ComboFix 11-10-29.06 - Bruno 30/10/2011 10:09:50.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3191.2556 [GMT 1:00]
Lancé depuis: c:\documents and settings\Bruno\Mes documents\Antivirus\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-09-28 au 2011-10-30 ))))))))))))))))))))))))))))))))))))
.
.
2011-10-30 08:49 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-30 08:49 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-30 08:49 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-30 08:49 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-30 08:49 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-30 08:49 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-30 08:49 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-30 08:49 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-30 08:42 . 2011-10-30 08:42 -------- d-----w- c:\documents and settings\Bruno\Application Data\AVG2012
2011-10-30 08:40 . 2011-10-30 08:47 -------- d-----w- c:\windows\LastGood
2011-10-30 08:39 . 2011-10-30 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-30 08:28 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-30 08:28 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-29 11:58 . 2011-10-30 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-29 11:58 . 2011-10-29 11:58 -------- d-----w- c:\program files\AVAST Software
2011-10-29 11:53 . 2011-10-29 11:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-29 11:50 . 2011-10-30 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-28 20:13 . 2011-10-28 20:13 -------- d-----w- c:\documents and settings\Bruno\Application Data\Malwarebytes
2011-10-28 20:12 . 2011-10-28 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-28 20:12 . 2011-10-29 21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-28 20:03 . 2011-10-28 20:03 1409 ----a-w- c:\windows\QTFont.for
2011-10-27 17:04 . 2011-10-29 16:44 -------- d-sh--w- c:\documents and settings\Bruno\Local Settings\Application Data\5c8b7349
2011-10-27 16:10 . 2011-10-27 16:10 -------- d-----w- c:\program files\WinSCP
2011-10-16 11:18 . 2011-10-16 11:23 -------- d-----w- c:\program files\RegCleaner
2011-10-16 07:15 . 2011-10-16 07:15 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-18 14:11 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-18 14:11 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2004-08-18 14:10 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2004-08-18 14:11 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 21:24 . 2004-08-18 14:11 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:24 . 2004-08-18 14:10 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:24 . 2004-08-18 14:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:24 . 2004-08-18 14:10 17408 ------w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-18 14:10 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-18 14:10 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 11:51 . 2006-09-26 18:37 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-09-29 07:16 . 2011-10-28 20:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.fr/fr.special-uninstallation-feedback-appf?lic=OEZSRUUtVjBQUlItUFlMM1ItOUxVQVItU01EVkotQ1UwWUQtOVRXQw&inst=NzctOTI5NDAyMTczLVhMKzEtVDEtRkwrOC1GOE02KzEtRjhNOEMrMy1GOE0xMUQrMS1VUEcrMjAxMS1YTzgrMS1ERFQrMTU3MDktREQ4MEYrMS1TVDgwRkFQUCsxLVNUMTJGT0krMS1TVDEyRkFQUCsx&prod=90&ver=2012.0.1834&mid=8209debe4d414aeebddf046e5bd7722f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Camille\Menu Démarrer\Programmes\Démarrage\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1036 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.10\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Free Video Converter\\FreeVideoConverter.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_25\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_02\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\putty\\putty.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/10/2011 09:49 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/10/2011 09:49 20568]
R3 WN6201;Wireless Network Adapter Service;c:\windows\system32\drivers\WN6201.sys [14/04/2007 16:30 457472]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30/10/2011 09:49 442200]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [16/02/2008 08:33 63555]
S3 BulkUsb;VK700 USB Driver;c:\windows\system32\drivers\VK700_USB.sys [24/12/2006 17:17 17024]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [12/12/2008 20:21 94208]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [16/02/2008 08:33 114616]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [21/09/2008 12:57 98488]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVGIDSDRIVER
*NewlyCreated* - AVGIDSFILTER
*NewlyCreated* - AVGIDSSHIM
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGRKX86
*Deregistered* - Avgldx86
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&affID=18474&mntrId=64e51e530000000000000012bf5f2a55
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.nec-computers.fr/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: Backward &Links
IE: Cac&hed Snapshot of Page
IE: Si&milar Pages
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: opac38.fr\vpnssl
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bruno\Application Data\Mozilla\Firefox\Profiles\ntu34bcf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&affID=18474&mntrId=64e51e530000000000000012bf5f2a55
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=64e51e530000000000000012bf5f2a55&tlver=1.4.31.6&instlRef=sst&&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-10-30 10:17
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3040)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\apps\Powercinema\Kernel\TV\PCMRM2Splter.ax
c:\windows\system32\wmpasf.dll
c:\windows\system32\DRMClien.DLL
c:\windows\system32\DivXMedia.ax
c:\apps\Powercinema\Kernel\TV\PCMRDemuxer.ax
c:\apps\Powercinema\Kernel\Movie\isomsplt.ax
.
Heure de fin: 2011-10-30 10:20:29
ComboFix-quarantined-files.txt 2011-10-30 09:20
ComboFix2.txt 2011-10-30 08:02
.
Avant-CF: 10*310*361*088 octets libres
Après-CF: 10*374*381*568 octets libres
.
- - End Of File - - 4A4B02BB048A0C3E277AF081CAFB4D47
Partager