Scan navilog1
CED
-
CED -
CED -
Bonjour, si vous pouviez verifier ce scan svp.merci
Search Navipromo version 3.7.4 commencé le 25/02/2009 à 19:40:55,91
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz )
BIOS : BIOS Date: 07/13/07 21:27:16 Ver: 08.00.12
USER : ced ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:3 Go)
D:\ (Local Disk) - NTFS - Total:119 Go (Free:97 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ced\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ced\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ced\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\ced\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\ced\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 25/02/2009 à 19:41:08,43 ***
Search Navipromo version 3.7.4 commencé le 25/02/2009 à 19:40:55,91
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz )
BIOS : BIOS Date: 07/13/07 21:27:16 Ver: 08.00.12
USER : ced ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:3 Go)
D:\ (Local Disk) - NTFS - Total:119 Go (Free:97 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ced\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ced\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\ced\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\ced\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\ced\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 25/02/2009 à 19:41:08,43 ***
A voir également:
- Scan navilog1
- Scan qr code pc - Guide
- Sfc scan - Guide
- Scan spotify - Guide
- Google traduction photo scan - Guide
- Pourquoi scan manga ne marche plus ✓ - Forum Réseaux sociaux
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1438 [GMT 2:00]
Lancé depuis: c:\documents and settings\ced\Bureau\Bibitte.exe
Commutateurs utilisés :: c:\documents and settings\ced\Mes documents\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\DA9F6BC5AD.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\DA9F6BC5AD.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Service_ASKService
-------\Service_ASKUpgrade
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.
2009-03-29 14:55 . 2009-03-29 14:55 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-03-29 14:53 . 2009-03-29 14:56 19,554 --a------ c:\windows\hpqins13.dat
2009-03-14 09:11 . 2009-03-14 09:11 <REP> d---s---- c:\documents and settings\ced\UserData
2009-03-14 09:11 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-14 09:11 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-14 09:11 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-13 14:58 . 2009-03-30 13:50 <REP> d-------- c:\documents and settings\ced\Tracing
2009-03-13 14:55 . 2009-03-17 09:22 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-13 14:55 . 2009-03-13 14:55 <REP> d-------- c:\program files\Microsoft
2009-03-13 14:54 . 2009-03-13 14:54 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-13 14:54 . 2009-03-13 14:55 <REP> d-------- c:\program files\Windows Live
2009-03-13 14:50 . 2009-03-13 14:50 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\documents and settings\ced\Application Data\Malwarebytes
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 22:29 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 22:29 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 21:43 . 2009-03-01 22:21 <REP> d-------- C:\rsit
2009-02-25 21:43 . 2009-03-24 09:17 <REP> d-------- c:\program files\trend micro
2009-02-25 20:35 . 2009-02-25 21:42 <REP> d-------- c:\program files\Navilog1
2009-02-25 13:19 . 2009-02-25 13:19 <REP> d-------- c:\program files\Fichiers communs\DirectX
2009-02-22 22:58 . 2009-02-25 13:19 <REP> d-------- c:\program files\Bagger-Simulator 2008 Demo
2009-02-22 20:40 . 2009-02-25 13:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-22 19:07 . 2009-02-25 13:19 <REP> d-------- c:\program files\Trymedia
2009-02-22 19:07 . 2009-02-23 22:42 36,734 --a------ c:\windows\system32\OggDSuninst.exe
2009-02-22 11:29 . 2009-03-01 20:51 <REP> d--h----- c:\documents and settings\ced\Application Data\drivers
2009-02-22 00:49 . 2009-03-24 09:19 <REP> d-------- c:\program files\sixteen tons entertainment
2009-02-16 20:46 . 2009-02-16 20:46 <REP> d-------- c:\documents and settings\ced\Application Data\Corel
2009-02-16 20:46 . 2009-02-16 20:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-02-16 20:44 . 2009-02-16 20:45 <REP> d-------- c:\program files\Fichiers communs\Corel
2009-02-16 20:40 . 2009-03-29 14:00 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-16 20:38 . 2009-02-16 20:38 <REP> d-------- c:\documents and settings\ced\Application Data\InstallShield
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\program files\AskSearch
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\program files\AskBarDis
2009-02-05 22:47 . 2009-03-29 23:09 <REP> d-------- c:\documents and settings\ced\Application Data\Azureus
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-02-05 22:45 . 2009-02-05 22:45 <REP> d-------- c:\program files\Fichiers communs\i4j_jres
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 10:20 --------- d-----w c:\documents and settings\ced\Application Data\EoRezo
2009-03-30 08:08 --------- d-----w c:\program files\EoRezo
2009-03-29 15:54 --------- d-----w c:\documents and settings\ced\Application Data\Apple Computer
2009-03-26 12:40 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-25 07:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 10:46 26,596,640 -c--a-w c:\program files\AdbeRdr90_fr_FR.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-01_19.53.44.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 13:59:50 1,847,680 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:59:36 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:03 8,518,144 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2009-03-13 12:55:24 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-03-13 12:54:50 62,304 ----a-r c:\windows\Installer\{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}\IconWlc.exe
