(encore une fois merci de m'aider ^^)
Voici donc le rapport Combofix, suivi du rapport hijack:
ComboFix 08-12-16.03 - Clement 2008-12-17 22:23:58.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.726 [GMT 1:00]
Lancé depuis: c:\documents and settings\Clement\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Clement\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\aqrwdhnn.dll
c:\windows\system32\lqsaqxoh.dll
c:\windows\system32\vliuuven.dll
c:\windows\system32\WvCKUvut.ini
c:\windows\system32\WvCKUvut.ini2
D:\resycled
E:\Autorun.inf
E:\resycled
F:\resycled
G:\resycled
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-17 au 2008-12-17 ))))))))))))))))))))))))))))))))))))
.
2008-12-17 17:22 . 2008-12-17 17:26 <REP> d-------- c:\program files\Winamp
2008-12-17 17:22 . 2008-12-17 17:26 <REP> d-------- c:\documents and settings\Clement\Application Data\Winamp
2008-12-16 23:43 . 2008-12-17 08:50 <REP> d-------- C:\ToolBar SD
2008-12-16 22:43 . 2008-12-16 22:43 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 22:43 . 2008-12-16 22:43 <REP> d-------- c:\documents and settings\Clement\Application Data\Malwarebytes
2008-12-16 22:43 . 2008-12-16 22:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 22:43 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-16 22:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 19:00 . 2008-12-15 19:00 22 -ra------ c:\windows\dxspool.ini
2008-12-15 18:59 . 2008-12-15 19:00 <REP> d-------- c:\documents and settings\Clement\Application Data\tvpaint animation
2008-12-15 18:24 . 2006-05-05 15:22 98,304 --a------ c:\windows\system32\TVPThumbnail.dll
2008-12-15 18:24 . 2008-12-15 18:24 146 --a------ c:\windows\tvpaint animation.ini
2008-12-15 17:06 . 2008-12-16 21:59 25,713 --a------ c:\windows\CSTBox.INI
2008-12-15 17:04 . 2008-12-16 21:59 <REP> d-------- c:\documents and settings\Clement\Application Data\Canon
2008-12-15 17:01 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-15 17:01 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-15 13:32 . 2008-12-15 13:32 <REP> d--h----- C:\CanoScan
2008-12-15 13:32 . 2002-11-20 15:15 729,088 --a------ c:\windows\system32\CNQA1209.DLL
2008-12-15 13:32 . 2002-11-20 13:42 507,904 --a------ c:\windows\system32\CNQL1209.DLL
2008-12-15 13:32 . 2001-07-20 15:25 393,225 --a------ c:\windows\system32\CNQ1209F.PLG
2008-12-15 13:32 . 2001-08-31 19:02 393,225 --a------ c:\windows\system32\CNQ1209B.PLG
2008-12-15 13:32 . 2001-09-26 13:20 393,225 --a------ c:\windows\system32\CNQ12091.PLG
2008-12-15 13:32 . 2002-05-24 03:04 389,180 --a------ c:\windows\system32\UCS32P.DLL
2008-12-15 13:32 . 2002-11-15 10:15 40,960 --a------ c:\windows\system32\CNQU83.DLL
2008-12-15 12:58 . 2006-08-10 02:02 75,264 --a------ c:\windows\system32\E_FLBBNE.DLL
2008-12-15 12:58 . 2006-04-19 02:00 62,976 --a------ c:\windows\system32\E_FD4BBNE.DLL
2008-12-15 12:58 . 2004-09-10 20:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2008-12-15 12:58 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-15 12:58 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-15 12:55 . 2008-12-15 12:55 <REP> d-------- c:\program files\EPSON
2008-12-15 12:55 . 2008-12-15 12:58 <REP> d-------- c:\documents and settings\All Users\Application Data\EPSON
2008-12-15 12:39 . 2008-12-15 12:39 <REP> d-------- c:\program files\Canon
2008-12-15 09:03 . 2008-12-15 09:03 <REP> d-------- c:\program files\WinISO
2008-12-14 22:31 . 2008-12-17 18:29 <REP> d-------- c:\documents and settings\Clement\Application Data\BitTorrent
2008-12-14 22:30 . 2008-12-17 18:41 <REP> d-------- c:\program files\DNA
2008-12-14 22:30 . 2008-12-17 22:21 <REP> d-------- c:\documents and settings\Clement\Application Data\DNA
2008-12-14 22:23 . 2008-09-18 12:46 14,860,728 --a------ c:\program files\Fallout3.exe
2008-12-14 22:23 . 2008-09-18 21:39 7,030,200 --a------ c:\program files\FalloutLauncher.exe
2008-12-14 22:08 . 2008-12-14 22:08 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-12-14 22:04 . 2008-12-14 22:04 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-14 22:01 . 2008-12-14 23:11 <REP> d-------- c:\program files\Bethesda Softworks
