voila
ComboFix 09-06-25.01 - Mickaël 25/06/2009 20:46.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.327 [GMT 2:00]
Lancé depuis: c:\documents and settings\Mickaël\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\blazzers.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
C:\repppp.exe
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\msconfig.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-25 au 2009-06-25 ))))))))))))))))))))))))))))))))))))
.
2009-06-25 17:30 . 2009-06-25 17:30 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Bureau
2009-06-25 17:22 . 2009-06-25 17:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 17:21 . 2009-06-25 17:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-25 06:54 . 2009-06-25 06:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-25 06:49 . 2009-06-25 06:49 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Xentient
2009-06-23 15:49 . 2009-06-23 15:49 -------- d-sh--w- C:\FOUND.052
2009-06-21 15:18 . 2009-06-21 15:18 -------- d-sh--w- C:\FOUND.051
2009-06-12 22:49 . 2009-06-12 22:49 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-06-12 22:49 . 2009-06-12 22:49 -------- d-----w- c:\program files\DivX
2009-06-11 09:38 . 2009-05-07 15:30 349184 ------w- c:\windows\system32\dllcache\localspl.dll
2009-06-10 15:43 . 2009-06-10 15:43 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-10 13:23 . 2009-06-10 13:23 -------- d-----w- c:\program files\Mumble
2009-06-10 10:56 . 2009-06-10 10:56 -------- d-----w- c:\program files\PronoFoot Expert Plus
2009-06-06 13:03 . 2009-06-06 13:03 -------- d-sh--w- C:\FOUND.050
2009-06-02 17:27 . 2001-08-23 15:47 99840 ----a-w- c:\windows\system32\srusd.dll
2009-06-02 17:27 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-06-02 17:27 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\fnfilter.dll
2009-05-30 08:02 . 2009-05-30 08:02 -------- d-----w- c:\program files\OpenOfficePortable
2009-05-30 07:41 . 2009-05-30 07:41 -------- d-sh--w- C:\FOUND.049
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 17:47 . 2008-09-01 11:32 298104 ----a-w- c:\windows\system32\imon.dll
2009-06-25 17:47 . 2008-09-01 11:32 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-06-25 17:46 . 2008-09-01 11:32 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-06-21 13:40 . 2008-10-16 16:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-06 07:22 . 2009-06-06 07:21 314200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-06 07:22 . 2009-06-06 07:21 25440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-06 07:22 . 2009-06-06 07:21 348496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-06 07:22 . 2009-06-06 07:21 169312 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-06 07:22 . 2009-06-06 07:21 15688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-06 07:22 . 2009-04-25 07:45 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-06 07:21 . 2009-06-06 07:21 294240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-06 07:21 . 2009-06-06 07:21 83808 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-06 07:21 . 2009-06-06 07:21 1630048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-06 07:21 . 2009-06-06 07:21 40288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-06 07:21 . 2009-06-06 07:21 212848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-06 07:21 . 2009-06-06 07:21 640360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-06 07:21 . 2009-06-06 07:21 540536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-06 07:21 . 2009-06-06 07:21 559464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-06 07:21 . 2009-06-06 07:21 2352456 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-06 07:21 . 2009-06-06 07:21 627536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-06 07:21 . 2009-06-06 07:21 518488 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-06 07:21 . 2009-06-06 07:21 1005904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-22 05:58 . 2009-05-22 05:58 180096 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-15 16:26 . 2004-08-28 11:00 75318 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-15 16:26 . 2004-08-28 11:00 469512 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-07 15:30 . 2004-08-28 11:00 349184 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2004-08-28 11:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-28 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-25 07:21 . 2009-04-25 07:22 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-25 07:21 . 2009-04-25 07:21 64160 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-25 07:21 . 2009-04-25 07:21 73064 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-04-19 19:57 . 2004-08-28 11:00 1848064 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:30 . 2004-08-28 11:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 05:13 . 2008-11-03 15:28 327632 ----a-w- c:\documents and settings\Jean-Luc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-07-31 17:06 . 2008-07-31 17:05 4917219 ----a-w- c:\program files\uninstall.exe
