Antinul.vbe
Résolu
Voronov
Messages postés
20
Statut
Membre
-
chouby -
chouby -
Bonjour,
Comme beaucoup de gens en ce moment, j'ai reçu le "virus" antinul.vbe m'indiquant de travailler ...
C'est pourquoi je viens vers vous aujourd'hui, pour essayer d'en finir avec ce "virus" bien embêtant !
En attente de vous lire, cordialement,
Voronov.
Comme beaucoup de gens en ce moment, j'ai reçu le "virus" antinul.vbe m'indiquant de travailler ...
C'est pourquoi je viens vers vous aujourd'hui, pour essayer d'en finir avec ce "virus" bien embêtant !
En attente de vous lire, cordialement,
Voronov.
21 réponses
ComboFix 10-01-29.04 - hanquez 29/01/2010 21:37:46.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.895.384 [GMT 1:00]
Lancé depuis: c:\documents and settings\hanquez\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
PEV Error: ProgramsFolder
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\hanquez\Application Data\wiaserva.log
c:\documents and settings\hanquez\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\BrowserCtl
c:\program files\webserver
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-2500222187-2461189271-1743740785-1003
c:\recycler\S-1-5-21-515967899-776561741-725345543-1003
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\0101120101464950.xe
c:\windows\0101120101464954.xe
c:\windows\0101120101465753.xe
c:\windows\fdgg34353edfgdfdf
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\mmsmark2.dat
c:\windows\prxid93ps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\qkm.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BROWSERCTL
-------\Legacy_BROWSERCTLDRV
-------\Legacy_NPF
-------\Service_NPF
-------\Service_SfX
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-29 ))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:19 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-24 11:19 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-24 11:19 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-24 11:19 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-24 11:19 . 2010-01-19 11:43 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-24 11:19 . 2010-01-19 11:43 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-24 11:19 . 2010-01-19 11:42 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-24 11:19 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-24 11:19 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-24 11:19 . 2010-01-24 11:19 -------- d-----w- c:\program files\Alwil Software
2010-01-24 11:19 . 2010-01-24 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 10:44 . 2010-01-23 10:44 826856 ----a-w- c:\documents and settings\hanquez\Application Data\MSNInstaller\msnauins.exe
2010-01-23 10:44 . 2010-01-23 10:44 -------- d-----w- c:\documents and settings\hanquez\Application Data\MSNInstaller
2010-01-14 09:40 . 2001-08-23 16:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-14 09:40 . 2004-08-03 23:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-12 10:25 . 2010-01-23 10:51 -------- d-----w- c:\documents and settings\hanquez\Tracing
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:10 . 2009-03-03 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-24 11:10 . 2009-09-19 16:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 11:07 . 2007-07-24 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-24 11:06 . 2007-07-24 20:50 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-17 22:32 . 2009-07-16 15:49 -------- d-----w- c:\documents and settings\hanquez\Application Data\vlc
2010-01-17 21:47 . 2009-03-27 22:21 -------- d-----w- c:\documents and settings\hanquez\Application Data\dvdcss
2010-01-11 19:38 . 2007-07-23 11:59 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-22 20:11 . 2007-10-04 17:00 -------- d-----w- c:\program files\Google
2009-12-22 05:35 . 2006-08-10 19:29 672768 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2006-08-10 19:28 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-13 16:52 . 2006-08-10 19:29 85312 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-13 16:52 . 2006-08-10 19:29 511312 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-04 15:11 . 2007-07-23 10:44 215760 ----a-w- c:\documents and settings\hanquez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 16:42 . 2006-08-10 19:28 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-12-21 21:33 . 2007-09-10 18:50 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 21:33 . 2007-09-10 18:50 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 21:33 . 2007-09-10 18:50 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 21:33 . 2007-09-10 18:50 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 21:33 . 2007-09-10 18:50 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 94208]
"KTPWare"="c:\program files\Elantech\ktp3.exe" [2004-11-17 258048]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2006-07-17 173056]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-06-20 147456]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-25 93640]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"emMON"="emMON.exe" [2006-05-30 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-8-21 156784]
AOL Compagnon.lnk - c:\program files\AOL Compagnon\companion.exe [2006-8-21 255088]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-6-15 1208320]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2006-8-21 573440]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-10-14 173056]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:a6db4cb89
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:TCP"= 53:TCP:webserver
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [14/11/2005 12:28 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31/10/2005 14:49 28800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/01/2010 12:19 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2010 12:19 19024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19/09/2009 17:34 54752]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [21/08/2006 16:15 40960]
R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [11/08/2006 13:01 70144]
R3 Ktp3;Elantech TouchPad(KTP3);c:\windows\system32\drivers\Ktp3.sys [21/08/2006 15:55 24704]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [21/08/2006 16:15 9088]
S2 gupdate1c99c1aef950b98;Service Google Update (gupdate1c99c1aef950b98);c:\program files\Google\Update\GoogleUpdate.exe [03/03/2009 17:13 133104]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
.
Contenu du dossier 'Tâches planifiées'
2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-04 06:38]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:12]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = Travaillez plus.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3720b005a71245e0a6a113469e2bfe99
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3720b005a71245e0a6a113469e2bfe99
IE: Ouvrir dans WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\hanquez\Application Data\Mozilla\Firefox\Profiles\10ciwamk.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-NWEReboot - (no file)
HKLM-Run-OEM-Reset - (no file)
AddRemove-WinZip - c:\program files\WinZip\WINZIP32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 21:48
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3828)
c:\program files\SetPoint\lgscroll.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchBar.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Fichiers communs\Ahead\Lib\MFC71U.DLL
c:\program files\Fichiers communs\Ahead\Lib\BCGCBPRO800u.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\emMON.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Fichiers communs\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\o2flash.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\MicroStar\WLANUtility\WLAN_Service.exe
.
