ComboFix 09-05-31.06 - Propriétaire 02.06.2009 21:19.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.41.1036.18.958.668 [GMT 2:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090601-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\PROPRI~1\APPLIC~1\inst.exe
K:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-02 au 2009-06-02 ))))))))))))))))))))))))))))))))))))
.
2009-06-02 16:31 . 2009-06-02 16:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-02 16:30 . 2009-06-02 16:30 -------- d-----w- c:\program files\Java
2009-06-02 16:15 . 2009-06-02 16:15 -------- d-----w- c:\program files\CCleaner
2009-06-01 20:02 . 2009-06-01 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-01 20:02 . 2009-06-01 20:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-01 20:02 . 2009-06-01 20:02 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\SUPERAntiSpyware.com
2009-06-01 20:02 . 2009-06-01 20:02 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-01 07:53 . 2009-06-01 07:53 -------- d-----w- C:\VundoFix Backups
2009-06-01 07:22 . 2009-06-01 10:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-01 07:06 . 2009-06-01 07:06 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\Malwarebytes
2009-06-01 07:06 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 07:05 . 2009-06-01 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-01 07:05 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-01 07:05 . 2009-06-01 07:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 05:55 . 2009-06-01 05:55 -------- d-----w- c:\program files\Trend Micro
2009-06-01 05:31 . 2009-06-02 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-01 05:31 . 2009-06-02 16:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-31 14:30 . 2009-06-01 20:01 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\DVD Flick
2009-05-31 14:30 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-05-31 14:30 . 2009-05-31 14:30 -------- d-----w- c:\program files\DVD Flick
2009-05-31 14:20 . 2009-05-31 14:30 -------- d-----w- c:\program files\Super DVD Creator 8.0
2009-05-31 14:08 . 2009-05-31 14:09 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\GetRightToGo
2009-05-31 13:26 . 2004-10-12 12:42 262144 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-05-31 13:26 . 2004-10-12 12:40 2255360 ----a-w- c:\windows\system32\libavcodec.dll
2009-05-31 13:26 . 2004-10-05 14:16 395776 ----a-w- c:\windows\system32\libmplayer.dll
2009-05-31 13:26 . 2004-10-03 23:50 112640 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-05-31 13:26 . 2009-05-31 13:26 -------- d-----w- c:\program files\Cucusoft
2009-05-29 17:02 . 2007-02-12 17:21 10752 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 17:02 . 2009-05-29 17:02 -------- d-----w- c:\program files\ffdshow
2009-05-29 17:01 . 2009-05-29 17:02 -------- d-----w- c:\program files\Avi Player
2009-05-22 22:30 . 2009-05-22 22:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-14 19:20 . 2009-05-14 19:20 -------- d-----w- c:\windows\ie8updates
2009-05-14 19:20 . 2009-05-14 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-14 19:20 . 2009-05-14 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-14 19:20 . 2009-05-14 19:20 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\Yahoo!
2009-05-14 19:20 . 2009-05-14 19:20 -------- d-----w- c:\program files\Yahoo!
2009-05-14 19:17 . 2009-05-14 19:20 -------- dc-h--w- c:\windows\ie8
2009-05-14 19:17 . 2009-05-14 19:20 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-14 19:15 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 17:33 . 2009-04-06 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-31 20:16 . 2009-02-04 18:07 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\Vso
2009-05-27 19:37 . 2009-02-08 19:04 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\Skype
2009-05-27 18:21 . 2009-02-03 22:06 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\skypePM
2009-05-22 22:31 . 2009-02-03 22:20 -------- d-----w- c:\program files\Google
2009-05-03 09:54 . 2009-03-10 16:40 -------- d-----w- c:\docume~1\PROPRI~1\APPLIC~1\TuneUpMedia
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-16 19:38 . 2004-08-05 12:00 48820 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-16 19:38 . 2004-08-05 12:00 367988 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-12 10:58 . 2009-04-12 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 10:58 . 2009-02-03 22:12 -------- d-----w- c:\program files\iTunes
2009-04-12 10:58 . 2009-04-12 10:58 -------- d-----w- c:\program files\iPod
2009-04-12 10:58 . 2009-02-03 21:41 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-04-12 10:56 . 2009-04-12 10:56 -------- d-----w- c:\program files\Bonjour
2009-04-12 10:54 . 2009-03-10 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-04-12 10:54 . 2009-04-12 10:53 -------- d-----w- c:\program files\TuneUpMedia
2009-04-12 10:53 . 2009-04-12 10:53 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-02-03 22:12 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 02:34 . 2004-08-05 12:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-05 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-05 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-05 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-05 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-05 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-05 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-05 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2004-08-05 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-05 12:00 286720 ----a-w- c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]
"Google Update"="c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-07 133104]
"Avi Player"="c:\program files\Avi Player\AviPlayer.exe" [2007-09-05 629760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-02 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-17 90112]
c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Propriétaire\\Bureau\\Raccorcis\\freezer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [16.12.2008 16:48 21144]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03.02.2009 22:01 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.05.2009 10:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.05.2009 10:05 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03.02.2009 22:01 20560]
S2 gupdate1c9b6ece07558f6;Service Google Update (gupdate1c9b6ece07558f6);c:\program files\Google\Update\GoogleUpdate.exe [06.04.2009 21:21 133104]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.05.2009 10:05 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contenu du dossier 'Tâches planifiées'
2009-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-06-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 19:20]
2009-06-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 19:21]
.
- - - - ORPHELINS SUPPRIMES - - - -
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = localhost:8800
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\PROPRI~1\APPLIC~1\Mozilla\Firefox\Profiles\d43qvdly.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-02 21:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(6416)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-06-02 21:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-02 19:23
Avant-CF: 36'829'851'648 octets libres
Après-CF: 36'841'037'824 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
210 --- E O F --- 2009-05-14 19:26