computer
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-07-16 08:38 125 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\la mafieuse\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\Default User\user.bat
.
------- Sigcheck -------
0e32ca931db10f6852ee25c7ccd4d8bf C:\WINDOWS\explorer.exe
----a-w 1,036,288 2004-12-03 16:12:56 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34EC78FA-B485-4EBE-9ACB-086F74F660C2}]
C:\WINDOWS\system32\vtssp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD9FCEB-3130-472A-B9D3-8D052F425E6D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dce83648-50ec-4827-b6e0-785c3c9ba77e}]
C:\WINDOWS\system32\jeevsdax.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 11:10 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"LClock"="lclock.exe" [2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe" [2004-03-02 12:59 24576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"BMdb2f3472"="C:\WINDOWS\system32\rpyqroqd.dll" [ ]
"d81c07ee"="C:\WINDOWS\system32\kqdyvfie.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2002-12-22 13:56 2176]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbc]
iifedbc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1350:UDP"= 1350:UDP:Windows Media Format SDK (iexplore.exe)
"1351:UDP"= 1351:UDP:Windows Media Format SDK (iexplore.exe)
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-12-19 19:23]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:55]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2005-12-19 19:23]
S2 PASSRV;Panda Antispam Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe [2005-12-19 19:23]
S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee957d1-c9d2-11dc-ba3a-0008022ca65a}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-10 13:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 13:26:09
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 13:35:48 - machine was rebooted [la mafieuse]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
yannlekorrigan
Messages postés
9
Date d'inscription
samedi 1 mars 2008
Statut
Membre
Dernière intervention
3 mars 2008
3 mars 2008 à 13:56
3 mars 2008 à 13:56
et voici <le rapport hijackthisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:23, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\dvd de poker patrick bruel Web hottest videos personal player.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Antispam Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
O23 - Service: Panda Imanager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.anpe.fr/imgd/candidat/logo.gif
Scan saved at 13:35:23, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\dvd de poker patrick bruel Web hottest videos personal player.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Antispam Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
O23 - Service: Panda Imanager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.anpe.fr/imgd/candidat/logo.gif
Utilisateur anonyme
3 mars 2008 à 13:58
3 mars 2008 à 13:58
bonjour supprime ton script puis recommence la procedure tu as raté quelques chose
:http://www.commentcamarche.net/forum/affich 5277612 probleme de rundll#3
:http://www.commentcamarche.net/forum/affich 5277612 probleme de rundll#3
yannlekorrigan
Messages postés
9
Date d'inscription
samedi 1 mars 2008
Statut
Membre
Dernière intervention
3 mars 2008
3 mars 2008 à 14:09
3 mars 2008 à 14:09
salut jai pas du t envoyer le bon rapport
regarde celui la
ComboFix 08-03-03.6 - la mafieuse 2008-03-03 13:07:20.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.65 [GMT 1:00]
Endroit: C:\Documents and Settings\la mafieuse\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\la mafieuse\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
.
