Scan combofix apres un souci antivirus
Résolu
CED
-
CED -
CED -
Bonjour,pouvez vous donner un avis sur ce rendu de scan.il est un peu ancien pues en refaire.un
ComboFix 09-03-29.02 - ced 2009-03-30 13:48:14.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1438 [GMT 2:00]
Lancé depuis: c:\documents and settings\ced\Bureau\Bibitte.exe
Commutateurs utilisés :: c:\documents and settings\ced\Mes documents\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\DA9F6BC5AD.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\DA9F6BC5AD.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Service_ASKService
-------\Service_ASKUpgrade
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.
2009-03-29 14:55 . 2009-03-29 14:55 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-03-29 14:53 . 2009-03-29 14:56 19,554 --a------ c:\windows\hpqins13.dat
2009-03-14 09:11 . 2009-03-14 09:11 <REP> d---s---- c:\documents and settings\ced\UserData
2009-03-14 09:11 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-14 09:11 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-14 09:11 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-13 14:58 . 2009-03-30 13:50 <REP> d-------- c:\documents and settings\ced\Tracing
2009-03-13 14:55 . 2009-03-17 09:22 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-13 14:55 . 2009-03-13 14:55 <REP> d-------- c:\program files\Microsoft
2009-03-13 14:54 . 2009-03-13 14:54 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-13 14:54 . 2009-03-13 14:55 <REP> d-------- c:\program files\Windows Live
2009-03-13 14:50 . 2009-03-13 14:50 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\documents and settings\ced\Application Data\Malwarebytes
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 22:29 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 22:29 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 21:43 . 2009-03-01 22:21 <REP> d-------- C:\rsit
2009-02-25 21:43 . 2009-03-24 09:17 <REP> d-------- c:\program files\trend micro
2009-02-25 20:35 . 2009-02-25 21:42 <REP> d-------- c:\program files\Navilog1
2009-02-25 13:19 . 2009-02-25 13:19 <REP> d-------- c:\program files\Fichiers communs\DirectX
2009-02-22 22:58 . 2009-02-25 13:19 <REP> d-------- c:\program files\Bagger-Simulator 2008 Demo
2009-02-22 20:40 . 2009-02-25 13:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-22 19:07 . 2009-02-25 13:19 <REP> d-------- c:\program files\Trymedia
2009-02-22 19:07 . 2009-02-23 22:42 36,734 --a------ c:\windows\system32\OggDSuninst.exe
2009-02-22 11:29 . 2009-03-01 20:51 <REP> d--h----- c:\documents and settings\ced\Application Data\drivers
2009-02-22 00:49 . 2009-03-24 09:19 <REP> d-------- c:\program files\sixteen tons entertainment
2009-02-16 20:46 . 2009-02-16 20:46 <REP> d-------- c:\documents and settings\ced\Application Data\Corel
2009-02-16 20:46 . 2009-02-16 20:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-02-16 20:44 . 2009-02-16 20:45 <REP> d-------- c:\program files\Fichiers communs\Corel
2009-02-16 20:40 . 2009-03-29 14:00 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-16 20:38 . 2009-02-16 20:38 <REP> d-------- c:\documents and settings\ced\Application Data\InstallShield
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\program files\AskSearch
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\program files\AskBarDis
2009-02-05 22:47 . 2009-03-29 23:09 <REP> d-------- c:\documents and settings\ced\Application Data\Azureus
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-02-05 22:45 . 2009-02-05 22:45 <REP> d-------- c:\program files\Fichiers communs\i4j_jres
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 10:20 --------- d-----w c:\documents and settings\ced\Application Data\EoRezo
2009-03-30 08:08 --------- d-----w c:\program files\EoRezo
2009-03-29 15:54 --------- d-----w c:\documents and settings\ced\Application Data\Apple Computer
2009-03-26 12:40 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-25 07:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 10:46 26,596,640 -c--a-w c:\program files\AdbeRdr90_fr_FR.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-01_19.53.44.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 13:59:50 1,847,680 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:59:36 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:03 8,518,144 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2009-03-13 12:55:24 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-03-13 12:54:50 62,304 ----a-r c:\windows\Installer\{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}\IconWlc.exe
- 2008-11-01 09:59:39 167,936 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-03-18 12:31:40 167,936 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-11-01 09:59:39 2,560 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-03-18 12:31:40 2,560 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-11-01 09:59:39 81,920 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-03-18 12:31:40 81,920 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-11-01 09:59:39 34,304 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-03-18 12:31:40 34,304 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-11-01 09:59:39 8,192 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-03-18 12:31:40 8,192 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-11-01 09:59:39 3,584 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-03-18 12:31:40 3,584 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-11-01 