ComboFix 11-11-08.02 - user 09/11/2011 18:08:55.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.991.499 [GMT 1:00]
Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\user\Bureau\CFScript.txt
AV: Panda Global Protection 2011 *Disabled/Updated* {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2011 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
FILE ::
"c:\windows\system32\drivers\3a_s6haj.sys"
"c:\windows\system32\drivers\xwrwpydk.sys"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_3A_S6HAJ.SYS
-------\Service_3a_s6haj.sys
-------\Service_ighqfd
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-10-09 au 2011-11-09 ))))))))))))))))))))))))))))))))))))
.
.
2011-11-08 20:57 . 2011-11-08 20:57 -------- d-----w- c:\program files\MozBackup
2011-11-07 17:11 . 2011-10-03 04:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-06 16:36 . 2011-11-06 16:36 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-05 18:06 . 2011-11-05 18:06 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-05 18:06 . 2011-11-07 16:58 -------- d-----w- c:\program files\Trend Micro
2011-11-04 19:02 . 2011-11-04 19:02 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-11-04 19:02 . 2011-11-04 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-04 19:02 . 2011-11-04 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 19:02 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 10:21 . 2011-11-02 10:21 -------- d-----w- c:\documents and settings\Administrateur
2011-11-02 10:12 . 2011-11-02 10:12 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help
2011-10-16 18:30 . 2011-10-16 18:30 -------- d-----w- c:\program files\GIMP-2.0
2011-10-15 14:23 . 2011-10-15 14:23 -------- d-----w- c:\program files\iPod
2011-10-15 14:20 . 2011-10-15 14:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-15 14:18 . 2011-10-15 14:19 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 01:37 . 2008-11-10 14:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-03-02 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-09 17:03 . 2011-11-06 20:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-08_21.50.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-09 17:17 . 2011-11-09 17:17 16384 c:\windows\Temp\Perflib_Perfdata_47c.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 21836 c:\windows\Temp\cteng_1_2_71320793228.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 41500 c:\windows\Temp\cteng_1_2_681320835057.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 23092 c:\windows\Temp\cteng_1_2_651320825622.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 28424 c:\windows\Temp\cteng_1_2_611320761175.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 22476 c:\windows\Temp\cteng_1_2_51320832822.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 20924 c:\windows\Temp\cteng_1_2_121320804019.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 24320 c:\windows\Temp\cteng_1_1_71320793243.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 37712 c:\windows\Temp\cteng_1_1_471320721216.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 27416 c:\windows\Temp\cteng_1_1_131320732013.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 23972 c:\windows\Temp\cteng_1_1_121320710412.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 35764 c:\windows\Temp\cteng_1_1_111320786022.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 3444 c:\windows\Temp\cteng_1_1_61320782421.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 142248 c:\windows\Temp\cteng_17_2_91320800421.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 150736 c:\windows\Temp\cteng_17_2_81320823097.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 148392 c:\windows\Temp\cteng_17_2_71320834968.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 142872 c:\windows\Temp\cteng_17_2_61320811290.dat
+ 2011-11-09 12:38 . 2011-11-09 12:38 135320 c:\windows\Temp\cteng_17_1_51320742817.dat
+ 2011-07-19 07:00 . 2011-11-09 12:35 288808 c:\windows\system32\drivers\APPFCONT.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2007-04-10 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-17 536576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-09-20 801792]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE" [2011-09-05 984576]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2011\Inicio.exe" [2010-06-11 68928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 10:55 55552 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Hiyo"=c:\program files\HiYo\bin\HiYo.exe /RunFromStartup
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [19/07/2011 8:00 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [19/07/2011 8:00 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [19/07/2011 8:00 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [19/07/2011 8:00 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [19/07/2011 8:00 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [19/07/2011 8:00 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [19/07/2011 7:58 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [19/07/2011 8:00 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [19/07/2011 8:00 59080]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [19/07/2011 7:58 163336]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2011\psksvc.exe [19/07/2011 8:00 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [19/07/2011 8:00 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 xcpip;Pilote du protocole TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Pilote IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [11/02/2009 17:12 210792]
S3 PAC207;Sweex Webcam USB;c:\windows\system32\drivers\PFC027.SYS [25/10/2007 17:31 616064]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [7/07/2011 10:39 111464]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [6/11/2011 17:36 111872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
Contenu du dossier 'Tâches planifiées'
.
2011-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1960408961-839522115-1004Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 10:30]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1960408961-839522115-1004UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 10:30]
.
2011-09-01 c:\windows\Tasks\Nettoyage de base.job
- c:\program files\Panda Security\Panda Global Protection 2011\PlaTasks.exe [2011-07-19 17:12]
.
2011-11-09 c:\windows\Tasks\User_Feed_Synchronization-{CFA52781-8702-4A2A-8681-54DC4D3F4925}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.google.be/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\documents and settings\user\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\user\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{DA67E3A6-7AE5-4706-A08B-1A47EC3869AF}: NameServer = 193.74.208.135,193.121.171.135
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\gytyk2fa.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-11-09 18:18
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\avldr.dll
.
- - - - - - - > 'explorer.exe'(5940)
c:\program files\Panda Security\Panda Global Protection 2011\pavoepl.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Panda Security\Panda Global Protection 2011\TPSrv.exe
c:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2011\WebProxy.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Panda Security\Panda Global Protection 2011\PsCtrls.exe
c:\program files\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
c:\program files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda global protection 2011\firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Global Protection 2011\PsImSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
c:\program files\Panda Security\Panda Global Protection 2011\AVENGINE.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Panda Security\Panda Global Protection 2011\SRVLOAD.EXE
c:\program files\Panda Security\Panda Global Protection 2011\PavBckPT.exe
.
**************************************************************************
.
Heure de fin: 2011-11-09 18:24:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-11-09 17:24
ComboFix2.txt 2011-11-08 21:52
.
Avant-CF: 137.179.287.552 octets libres
Après-CF: 137.090.519.040 octets libres
.
- - End Of File - - 77D581AFE4EAC37208A740D019F18378