Format du document : text/plain
Prévisualisation
ComboFix 13-06-22.01 - Emilie 23/06/2013 14:45:33.1.1 - x86
Microsoft Windows XP �dition familiale 5.1.2600.3.1252.33.1036.18.959.549 [GMT 2:00]
Lanc� depuis: c:\documents and settings\Emilie\Bureau\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVSCAN-20121006-123401-317812BD\avscan_ext
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-05-23 au 2013-06-23 ))))))))))))))))))))))))))))))))))))
.
.
2013-06-23 10:02 . 2013-06-23 10:02 -------- d-----w- c:\documents and settings\Emilie\Local Settings\Application Data\Sun
2013-06-22 16:11 . 2013-06-22 16:11 -------- d-----w- c:\program files\Fichiers communs\Java
2013-06-22 16:11 . 2013-06-22 16:10 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-22 16:11 . 2013-06-22 16:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 16:10 . 2013-06-22 16:10 -------- d-----w- c:\program files\Java
2013-06-22 16:04 . 2013-06-22 16:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-22 16:04 . 2013-06-22 16:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-22 14:59 . 2013-06-22 14:59 -------- d-----w- c:\windows\ERUNT
2013-06-22 14:59 . 2013-06-22 14:59 -------- d-----w- C:\JRT
2013-06-22 13:52 . 2013-06-22 15:13 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-06-21 11:56 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2013-06-21 11:56 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2013-06-21 11:56 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2013-06-21 11:56 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2013-06-21 11:56 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2013-06-21 11:56 . 2013-06-21 11:56 -------- d-----w- c:\documents and settings\Emilie\Application Data\Simply Super Software
2013-06-21 11:56 . 2013-06-21 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2013-06-20 14:12 . 2013-06-20 14:12 -------- d-----w- c:\documents and settings\Administrateur
2013-06-20 12:30 . 2013-06-20 12:30 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2013-06-20 12:30 . 2013-06-20 12:30 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2013-06-20 10:24 . 2013-06-20 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-06-19 14:04 . 2013-06-19 14:04 -------- d-----w- c:\documents and settings\Emilie\Application Data\Malwarebytes
2013-06-19 14:04 . 2013-06-19 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-19 14:04 . 2013-06-19 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-19 14:04 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-19 13:54 . 2013-06-22 15:13 -------- d-----w- c:\program files\ZHPDiag
2013-06-19 13:54 . 2013-06-22 15:09 -------- d-----w- C:\ZHP
2013-06-09 14:22 . 2013-06-09 14:22 -------- d-----w- c:\documents and settings\LocalService\Bureau
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 16:10 . 2012-08-26 22:46 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 16:10 . 2010-12-18 14:09 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-17 20:30 . 2004-08-05 12:00 841216 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 20:30 . 2004-08-05 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-05-17 20:30 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-05-17 20:30 . 2004-08-05 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2013-05-03 05:39 . 2004-08-05 12:00 2195584 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39 . 2004-08-04 00:48 2072192 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 23:28 . 2004-08-05 12:00 389120 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:00 . 2004-08-05 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2007-04-11 53248]
"SoundMan"="SOUNDMAN.EXE" [2010-02-14 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"HerculesCamService"="c:\program files\Hercules\Hercules Blog Webcam\CamService.exe" [2006-10-13 122880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-10-06 348664]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Emilie\Menu D�marrer\Programmes\D�marrage\
OpenOffice.org 1.1.1.lnk - c:\program files\OpenOffice.org1.1.1\program\quickstart.exe [2004-3-2 61440]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Menu D�marrer\Programmes\D�marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2010-2-13 262144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0cpmnat
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [08/07/2012 16:31 18544]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [03/09/2012 13:02 36000]
R2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [03/09/2012 13:02 86224]
R2 AntiVirWebService;Avira Protection Web;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [03/09/2012 13:02 465360]
R3 APL531;Hercules Blog Webcam;c:\windows\system32\drivers\BLvid.sys [26/03/2010 20:46 274816]
R3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [26/03/2010 20:46 22656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 15:37 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2013-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-22 16:04]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce5024117ffeae.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 13:08]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 13:08]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.wuuta.com/
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\documents and settings\Emilie\Application Data\Mozilla\Firefox\Profiles\uzs03r91.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-23 14:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(692)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Heure de fin: 2013-06-23 14:53:49
ComboFix-quarantined-files.txt 2013-06-23 12:53
.
Avant-CF: 99�237�998�592 octets libres
Apr�s-CF: 101�903�527�936 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP �dition familiale" /noexecute=optin
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Mode sans �chec ccm"/fastdetect/safeboot:minimal/sos/bootlog /fastdetect
.
- - End Of File - - E3DC1212D53E8C22356196EA2BF551C7
C99C3199CFAA4CBDCD91493F6D113A50