2008-05-19 17:41 . 2008-07-31 17:05 1622016 ----a-w- c:\program files\iWizz.exe
2008-04-02 00:31 . 2008-07-31 17:05 1581056 ----a-w- c:\program files\QtCore4.dll
2008-02-19 19:29 . 2008-07-31 17:05 585728 ----a-w- c:\program files\QtNetwork4.dll
2008-02-19 19:28 . 2008-07-31 17:05 6434816 ----a-w- c:\program files\QtGui4.dll
2008-02-19 19:14 . 2008-07-31 17:05 356352 ----a-w- c:\program files\QtXml4.dll
2007-10-24 00:47 . 2008-07-31 17:05 635904 ----a-w- c:\program files\msvcr80.dll
2007-10-24 00:47 . 2008-07-31 17:05 558080 ----a-w- c:\program files\msvcp80.dll
2007-10-24 00:47 . 2008-07-31 17:05 479232 ----a-w- c:\program files\msvcm80.dll
2005-09-22 22:22 . 2008-07-31 17:05 522 ----a-w- c:\program files\Microsoft.VC80.CRT.manifest
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2004-08-28 11:00 1789952 ADDC47DFD517F2143D71E9310E414B50 c:\windows\explorer.exe
[-] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
[-] 2004-08-28 11:00 25088 43836CFFABAC8D6779E8EE55E308DF2C c:\windows\system32\ctfmon.exe
[-] 2008-04-14 02:34 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe
[-] 2004-08-28 11:00 1548288 2B1CDC3C0A56D6878323F591FE4E972A c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-05-22 05:44 2094616 ----a-w- c:\program files\Freecorder\tbFre1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2009-06-08 20:48 2094616 ----a-w- c:\program files\P2P_Torrent\tbP2P0.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-28 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"="c:\windows\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-06-25 949376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2008-06-19 2808832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-28 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2004-08-28 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-28 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Mickaël^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Mickaël\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"=
"c:\\Program Files\\Steam\\steamapps\\aemas\\counter-strike\\hl.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Mickaël\\Bureau\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59015:TCP"= 59015:TCP:mick
"49050:TCP"= 49050:TCP:counter strike
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/04/2009 09:22 64160]
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [28/08/2004 13:00 76208]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [28/08/2004 13:00 210224]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1005904]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [01/09/2008 13:32 15424]
S2 PSTRIP;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15/07/2007 03:37 27992]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [01/09/2008 11:49 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [01/09/2008 11:50 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [01/09/2008 11:51 36261]
S3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [01/09/2008 11:46 84788]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - HELPSVC
.
Contenu du dossier 'Tâches planifiées'
2009-06-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-06-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:21]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-rkfree - c:\program files\RKFree\rkfree.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
HKU-Default-RunOnce-nltide2 - rundll32 advpack.dll
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.google.fruDefault_Search_URL =
hxxp://www.google.fr/keyword/%s
mStart Page =
hxxp://www.google.fruSearchURL,(Default) =
hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-25 21:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2000478354-329068152-839522115-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2000478354-329068152-839522115-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A38AFE33-C892-6AD5-2628-02A0D0E718D4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ablhgdfmgmppmpjindjhfpeabjfohdmklc"=hex:61,61,00,00
"bblhgdfmgmppmpjindehkikeplpeipemmgnj"=hex:61,61,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\System32\thumbs.dll
c:\windows\System32\SHFOLDER.dll
c:\windows\system32\SETUPAPI.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2009-06-25 21:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-25 19:05
Avant-CF: 49 616 486 400 octets libres
Après-CF: 50 129 174 528 octets libres
235 --- E O F --- 2009-06-19 16:54
de breizh29560 » 25 Juin 2009 20:11 