09:59:39 114,688 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-03-18 12:31:40 114,688 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-11-01 09:59:39 16,384 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-03-18 12:31:40 16,384 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-11-01 09:59:39 30,720 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-03-18 12:31:40 30,720 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-11-01 09:59:39 22,528 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-03-18 12:31:40 22,528 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-11-01 09:59:39 45,056 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-03-18 12:31:40 45,056 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-11-01 09:59:39 90,112 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-03-18 12:31:40 90,112 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\ARPPRODUCTICON.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 06:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 06:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2008-08-20 08:54:00 287,256 ----a-r c:\windows\system32\AbaleZip.dll
- 2001-01-22 02:25:24 32,768 -c--a-w c:\windows\system32\ATHPRXY.DLL
+ 2004-01-29 14:08:23 32,768 ----a-w c:\windows\system32\ATHPRXY.DLL
+ 2008-12-05 06:57:24 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:15 8,517,632 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 15:26:07 1,846,528 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 -c----w c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 1999-10-18 02:01:42 1,129,232 -c--a-w c:\windows\system32\FM20.DLL
+ 2003-09-25 11:07:00 1,139,472 ----a-w c:\windows\system32\FM20.DLL
- 2001-02-21 10:02:06 29,456 -c--a-w c:\windows\system32\FM20FRA.DLL
+ 2003-10-29 13:05:10 28,672 ----a-w c:\windows\system32\FM20FRA.DLL
- 2008-11-05 11:20:59 172,280 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-14 07:10:22 175,464 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 11:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-12-11 19:45:43 59,916 -c--a-w c:\windows\system32\perfc009.dat
+ 2009-03-29 07:46:30 59,916 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-11 19:45:43 73,260 -c--a-w c:\windows\system32\perfc00C.dat
+ 2009-03-29 07:46:30 73,260 ----a-w c:\windows\system32\perfc00C.dat
- 2008-12-11 19:45:43 397,696 -c--a-w c:\windows\system32\perfh009.dat
+ 2009-03-29 07:46:30 397,696 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-11 19:45:43 464,892 -c--a-w c:\windows\system32\perfh00C.dat
+ 2009-03-29 07:46:30 464,892 ----a-w c:\windows\system32\perfh00C.dat
- 2008-04-14 02:33:40 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:57:24 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2007-08-10 06:18:14 26,488 -c--a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-09-15 15:26:07 1,846,528 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 ----a-w c:\windows\system32\win32k.sys
- 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
- 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2008-08-20 08:54:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2008-08-20 08:54:00 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2008-08-20 08:54:00 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2008-08-20 08:54:00 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2007-11-06 19:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 00:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 00:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2008-04-15 17:49:31 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
- 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-03-01 78008]
"hpqSRMon"="d:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Zattoo\\zattood.exe"=
"d:\\Program Files\\Zattoo\\Zattoo1.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"31336:TCP"= 31336:TCP:adsltv
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78cdbb55-9fa2-11dd-95f7-d9ab3be3e37b}]
\Shell\Auto\command - cxfgamhao.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
Contenu du dossier 'Tâches planifiées'
2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ustart.org
mStart Page = hxxp://www.ustart.org
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 13:50:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1935655697-1364589140-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d8,69,ec,3a,82,0e,ee,c7,d8,28,20,89,8e,1d,76,ba,c1,4c,3a,2c,40,
5a,bb,0b,1f,4a,15,ac,cc,95,d1,4f,ce,59,0f,1b,25,30,bd,58,e3,bd,83,31,13,4d,\
"rkeysecu"=hex:27,b1,27,38,9b,e2,2e,93,76,ca,4a,07,08,8b,e2,e8
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2009-03-30 13:52:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-30 11:51:36
ComboFix2.txt 2009-03-01 18:56:13
Avant-CF: 13 065 318 400 octets libres
Après-CF: 13,883,219,968 octets libres
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
327 --- E O F --- 2009-03-18 12:31:41
ComboFix 09-03-29.02 - ced 2009-03-30 13:48:14.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1438 [GMT 2:00]
Lancé depuis: c:\documents and settings\ced\Bureau\Bibitte.exe
Commutateurs utilisés :: c:\documents and settings\ced\Mes documents\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\DA9F6BC5AD.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\DA9F6BC5AD.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Service_ASKService
-------\Service_ASKUpgrade
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.