**************************************************************************
.
Heure de fin: 2010-01-29 21:54:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-29 20:54
Avant-CF: 51 642 130 432 octets libres
Après-CF: 56 387 239 936 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=alwaysoff /fastdetect
- - End Of File - - 88B9B15A2B9C0A26BDF4634A29AE8669
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.895.384 [GMT 1:00]
Lancé depuis: c:\documents and settings\hanquez\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
PEV Error: ProgramsFolder
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\hanquez\Application Data\wiaserva.log
c:\documents and settings\hanquez\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\BrowserCtl
c:\program files\webserver
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-2500222187-2461189271-1743740785-1003
c:\recycler\S-1-5-21-515967899-776561741-725345543-1003
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\0101120101464950.xe
c:\windows\0101120101464954.xe
c:\windows\0101120101465753.xe
c:\windows\fdgg34353edfgdfdf
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\mmsmark2.dat
c:\windows\prxid93ps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\qkm.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BROWSERCTL
-------\Legacy_BROWSERCTLDRV
-------\Legacy_NPF
-------\Service_NPF
-------\Service_SfX
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-29 ))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:19 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-24 11:19 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-24 11:19 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-24 11:19 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-24 11:19 . 2010-01-19 11:43 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-24 11:19 . 2010-01-19 11:43 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-24 11:19 . 2010-01-19 11:42 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-24 11:19 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-24 11:19 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-24 11:19 . 2010-01-24 11:19 -------- d-----w- c:\program files\Alwil Software
2010-01-24 11:19 . 2010-01-24 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 10:44 . 2010-01-23 10:44 826856 ----a-w- c:\documents and settings\hanquez\Application Data\MSNInstaller\msnauins.exe
2010-01-23 10:44 . 2010-01-23 10:44 -------- d-----w- c:\documents and settings\hanquez\Application Data\MSNInstaller
2010-01-14 09:40 . 2001-08-23 16:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-14 09:40 . 2004-08-03 23:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-12 10:25 . 2010-01-23 10:51 -------- d-----w- c:\documents and settings\hanquez\Tracing
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:10 . 2009-03-03 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-24 11:10 . 2009-09-19 16:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 11:07 . 2007-07-24 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-24 11:06 . 2007-07-24 20:50 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-17 22:32 . 2009-07-16 15:49 -------- d-----w- c:\documents and settings\hanquez\Application Data\vlc
2010-01-17 21:47 . 2009-03-27 22:21 -------- d-----w- c:\documents and settings\hanquez\Application Data\dvdcss
2010-01-11 19:38 . 2007-07-23 11:59 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-22 20:11 . 2007-10-04 17:00 -------- d-----w- c:\program files\Google
2009-12-22 05:35 . 2006-08-10 19:29 672768 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2006-08-10 19:28 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-13 16:52 . 2006-08-10 19:29 85312 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-13 16:52 . 2006-08-10 19:29 511312 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-04 15:11 . 2007-07-23 10:44 215760 ----a-w- c:\documents and settings\hanquez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 16:42 . 2006-08-10 19:28 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-12-21 21:33 . 2007-09-10 18:50 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 21:33 . 2007-09-10 18:50 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 21:33 . 2007-09-10 18:50 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 21:33 . 2007-09-10 18:50 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 21:33 . 2007-09-10 18:50 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 94208]
"KTPWare"="c:\program files\Elantech\ktp3.exe" [2004-11-17 258048]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2006-07-17 173056]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-06-20 147456]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-25 93640]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"emMON"="emMON.exe" [2006-05-30 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-8-21 156784]
AOL Compagnon.lnk - c:\program files\AOL Compagnon\companion.exe [2006-8-21 255088]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-6-15 1208320]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2006-8-21 573440]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-10-14 173056]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:a6db4cb89
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:TCP"= 53:TCP:webserver
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [14/11/2005 12:28 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31/10/2005 14:49 28800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/01/2010 12:19 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2010 12:19 19024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19/09/2009 17:34 54752]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [21/08/2006 16:15 40960]
R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [11/08/2006 13:01 70144]
R3 Ktp3;Elantech TouchPad(KTP3);c:\windows\system32\drivers\Ktp3.sys [21/08/2006 15:55 24704]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [21/08/2006 16:15 9088]
S2 gupdate1c99c1aef950b98;Service Google Update (gupdate1c99c1aef950b98);c:\program files\Google\Update\GoogleUpdate.exe [03/03/2009 17:13 133104]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
.
Contenu du dossier 'Tâches planifiées'
2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-04 06:38]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:12]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = Travaillez plus.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3720b005a71245e0a6a113469e2bfe99
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3720b005a71245e0a6a113469e2bfe99
IE: Ouvrir dans WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\hanquez\Application Data\Mozilla\Firefox\Profiles\10ciwamk.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-NWEReboot - (no file)
HKLM-Run-OEM-Reset - (no file)
AddRemove-WinZip - c:\program files\WinZip\WINZIP32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 21:48
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3828)
c:\program files\SetPoint\lgscroll.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchBar.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Fichiers communs\Ahead\Lib\MFC71U.DLL
c:\program files\Fichiers communs\Ahead\Lib\BCGCBPRO800u.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\emMON.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Fichiers communs\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\o2flash.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\MicroStar\WLANUtility\WLAN_Service.exe
.
**************************************************************************
.
Heure de fin: 2010-01-29 21:54:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-29 20:54
Avant-CF: 51 642 130 432 octets libres
Après-CF: 56 387 239 936 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=alwaysoff /fastdetect
- - End Of File - - 88B9B15A2B9C0A26BDF4634A29AE8669