- 2008-11-01 09:59:39 167,936 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-03-18 12:31:40 167,936 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-11-01 09:59:39 2,560 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-03-18 12:31:40 2,560 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-11-01 09:59:39 81,920 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-03-18 12:31:40 81,920 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-11-01 09:59:39 34,304 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-03-18 12:31:40 34,304 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-11-01 09:59:39 8,192 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-03-18 12:31:40 8,192 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-11-01 09:59:39 3,584 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-03-18 12:31:40 3,584 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-11-01 09:59:39 114,688 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-03-18 12:31:40 114,688 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-11-01 09:59:39 16,384 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-03-18 12:31:40 16,384 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-11-01 09:59:39 30,720 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-03-18 12:31:40 30,720 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-11-01 09:59:39 22,528 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-03-18 12:31:40 22,528 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-11-01 09:59:39 45,056 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-03-18 12:31:40 45,056 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-11-01 09:59:39 90,112 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-03-18 12:31:40 90,112 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\ARPPRODUCTICON.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 06:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 06:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2008-08-20 08:54:00 287,256 ----a-r c:\windows\system32\AbaleZip.dll
- 2001-01-22 02:25:24 32,768 -c--a-w c:\windows\system32\ATHPRXY.DLL
+ 2004-01-29 14:08:23 32,768 ----a-w c:\windows\system32\ATHPRXY.DLL
+ 2008-12-05 06:57:24 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:15 8,517,632 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 15:26:07 1,846,528 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 -c----w c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 1999-10-18 02:01:42 1,129,232 -c--a-w c:\windows\system32\FM20.DLL
+ 2003-09-25 11:07:00 1,139,472 ----a-w c:\windows\system32\FM20.DLL
- 2001-02-21 10:02:06 29,456 -c--a-w c:\windows\system32\FM20FRA.DLL
+ 2003-10-29 13:05:10 28,672 ----a-w c:\windows\system32\FM20FRA.DLL
- 2008-11-05 11:20:59 172,280 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-14 07:10:22 175,464 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 11:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-12-11 19:45:43 59,916 -c--a-w c:\windows\system32\perfc009.dat
+ 2009-03-29 07:46:30 59,916 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-11 19:45:43 73,260 -c--a-w c:\windows\system32\perfc00C.dat
+ 2009-03-29 07:46:30 73,260 ----a-w c:\windows\system32\perfc00C.dat
- 2008-12-11 19:45:43 397,696 -c--a-w c:\windows\system32\perfh009.dat
+ 2009-03-29 07:46:30 397,696 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-11 19:45:43 464,892 -c--a-w c:\windows\system32\perfh00C.dat
+ 2009-03-29 07:46:30 464,892 ----a-w c:\windows\system32\perfh00C.dat
- 2008-04-14 02:33:40 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:57:24 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2007-08-10 06:18:14 26,488 -c--a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-09-15 15:26:07 1,846,528 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 ----a-w c:\windows\system32\win32k.sys
- 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
- 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2008-08-20 08:54:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2008-08-20 08:54:00 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2008-08-20 08:54:00 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2008-08-20 08:54:00 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2007-11-06 19:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 00:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 00:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2008-04-15 17:49:31 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
- 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-03-01 78008]
"hpqSRMon"="d:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Zattoo\\zattood.exe"=
"d:\\Program Files\\Zattoo\\Zattoo1.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"31336:TCP"= 31336:TCP:adsltv
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78cdbb55-9fa2-11dd-95f7-d9ab3be3e37b}]
\Shell\Auto\command - cxfgamhao.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
Contenu du dossier 'Tâches planifiées'
2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ustart.org
mStart Page = hxxp://www.ustart.org
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 13:50:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1935655697-1364589140-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d8,69,ec,3a,82,0e,ee,c7,d8,28,20,89,8e,1d,76,ba,c1,4c,3a,2c,40,
5a,bb,0b,1f,4a,15,ac,cc,95,d1,4f,ce,59,0f,1b,25,30,bd,58,e3,bd,83,31,13,4d,\
"rkeysecu"=hex:27,b1,27,38,9b,e2,2e,93,76,ca,4a,07,08,8b,e2,e8
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2009-03-30 13:52:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-30 11:51:36
ComboFix2.txt 2009-03-01 18:56:13
Avant-CF: 13 065 318 400 octets libres
Après-CF: 13,883,219,968 octets libres
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
327 --- E O F --- 2009-03-18 12:31:41