2009-03-29 14:55 . 2009-03-29 14:55 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-03-29 14:53 . 2009-03-29 14:56 19,554 --a------ c:\windows\hpqins13.dat
2009-03-14 09:11 . 2009-03-14 09:11 <REP> d---s---- c:\documents and settings\ced\UserData
2009-03-14 09:11 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-14 09:11 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-14 09:11 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-13 14:58 . 2009-03-30 13:50 <REP> d-------- c:\documents and settings\ced\Tracing
2009-03-13 14:55 . 2009-03-17 09:22 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-13 14:55 . 2009-03-13 14:55 <REP> d-------- c:\program files\Microsoft
2009-03-13 14:54 . 2009-03-13 14:54 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-13 14:54 . 2009-03-13 14:55 <REP> d-------- c:\program files\Windows Live
2009-03-13 14:50 . 2009-03-13 14:50 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\documents and settings\ced\Application Data\Malwarebytes
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 22:29 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 22:29 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 21:43 . 2009-03-01 22:21 <REP> d-------- C:\rsit
2009-02-25 21:43 . 2009-03-24 09:17 <REP> d-------- c:\program files\trend micro
2009-02-25 20:35 . 2009-02-25 21:42 <REP> d-------- c:\program files\Navilog1
2009-02-25 13:19 . 2009-02-25 13:19 <REP> d-------- c:\program files\Fichiers communs\DirectX
2009-02-22 22:58 . 2009-02-25 13:19 <REP> d-------- c:\program files\Bagger-Simulator 2008 Demo
2009-02-22 20:40 . 2009-02-25 13:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-22 19:07 . 2009-02-25 13:19 <REP> d-------- c:\program files\Trymedia
2009-02-22 19:07 . 2009-02-23 22:42 36,734 --a------ c:\windows\system32\OggDSuninst.exe
2009-02-22 11:29 . 2009-03-01 20:51 <REP> d--h----- c:\documents and settings\ced\Application Data\drivers
2009-02-22 00:49 . 2009-03-24 09:19 <REP> d-------- c:\program files\sixteen tons entertainment
2009-02-16 20:46 . 2009-02-16 20:46 <REP> d-------- c:\documents and settings\ced\Application Data\Corel
2009-02-16 20:46 . 2009-02-16 20:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-02-16 20:44 . 2009-02-16 20:45 <REP> d-------- c:\program files\Fichiers communs\Corel
2009-02-16 20:40 . 2009-03-29 14:00 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-16 20:38 . 2009-02-16 20:38 <REP> d-------- c:\documents and settings\ced\Application Data\InstallShield
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\program files\AskSearch
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\program files\AskBarDis
2009-02-05 22:47 . 2009-03-29 23:09 <REP> d-------- c:\documents and settings\ced\Application Data\Azureus
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-02-05 22:45 . 2009-02-05 22:45 <REP> d-------- c:\program files\Fichiers communs\i4j_jres
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 10:20 --------- d-----w c:\documents and settings\ced\Application Data\EoRezo
2009-03-30 08:08 --------- d-----w c:\program files\EoRezo
2009-03-29 15:54 --------- d-----w c:\documents and settings\ced\Application Data\Apple Computer
2009-03-26 12:40 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-25 07:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 10:46 26,596,640 -c--a-w c:\program files\AdbeRdr90_fr_FR.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-01_19.53.44.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 13:59:50 1,847,680 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:59:36 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:03 8,518,144 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2009-03-13 12:55:24 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-03-13 12:54:50 62,304 ----a-r c:\windows\Installer\{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}\IconWlc.exe
- 2008-11-01 09:59:39 167,936 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-03-18 12:31:40 167,936 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-11-01 09:59:39 2,560 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-03-18 12:31:40 2,560 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-11-01 09:59:39 81,920 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-03-18 12:31:40 81,920 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-11-01 09:59:39 34,304 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-03-18 12:31:40 34,304 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-11-01 09:59:39 8,192 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-03-18 12:31:40 8,192 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-11-01 09:59:39 3,584 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-03-18 