2008-03-03 11:53 . 2004-08-04 01:54 400,896 --a------ C:\CF22573.exe
2008-03-02 22:13 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-02 22:13 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-02 22:13 . 2006-08-21 13:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-02 18:18 . 2008-03-02 18:18 <REP> d-------- C:\Program Files\Uniblue
2008-03-02 18:18 . 2008-03-02 18:18 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Uniblue
2008-03-02 17:47 . 2008-03-02 17:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
2008-03-02 17:39 . 2008-03-02 17:49 <REP> d-------- C:\Program Files\PowerArchiver
2008-03-02 17:17 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-02 17:07 . 2006-12-07 06:29 2,374,472 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-03-02 16:57 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-02 16:57 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-02 16:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-02 16:57 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-02 13:21 . 2008-03-03 10:54 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-03-01 15:43 . 2008-03-01 15:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 11:22 . 2008-02-29 11:22 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Grisoft
2008-02-29 11:21 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-29 11:20 . 2008-02-29 11:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-29 10:55 . 2008-02-29 11:13 <REP> d-------- C:\Program Files\RegCleaner
2008-02-29 10:27 . 2008-03-03 13:19 739,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-29 10:27 . 2008-03-03 13:15 9,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 10:21 . 2008-02-29 10:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-29 10:20 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-29 10:20 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-29 10:20 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-29 10:18 . 2008-02-29 10:21 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-29 10:18 . 2008-02-29 10:18 <REP> d-------- C:\Program Files\Zone Labs
2008-02-29 10:18 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-29 10:17 . 2008-03-03 13:18 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-29 00:32 . 2008-02-29 00:32 700 --ah----- C:\aaw7boot.cmd
2008-02-28 23:43 . 2008-02-28 23:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-02-28 23:38 . 2008-02-28 23:57 <REP> d-------- C:\Program Files\Lavasoft
2008-02-28 23:05 . 2008-02-28 23:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
2008-02-28 21:58 . 2008-03-01 16:31 99,450 --a------ C:\WINDOWS\BMdb2f3472.xml
2008-02-28 21:58 . 2008-03-01 16:09 22 --a------ C:\WINDOWS\pskt.ini
2008-02-28 21:41 . 2008-02-28 21:41 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 11:35 743,874 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-02 20:01 154,112 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-02 20:01 1,374,208 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-01 15:55 1,352,704 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-28 22:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA
2008-02-06 12:55 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\AdobeUM
2008-01-26 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 11:19 --------- d-----w C:\Program Files\Micro Application
2008-01-26 10:56 63,692 ----a-w C:\WINDOWS\system32\pmnol.dll
2008-01-24 17:36 56,360 ----a-w C:\WINDOWS\system32\WBHELP2.DLL
2008-01-23 17:13 --------- d-----w C:\Program Files\Ahead
2008-01-23 11:00 --------- d-----w C:\Program Files\Google
2008-01-10 12:05 --------- d-----w C:\Program Files\Disc2Phone
2008-01-09 16:48 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\Apple Computer
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-07-16 08:38 125 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\la mafieuse\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\Default User\user.bat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 11:10 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"LClock"="lclock.exe" [2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2008-01-24 18:36 141352]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-02-01 10:51 1885464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe" [2004-03-02 12:59 24576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2002-12-22 13:56 2176]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-03-20 17:44:22 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2002-08-20 15:00:00 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1350:UDP"= 1350:UDP:Windows Media Format SDK (iexplore.exe)
"1351:UDP"= 1351:UDP:Windows Media Format SDK (iexplore.exe)
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-12-19 19:23]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:55]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2005-12-19 19:23]
S2 PASSRV;Panda Antispam Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe [2005-12-19 19:23]
S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee957d1-c9d2-11dc-ba3a-0008022ca65a}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 13:19:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\LC.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-03 13:28:27 - machine was rebooted
ComboFix2.txt 2008-03-03 11:49:35
ComboFix3.txt 2008-03-02 20:13:56
ComboFix4.txt 2008-03-02 12:35:51
.
2008-03-02 21:34:33 --- E O F ---
regarde celui la
ComboFix 08-03-03.6 - la mafieuse 2008-03-03 13:07:20.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.65 [GMT 1:00]
Endroit: C:\Documents and Settings\la mafieuse\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\la mafieuse\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
.