2008-12-14 22:01 . 2008-12-14 22:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-14 22:01 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-14 22:01 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-14 22:01 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-14 22:01 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-14 22:01 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-14 22:01 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-14 22:01 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-14 22:01 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-14 21:59 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-12-14 21:59 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-12-14 21:59 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-12-14 21:58 . 2008-12-14 21:58 <REP> d-------- c:\windows\system32\xlive
2008-12-14 21:58 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-14 21:52 . 2008-12-14 21:52 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-14 21:51 . 2008-12-14 21:51 <REP> d-------- c:\documents and settings\Clement\Application Data\DAEMON Tools
2008-12-14 16:10 . 2008-12-14 16:11 <REP> d-------- c:\documents and settings\Clement\Application Data\Autodesk
2008-12-14 15:58 . 2008-12-14 16:00 <REP> d-------- c:\program files\Fichiers communs\Autodesk Shared
2008-12-14 15:58 . 2008-12-14 16:00 <REP> d-------- c:\program files\Autodesk
2008-12-14 15:58 . 2008-12-14 16:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2008-12-14 15:58 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-12-14 15:58 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2008-12-14 15:58 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2008-12-14 15:57 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-14 15:57 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-12-14 15:55 . 2008-12-14 15:55 <REP> d--h----- c:\windows\$hf_mig$
2008-12-14 15:53 . 2008-12-14 15:53 <REP> d-------- C:\WTablet
2008-12-14 15:43 . 2008-12-17 18:51 <REP> d-------- c:\documents and settings\Clement\Application Data\dvdcss
2008-12-14 15:36 . 2008-12-14 15:36 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2008-12-14 15:36 . 2008-12-14 15:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-14 15:29 . 2008-12-14 15:29 <REP> d-------- c:\documents and settings\Clement\Application Data\Ambient Design
2008-12-14 15:24 . 2008-12-14 15:38 <REP> d-------- c:\program files\Fichiers communs\Adobe
2008-12-14 15:10 . 2000-10-02 02:00 119,568 --a------ c:\windows\system32\VB6FR.DLL
2008-12-14 15:10 . 2000-05-22 03:00 115,920 --a------ c:\windows\system32\MSINET.OCX
2008-12-14 15:10 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-12-14 15:05 . 2008-12-14 21:32 <REP> d-------- c:\documents and settings\Clement\Application Data\DivX
2008-12-14 15:02 . 2008-10-10 11:59 6,525,736 --a------ c:\windows\system32\WacomTablet.cpl
2008-12-14 15:02 . 2008-09-30 13:38 1,651,788 --a------ c:\windows\system32\WacomTablet.znc
2008-12-14 15:02 . 2004-08-19 16:09 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-14 15:02 . 2004-08-19 16:09 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-14 15:01 . 2004-08-19 16:00 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-14 15:01 . 2004-08-19 16:00 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-12-14 15:01 . 2007-02-15 16:11 11,440 --a------ c:\windows\system32\drivers\WacomVKHid.sys
2008-12-14 14:53 . 2008-12-14 19:36 <REP> d-------- c:\documents and settings\Clement\Application Data\vlc
2008-12-14 14:20 . 2008-12-14 14:20 <REP> d-------- c:\windows\system32\fr-FR
2008-12-14 14:19 . 2008-12-14 14:19 <REP> d-------- c:\program files\MSBuild
2008-12-14 14:15 . 2008-12-14 14:20 <REP> d-------- c:\windows\system32\XPSViewer
2008-12-14 14:15 . 2008-12-14 14:15 <REP> d-------- c:\program files\Reference Assemblies
2008-12-14 14:14 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 17:44 251,300 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-17 17:44 251,300 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2008-12-17 17:40 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-17 17:40 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2008-12-17 17:40 --------- d-----w c:\documents and settings\Clement\Application Data\WTablet
2008-12-17 17:30 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2008-12-15 17:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 14:02 --------- d-----w c:\program files\Tablet
2008-12-14 12:57 --------- d-----w c:\program files\MSN Messenger
2008-12-14 12:52 --------- d-----w c:\program files\DivX
2008-12-14 12:43 --------- d-----w c:\program files\VideoLAN
2008-12-14 12:22 --------- d-----w c:\program files\Lphant
2008-12-14 12:19 --------- d-----w c:\program files\Panda Security
2008-12-14 12:19 --------- d-----w c:\documents and settings\Clement\Application Data\Panda Security
