Antinul.vbe - Page 2
Résolu
Précédent
- 1
- 2
ComboFix 10-01-29.04 - hanquez 29/01/2010 21:37:46.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.895.384 [GMT 1:00]
Lancé depuis: c:\documents and settings\hanquez\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
PEV Error: ProgramsFolder
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\hanquez\Application Data\wiaserva.log
c:\documents and settings\hanquez\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\BrowserCtl
c:\program files\webserver
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-2500222187-2461189271-1743740785-1003
c:\recycler\S-1-5-21-515967899-776561741-725345543-1003
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\0101120101464950.xe
c:\windows\0101120101464954.xe
c:\windows\0101120101465753.xe
c:\windows\fdgg34353edfgdfdf
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\mmsmark2.dat
c:\windows\prxid93ps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\qkm.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BROWSERCTL
-------\Legacy_BROWSERCTLDRV
-------\Legacy_NPF
-------\Service_NPF
-------\Service_SfX
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-29 ))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:19 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-24 11:19 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-24 11:19 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-24 11:19 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-24 11:19 . 2010-01-19 11:43 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-24 11:19 . 2010-01-19 11:43 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-24 11:19 . 2010-01-19 11:42 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-24 11:19 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-24 11:19 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-24 11:19 . 2010-01-24 11:19 -------- d-----w- c:\program files\Alwil Software
2010-01-24 11:19 . 2010-01-24 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 10:44 . 2010-01-23 10:44 826856 ----a-w- c:\documents and settings\hanquez\Application Data\MSNInstaller\msnauins.exe
2010-01-23 10:44 . 2010-01-23 10:44 -------- d-----w- c:\documents and settings\hanquez\Application Data\MSNInstaller
2010-01-14 09:40 . 2001-08-23 16:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-14 09:40 . 2004-08-03 23:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-12 10:25 . 2010-01-23 10:51 -------- d-----w- c:\documents and settings\hanquez\Tracing
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:10 . 2009-03-03 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-24 11:10 . 2009-09-19 16:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 11:07 . 2007-07-24 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-24 11:06 . 2007-07-24 20:50 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-17 22:32 . 2009-07-16 15:49 -------- d-----w- c:\documents and settings\hanquez\Application Data\vlc
2010-01-17 21:47 . 2009-03-27 22:21 -------- d-----w- c:\documents and settings\hanquez\Application Data\dvdcss
2010-01-11 19:38 . 2007-07-23 11:59 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-22 20:11 . 2007-10-04 17:00 -------- d-----w- c:\program files\Google
2009-12-22 05:35 . 2006-08-10 19:29 672768 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2006-08-10 19:28 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-13 16:52 . 2006-08-10 19:29 85312 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-13 16:52 . 2006-08-10 19:29 511312 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-04 15:11 . 2007-07-23 10:44 215760 ----a-w- c:\documents and settings\hanquez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 16:42 . 2006-08-10 19:28 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-12-21 21:33 . 2007-09-10 18:50 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 21:33 . 2007-09-10 18:50 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 21:33 . 2007-09-10 18:50 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 21:33 . 2007-09-10 18:50 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 21:33 . 2007-09-10 18:50 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 94208]
"KTPWare"="c:\program files\Elantech\ktp3.exe" [2004-11-17 258048]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2006-07-17 173056]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-06-20 147456]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-25 93640]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"emMON"="emMON.exe" [2006-05-30 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-8-21 156784]
AOL Compagnon.lnk - c:\program files\AOL Compagnon\companion.exe [2006-8-21 255088]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-6-15 1208320]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2006-8-21 573440]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-10-14 173056]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:a6db4cb89
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:TCP"= 53:TCP:webserver
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [14/11/2005 12:28 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31/10/2005 14:49 28800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/01/2010 12:19 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2010 12:19 19024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19/09/2009 17:34 54752]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [21/08/2006 16:15 40960]
R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [11/08/2006 13:01 70144]
R3 Ktp3;Elantech TouchPad(KTP3);c:\windows\system32\drivers\Ktp3.sys [21/08/2006 15:55 24704]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [21/08/2006 16:15 9088]
S2 gupdate1c99c1aef950b98;Service Google Update (gupdate1c99c1aef950b98);c:\program files\Google\Update\GoogleUpdate.exe [03/03/2009 17:13 133104]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
.
Contenu du dossier 'Tâches planifiées'
2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-04 06:38]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:12]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = Travaillez plus.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3720b005a71245e0a6a113469e2bfe99
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3720b005a71245e0a6a113469e2bfe99
IE: Ouvrir dans WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\hanquez\Application Data\Mozilla\Firefox\Profiles\10ciwamk.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-NWEReboot - (no file)
HKLM-Run-OEM-Reset - (no file)
AddRemove-WinZip - c:\program files\WinZip\WINZIP32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 21:48
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3828)
c:\program files\SetPoint\lgscroll.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchBar.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Fichiers communs\Ahead\Lib\MFC71U.DLL
c:\program files\Fichiers communs\Ahead\Lib\BCGCBPRO800u.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\emMON.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Fichiers communs\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\o2flash.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\MicroStar\WLANUtility\WLAN_Service.exe
.
**************************************************************************
.