12:31:40 3,584 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-11-01 09:59:39 114,688 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-03-18 12:31:40 114,688 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-11-01 09:59:39 16,384 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-03-18 12:31:40 16,384 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-11-01 09:59:39 30,720 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-03-18 12:31:40 30,720 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-11-01 09:59:39 22,528 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-03-18 12:31:40 22,528 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-11-01 09:59:39 45,056 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-03-18 12:31:40 45,056 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-11-01 09:59:39 90,112 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-03-18 12:31:40 90,112 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\ARPPRODUCTICON.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 06:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 06:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2008-08-20 08:54:00 287,256 ----a-r c:\windows\system32\AbaleZip.dll
- 2001-01-22 02:25:24 32,768 -c--a-w c:\windows\system32\ATHPRXY.DLL
+ 2004-01-29 14:08:23 32,768 ----a-w c:\windows\system32\ATHPRXY.DLL
+ 2008-12-05 06:57:24 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:15 8,517,632 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 15:26:07 1,846,528 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 -c----w c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 1999-10-18 02:01:42 1,129,232 -c--a-w c:\windows\system32\FM20.DLL
+ 2003-09-25 11:07:00 1,139,472 ----a-w c:\windows\system32\FM20.DLL
- 2001-02-21 10:02:06 29,456 -c--a-w c:\windows\system32\FM20FRA.DLL
+ 2003-10-29 13:05:10 28,672 ----a-w c:\windows\system32\FM20FRA.DLL
- 2008-11-05 11:20:59 172,280 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-14 07:10:22 175,464 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 11:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-12-11 19:45:43 59,916 -c--a-w c:\windows\system32\perfc009.dat
+ 2009-03-29 07:46:30 59,916 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-11 19:45:43 73,260 -c--a-w c:\windows\system32\perfc00C.dat
+ 2009-03-29 07:46:30 73,260 ----a-w c:\windows\system32\perfc00C.dat
- 2008-12-11 19:45:43 397,696 -c--a-w c:\windows\system32\perfh009.dat
+ 2009-03-29 07:46:30 397,696 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-11 19:45:43 464,892 -c--a-w c:\windows\system32\perfh00C.dat
+ 2009-03-29 07:46:30 464,892 ----a-w c:\windows\system32\perfh00C.dat
- 2008-04-14 02:33:40 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:57:24 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2007-08-10 06:18:14 26,488 -c--a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-09-15 15:26:07 1,846,528 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 ----a-w c:\windows\system32\win32k.sys
- 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
- 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2008-08-20 08:54:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2008-08-20 08:54:00 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2008-08-20 08:54:00 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2008-08-20 08:54:00 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2007-11-06 19:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 00:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 00:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2008-04-15 17:49:31 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
- 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-03-01 78008]
"hpqSRMon"="d:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Zattoo\\zattood.exe"=
"d:\\Program Files\\Zattoo\\Zattoo1.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"31336:TCP"= 31336:TCP:adsltv
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78cdbb55-9fa2-11dd-95f7-d9ab3be3e37b}]
\Shell\Auto\command - cxfgamhao.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
Contenu du dossier 'Tâches planifiées'
2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ustart.org
mStart Page = hxxp://www.ustart.org
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 13:50:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1935655697-1364589140-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d8,69,ec,3a,82,0e,ee,c7,d8,28,20,89,8e,1d,76,ba,c1,4c,3a,2c,40,
5a,bb,0b,1f,4a,15,ac,cc,95,d1,4f,ce,59,0f,1b,25,30,bd,58,e3,bd,83,31,13,4d,\
"rkeysecu"=hex:27,b1,27,38,9b,e2,2e,93,76,ca,4a,07,08,8b,e2,e8