2008-12-14 12:19 --------- d-----w c:\documents and settings\All Users\Application Data\Panda Security
2008-12-14 12:17 --------- d-----w c:\program files\Fichiers communs\Panda Security
2008-12-14 12:07 --------- d-----w c:\program files\Realtek Sound Manager
2008-12-14 12:07 --------- d-----w c:\program files\Realtek AC97
2008-12-14 12:07 --------- d-----w c:\program files\AvRack
2008-12-14 12:04 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-12-14 11:57 --------- d-----w c:\program files\microsoft frontpage
2008-12-14 11:54 --------- d-----w c:\program files\Services en ligne
2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll
2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe
2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll
2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll
2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll
2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll
2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-10-28 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-10 11:13 2,749,224 ----a-w c:\windows\system32\Wacom_Tablet.exe
2008-10-10 11:00 182,056 ----a-w c:\windows\system32\Wacom_Tablet.dll
2008-10-10 10:50 172,840 ----a-w c:\windows\system32\Wintab32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-14 342336]
"EPSON Stylus Photo R265 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE" [2006-05-19 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-10-22 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\Clement\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Lphant\\eLePhantClient.exe"=
R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-12-14 28544]
R1 APPFLT;App Filter Plugin;\??\c:\windows\System32\Drivers\APPFLT.SYS [2008-12-14 73728]
R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\System32\Drivers\DSAFLT.SYS [2008-12-14 52992]
R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\System32\Drivers\fnetmon.SYS [2008-12-14 22072]
R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\System32\Drivers\IDSFLT.SYS [2008-12-14 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\System32\Drivers\NETFLTDI.SYS [2008-12-14 13:23:55 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-12-14 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\System32\Drivers\WNMFLT.SYS [2008-12-14 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\System32\svchost -k Panda []
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 65536]
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\System32\DRIVERS\PavProc.sys [2008-12-14 179640]
R2 PskSvcRetail;Panda PSK service;"c:\program files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe" [2008-12-14 28928]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\System32\Wacom_Tablet.exe [2008-12-14 2749224]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-12-14 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\System32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\System32\PavTPK.sys []
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-12-14 15656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f448aee-cc2f-11dd-b9fb-0015f29d981e}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com j:
\Shell\Open\command - k:\resycled\boot.com j:
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext =
hxxp://www.pandasecurity.com/redirector ... e&lang=freFF - ProfilePath - c:\documents and settings\Clement\Application Data\Mozilla\Firefox\Profiles\32ebb3oe.default\
FF - plugin: c:\program files\DNA\plugins\npbtdna.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-17 22:25:25
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
.
Heure de fin: 2008-12-17 22:26:01
ComboFix-quarantined-files.txt 2008-12-17 21:25:57
Avant-CF: 15,634,698,240 octets libres
Après-CF: 15,625,281,536 octets libres
276 --- E O F --- 2008-12-14 14:55:19
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:51, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Wacom_Tablet.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\System32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\System32\Wacom_Tablet.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Clement\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.pandasecurity.com/redirector ... e&lang=freR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_SCF.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\System32\Wacom_Tablet.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
--
End of file - 5534 bytes