Heure de fin: 2010-01-29 21:54:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-29 20:54
Avant-CF: 51 642 130 432 octets libres
Après-CF: 56 387 239 936 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=alwaysoff /fastdetect
- - End Of File - - 88B9B15A2B9C0A26BDF4634A29AE8669
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.895.384 [GMT 1:00]
Lancé depuis: c:\documents and settings\hanquez\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
PEV Error: ProgramsFolder
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\hanquez\Application Data\wiaserva.log
c:\documents and settings\hanquez\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\BrowserCtl
c:\program files\webserver
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-2500222187-2461189271-1743740785-1003
c:\recycler\S-1-5-21-515967899-776561741-725345543-1003
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\0101120101464950.xe
c:\windows\0101120101464954.xe
c:\windows\0101120101465753.xe
c:\windows\fdgg34353edfgdfdf
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\mmsmark2.dat
c:\windows\prxid93ps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\qkm.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BROWSERCTL
-------\Legacy_BROWSERCTLDRV
-------\Legacy_NPF
-------\Service_NPF
-------\Service_SfX
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-29 ))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:19 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-24 11:19 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-24 11:19 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-24 11:19 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-24 11:19 . 2010-01-19 11:43 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-24 11:19 . 2010-01-19 11:43 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-24 11:19 . 2010-01-19 11:42 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-24 11:19 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-24 11:19 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-24 11:19 . 2010-01-24 11:19 -------- d-----w- c:\program files\Alwil Software
2010-01-24 11:19 . 2010-01-24 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 10:44 . 2010-01-23 10:44 826856 ----a-w- c:\documents and settings\hanquez\Application Data\MSNInstaller\msnauins.exe
2010-01-23 10:44 . 2010-01-23 10:44 -------- d-----w- c:\documents and settings\hanquez\Application Data\MSNInstaller
2010-01-14 09:40 . 2001-08-23 16:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-14 09:40 . 2004-08-03 23:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-12 10:25 . 2010-01-23 10:51 -------- d-----w- c:\documents and settings\hanquez\Tracing
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:10 . 2009-03-03 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-24 11:10 . 2009-09-19 16:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 11:07 . 2007-07-24 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-24 11:06 . 2007-07-24 20:50 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-17 22:32 . 2009-07-16 15:49 -------- d-----w- c:\documents and settings\hanquez\Application Data\vlc
2010-01-17 21:47 . 2009-03-27 22:21 -------- d-----w- c:\documents and settings\hanquez\Application Data\dvdcss
2010-01-11 19:38 . 2007-07-23 11:59 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-22 20:11 . 2007-10-04 17:00 -------- d-----w- c:\program files\Google
2009-12-22 05:35 . 2006-08-10 19:29 672768 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2006-08-10 19:28 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-13 16:52 . 2006-08-10 19:29 85312 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-13 16:52 . 2006-08-10 19:29 511312 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-04 15:11 . 2007-07-23 10:44 215760 ----a-w- c:\documents and settings\hanquez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 16:42 . 2006-08-10 19:28 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-12-21 21:33 . 2007-09-10 18:50 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 21:33 . 2007-09-10 18:50 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 21:33 . 2007-09-10 18:50 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 21:33 . 2007-09-10 18:50 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 21:33 . 2007-09-10 18:50 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 94208]
"KTPWare"="c:\program files\Elantech\ktp3.exe" [2004-11-17 258048]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2006-07-17 173056]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-06-20 147456]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-25 93640]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"emMON"="emMON.exe" [2006-05-30 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-8-21 156784]
AOL Compagnon.lnk - c:\program files\AOL Compagnon\companion.exe [2006-8-21 255088]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-6-15 1208320]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2006-8-21 573440]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-10-14 173056]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:a6db4cb89
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:TCP"= 53:TCP:webserver
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [14/11/2005 12:28 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31/10/2005 14:49 28800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/01/2010 12:19 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2010 12:19 19024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19/09/2009 17:34 54752]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [21/08/2006 16:15 40960]
R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [11/08/2006 13:01 70144]
R3 Ktp3;Elantech TouchPad(KTP3);c:\windows\system32\drivers\Ktp3.sys [21/08/2006 15:55 24704]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [21/08/2006 16:15 9088]
S2 gupdate1c99c1aef950b98;Service Google Update (gupdate1c99c1aef950b98);c:\program files\Google\Update\GoogleUpdate.exe [03/03/2009 17:13 133104]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
.
Contenu du dossier 'Tâches planifiées'
2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-04 06:38]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:12]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = Travaillez plus.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3720b005a71245e0a6a113469e2bfe99
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3720b005a71245e0a6a113469e2bfe99
IE: Ouvrir dans WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\hanquez\Application Data\Mozilla\Firefox\Profiles\10ciwamk.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-NWEReboot - (no file)
HKLM-Run-OEM-Reset - (no file)
AddRemove-WinZip - c:\program files\WinZip\WINZIP32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 21:48
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3828)
c:\program files\SetPoint\lgscroll.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchBar.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Fichiers communs\Ahead\Lib\MFC71U.DLL
c:\program files\Fichiers communs\Ahead\Lib\BCGCBPRO800u.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\emMON.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Fichiers communs\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\o2flash.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\MicroStar\WLANUtility\WLAN_Service.exe
.
**************************************************************************
.
Heure de fin: 2010-01-29 21:54:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-29 20:54
Avant-CF: 51 642 130 432 octets libres
Après-CF: 56 387 239 936 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=alwaysoff /fastdetect
- - End Of File - - 88B9B15A2B9C0A26BDF4634A29AE8669
Précédent
- 1
- 2