2008-03-03 11:53 . 2004-08-04 01:54 400,896 --a------ C:\CF22573.exe
2008-03-02 22:13 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-03-02 22:13 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-03-02 22:13 . 2006-08-21 13:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-03-02 18:18 . 2008-03-02 18:18 <REP> d-------- C:\Program Files\Uniblue
2008-03-02 18:18 . 2008-03-02 18:18 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Uniblue
2008-03-02 17:47 . 2008-03-02 17:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
2008-03-02 17:39 . 2008-03-02 17:49 <REP> d-------- C:\Program Files\PowerArchiver
2008-03-02 17:17 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-02 17:07 . 2006-12-07 06:29 2,374,472 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-03-02 16:57 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-02 16:57 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-02 16:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-02 16:57 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-02 13:21 . 2008-03-03 10:54 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-03-01 15:43 . 2008-03-01 15:43 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 11:22 . 2008-02-29 11:22 <REP> d-------- C:\Documents and Settings\la mafieuse\Application Data\Grisoft
2008-02-29 11:21 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-29 11:20 . 2008-02-29 11:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-29 10:55 . 2008-02-29 11:13 <REP> d-------- C:\Program Files\RegCleaner
2008-02-29 10:27 . 2008-03-03 13:19 739,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-29 10:27 . 2008-03-03 13:15 9,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-29 10:21 . 2008-02-29 10:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-29 10:20 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-29 10:20 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-29 10:20 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-29 10:18 . 2008-02-29 10:21 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-29 10:18 . 2008-02-29 10:18 <REP> d-------- C:\Program Files\Zone Labs
2008-02-29 10:18 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-29 10:17 . 2008-03-03 13:18 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-29 00:32 . 2008-02-29 00:32 700 --ah----- C:\aaw7boot.cmd
2008-02-28 23:43 . 2008-02-28 23:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-02-28 23:38 . 2008-02-28 23:57 <REP> d-------- C:\Program Files\Lavasoft
2008-02-28 23:05 . 2008-02-28 23:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
2008-02-28 21:58 . 2008-03-01 16:31 99,450 --a------ C:\WINDOWS\BMdb2f3472.xml
2008-02-28 21:58 . 2008-03-01 16:09 22 --a------ C:\WINDOWS\pskt.ini
2008-02-28 21:41 . 2008-02-28 21:41 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 11:35 743,874 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-02 20:01 154,112 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-02 20:01 1,374,208 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-01 15:55 1,352,704 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-28 22:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA
2008-02-06 12:55 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\AdobeUM
2008-01-26 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 11:19 --------- d-----w C:\Program Files\Micro Application
2008-01-26 10:56 63,692 ----a-w C:\WINDOWS\system32\pmnol.dll
2008-01-24 17:36 56,360 ----a-w C:\WINDOWS\system32\WBHELP2.DLL
2008-01-23 17:13 --------- d-----w C:\Program Files\Ahead
2008-01-23 11:00 --------- d-----w C:\Program Files\Google
2008-01-10 12:05 --------- d-----w C:\Program Files\Disc2Phone
2008-01-09 16:48 --------- d-----w C:\Documents and Settings\la mafieuse\Application Data\Apple Computer
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-07-16 08:38 125 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\la mafieuse\user.bat
2005-07-16 08:38 125 ----a-w C:\Documents and Settings\Default User\user.bat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 11:10 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"LClock"="lclock.exe" [2004-12-08 17:06 65536 C:\WINDOWS\LClock.exe]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2008-01-24 18:36 141352]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-02-01 10:51 1885464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe" [2004-03-02 12:59 24576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="C:\WINDOWS\LSD\end.cmd" [2002-12-22 13:56 2176]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-03-20 17:44:22 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2002-08-20 15:00:00 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1350:UDP"= 1350:UDP:Windows Media Format SDK (iexplore.exe)
"1351:UDP"= 1351:UDP:Windows Media Format SDK (iexplore.exe)
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-12-19 19:23]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:55]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2005-12-19 19:23]
S2 PASSRV;Panda Antispam Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe [2005-12-19 19:23]
S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ee957d1-c9d2-11dc-ba3a-0008022ca65a}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 13:19:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\LC.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-03 13:28:27 - machine was rebooted
ComboFix2.txt 2008-03-03 11:49:35
ComboFix3.txt 2008-03-02 20:13:56
ComboFix4.txt 2008-03-02 12:35:51
.
2008-03-02 21:34:33 --- E O F ---