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2009-03-30 13:52:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-30 11:51:36
ComboFix2.txt 2009-03-01 18:56:13
Avant-CF: 13 065 318 400 octets libres
Après-CF: 13,883,219,968 octets libres
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
327 --- E O F --- 2009-03-18 12:31:41
A voir également:
- Scan combofix apres un souci antivirus
- Scan qr code pc - Guide
- Comodo antivirus - Télécharger - Sécurité
- Scan now - Guide
- Norton antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Panda antivirus - Télécharger - Antivirus & Antimalwares
27 réponses
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28, on 08/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Landwirtschafts-Simulator 2009\game.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: MaxTV.lnk = D:\Program Files\DMV\MaxTV4\maxtv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
Scan saved at 21:28, on 08/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Landwirtschafts-Simulator 2009\game.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: MaxTV.lnk = D:\Program Files\DMV\MaxTV4\maxtv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
Re
Impeccable
1)Télécharges tools cleaner afin de supprimer les logiciels de désinfection inutiles
---> Télécharge Toolscleaner sur ton Bureau.
http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2)Ensuite dis moi si tu as encore des problèmes
Impeccable
1)Télécharges tools cleaner afin de supprimer les logiciels de désinfection inutiles
---> Télécharge Toolscleaner sur ton Bureau.
http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2)Ensuite dis moi si tu as encore des problèmes
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\hijackthis.log: trouvé !
C:\TB.txt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\ced\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\ced\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\ced\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\ced\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\ced\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Documents and Settings\ced\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\TOOLS\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\trend micro\HijackThis: trouvé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\ced\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\ced\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\ced\Bureau\Ad-remover.lnk: supprimé !
C:\Documents and Settings\ced\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\ced\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Ad-remover\TOOLS\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\hijackthis.log: supprimé !
C:\TB.txt: supprimé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\ced\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\trend micro\HijackThis: ERREUR DE SUPPRESSION !!
--> Recherche:
C:\hijackthis.log: trouvé !
C:\TB.txt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\ced\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\ced\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\ced\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\ced\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\ced\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Documents and Settings\ced\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\TOOLS\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\trend micro\HijackThis: trouvé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\ced\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\ced\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\ced\Bureau\Ad-remover.lnk: supprimé !
C:\Documents and Settings\ced\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\ced\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Ad-remover\TOOLS\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\hijackthis.log: supprimé !
C:\TB.txt: supprimé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\ced\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\trend micro\HijackThis: ERREUR DE SUPPRESSION !!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re
Tu as le choix entre :
1)Antivir(français):http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal.
Tuto ici:http://www.libellules.ch/tuto_antivir.php
2)AVG 8.5(anglais):https://www.avg.com/fr-fr/free-antivirus-download?prd=afe
Tu as le choix entre :
1)Antivir(français):http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal.
Tuto ici:http://www.libellules.ch/tuto_antivir.php
2)AVG 8.5(anglais):https://www.avg.com/fr-fr/free-antivirus-download?prd=afe
Aprés avoir fixer ;on quitte hijackthis
Et on le relance pour une nouvelle analyse.