Tray_cd.exe
mircka
Messages postés
1
Statut
Membre
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour j ai telecharge un fichier tray_cd.exe et mon ordi plante !!
voici le raport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 01:02:34, on 19/11/2066
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\temp\scarface.exe
D:\Documents and Settings\Cédric.SN049180320674\Bureau\HijackThis.exe
C:\WINDOWS\system32\temp\scarface.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
voici le raport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 01:02:34, on 19/11/2066
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\temp\scarface.exe
D:\Documents and Settings\Cédric.SN049180320674\Bureau\HijackThis.exe
C:\WINDOWS\system32\temp\scarface.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
48 réponses
Faut faire la procédure avec CFScript même si la désinstallation des traces de Norton a supprimé tes problèmes.
euh mais j'ai pas utilisé le script, merci beaucoup quand meme mais je pense que c est pas la peine que je l utilise vu que tout marche comme avant... hourra je vous aime
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 08-08-21.02 - Cédric 2008-08-23 19:09:23.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.698 [GMT 2:00]
Endroit: D:\Documents and Settings\Cédric.SN049180320674\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\Cédric.SN049180320674\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\temp\scarface.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.
2066-11-19 02:25 . 2008-08-17 16:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2066-11-19 02:25 . 2008-08-17 16:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2066-11-19 02:00 . 2066-11-19 03:21 <REP> d--h----- C:\WINDOWS\system32\temp
2008-08-13 22:24 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-07 12:09 . 2008-08-07 12:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-07 12:09 . 2008-08-07 12:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-03 16:46 . 2006-11-10 19:23 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
2008-08-03 16:46 . 2006-11-10 19:24 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
2008-08-03 16:46 . 2006-11-10 19:24 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2066-11-19 00:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Malwarebytes
2066-11-19 00:25 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2066-11-19 00:01 --------- d-----w C:\Program Files\CleanUp!
2066-11-19 00:00 --------- d-----w C:\Program Files\Ahead
2008-08-23 10:44 --------- d-----w C:\Program Files\eMule
2008-08-02 14:38 --------- d-----w C:\Program Files\Java
2008-07-22 19:48 --------- d-----w C:\Program Files\ETAJV PC
.
((((((((((((((((((((((((((((( snapshot@2008-08-23_18.40.13.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2066-11-19 00:00:10 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-23 16:55:09 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2066-11-19 00:00:10 63,854 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-23 16:55:09 63,854 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2066-11-19 00:00:10 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-23 16:55:09 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2066-11-19 00:00:10 445,434 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-23 16:55:09 445,434 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-23 17:12:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.MJPG"= pvmjpg21.dll
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-22 22:05 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2005-06-02 16:14 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 02:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\TribalWeb\\tribalweb.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fritivi\\fritivi.exe"=
"C:\\Program Files\\Fritivi\\Fritivi_Pip.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe"=
"D:\\jeux\\LucasArts\\Jedi Knight\\JK.EXE"=
R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 17:18]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 13:51]
R3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 19:14]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 19:12:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\APPS\ABOARD\AOSD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-23 19:15:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 17:15:28
ComboFix2.txt 2008-08-23 16:40:28
Pre-Run: 26,118,295,552 octets libres
Post-Run: 26,104,942,592 octets libres
136 --- E O F --- 2008-08-13 21:10:06
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.698 [GMT 2:00]
Endroit: D:\Documents and Settings\Cédric.SN049180320674\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\Cédric.SN049180320674\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\temp\scarface.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.
2066-11-19 02:25 . 2008-08-17 16:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2066-11-19 02:25 . 2008-08-17 16:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2066-11-19 02:00 . 2066-11-19 03:21 <REP> d--h----- C:\WINDOWS\system32\temp
2008-08-13 22:24 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-07 12:09 . 2008-08-07 12:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-07 12:09 . 2008-08-07 12:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-03 16:46 . 2006-11-10 19:23 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
2008-08-03 16:46 . 2006-11-10 19:24 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
2008-08-03 16:46 . 2006-11-10 19:24 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2066-11-19 00:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Malwarebytes
2066-11-19 00:25 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2066-11-19 00:01 --------- d-----w C:\Program Files\CleanUp!
2066-11-19 00:00 --------- d-----w C:\Program Files\Ahead
2008-08-23 10:44 --------- d-----w C:\Program Files\eMule
2008-08-02 14:38 --------- d-----w C:\Program Files\Java
2008-07-22 19:48 --------- d-----w C:\Program Files\ETAJV PC
.
((((((((((((((((((((((((((((( snapshot@2008-08-23_18.40.13.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2066-11-19 00:00:10 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-23 16:55:09 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2066-11-19 00:00:10 63,854 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-23 16:55:09 63,854 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2066-11-19 00:00:10 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-23 16:55:09 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2066-11-19 00:00:10 445,434 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-23 16:55:09 445,434 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-23 17:12:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.MJPG"= pvmjpg21.dll
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-22 22:05 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2005-06-02 16:14 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 02:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\TribalWeb\\tribalweb.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fritivi\\fritivi.exe"=
"C:\\Program Files\\Fritivi\\Fritivi_Pip.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe"=
"D:\\jeux\\LucasArts\\Jedi Knight\\JK.EXE"=
R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 17:18]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 13:51]
R3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 19:14]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 19:12:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\APPS\ABOARD\AOSD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-23 19:15:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 17:15:28
ComboFix2.txt 2008-08-23 16:40:28
Pre-Run: 26,118,295,552 octets libres
Post-Run: 26,104,942,592 octets libres
136 --- E O F --- 2008-08-13 21:10:06
