Virus rootkits ???
cruzy
Messages postés
107
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j'ai un petit soucis je pense j'ai ce module qui essaye de se lancer
C:\windows\systeme32\drivers\mbamcathme.sys
detecter par action resident de spyware terminator
le jour d'avant adaware 2008 a trouvé 5 virus (W32.trojan.packed) dans
c:\System Volume Information\_restore (632512........)
voila
au secours!!!!!
merci d'avance
j'ai un petit soucis je pense j'ai ce module qui essaye de se lancer
C:\windows\systeme32\drivers\mbamcathme.sys
detecter par action resident de spyware terminator
le jour d'avant adaware 2008 a trouvé 5 virus (W32.trojan.packed) dans
c:\System Volume Information\_restore (632512........)
voila
au secours!!!!!
merci d'avance
A voir également:
- Virus rootkits ???
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
6 réponses
slt
c:\System Volume Information\_restore (632512........)
c'est ta restauration system
pour virer ce qui est dedans , désative la restauration puis redemarre ton ordi puis réactive la:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924
__________________
analyse ce fihcier sur virus total et colle le rapport:
https://www.virustotal.com/gui/
C:\windows\systeme32\drivers\mbamcathme.sys
_________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
c:\System Volume Information\_restore (632512........)
c'est ta restauration system
pour virer ce qui est dedans , désative la restauration puis redemarre ton ordi puis réactive la:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924
__________________
analyse ce fihcier sur virus total et colle le rapport:
https://www.virustotal.com/gui/
C:\windows\systeme32\drivers\mbamcathme.sys
_________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
j'avais deja desactiver la restauration en voyant ca, en plus je l'utilise pas puisque je ghost donc j'ai laisser desactiver
Fichier mbamcatchme.sys reçu le 2008.06.04 17:10:12 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/31 (0%)
je peux autoriser le processus alors ????
voila le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:57, on 04/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe
F:\Progs\Utililaires\Clavier\clavier +\Clavier.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Micro Application\MediaDICO\MediaDICO.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Micro Application\MediaDICO\Rac.EXE
C:\Program Files\BlazeVideo\BlazeDTV 2.5a\RemoteControl\CE6230_RCReader.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\cruzy\Bureau\ze\ze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: HP92F72B HP0018FE92F72B
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe"
O4 - HKCU\..\Run: [Clavier+] F:\Progs\Utililaires\Clavier\clavier +\Clavier.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe Lancement
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Fichier mbamcatchme.sys reçu le 2008.06.04 17:10:12 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/31 (0%)
je peux autoriser le processus alors ????
voila le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:57, on 04/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe
F:\Progs\Utililaires\Clavier\clavier +\Clavier.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Micro Application\MediaDICO\MediaDICO.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Micro Application\MediaDICO\Rac.EXE
C:\Program Files\BlazeVideo\BlazeDTV 2.5a\RemoteControl\CE6230_RCReader.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\cruzy\Bureau\ze\ze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: HP92F72B HP0018FE92F72B
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe"
O4 - HKCU\..\Run: [Clavier+] F:\Progs\Utililaires\Clavier\clavier +\Clavier.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe Lancement
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
re voila le rapport
ComboFix 08-06-03.4 - cruzy 2008-06-04 20:14:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1300 [GMT 2:00]
Endroit: C:\Documents and Settings\cruzy\Bureau\ze.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\systeminfo.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.
2008-06-04 20:12 . 2008-06-04 20:13 <REP> d-------- C:\327882R2FWJFW
2008-06-04 19:30 . 2008-06-04 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-04 19:26 . 2008-06-04 19:26 <REP> d-------- C:\Program Files\SlySoft
2008-06-04 19:26 . 2008-06-04 19:26 0 ---hs---- C:\WINDOWS\SB2E57688.tmp
2008-06-03 16:00 . 2008-06-03 16:01 <REP> d-------- C:\www
2008-06-03 15:57 . 2008-06-03 15:58 <REP> d-------- C:\Program Files\EasyPHP 2.0b1
2008-06-03 14:49 . 2008-06-03 15:09 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\FileZilla
2008-06-03 14:45 . 2008-06-03 14:45 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-06-03 00:32 . 2008-06-03 00:32 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\DivX
2008-06-03 00:31 . 2008-06-03 00:31 <REP> d-------- C:\Program Files\DivX
2008-06-03 00:29 . 2008-06-03 00:29 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-06-03 00:28 . 2008-06-03 23:52 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-06-01 18:06 . 2008-06-01 18:06 <REP> d-------- C:\Program Files\SuperCopier2
2008-05-31 20:40 . 2008-06-01 22:35 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-31 13:04 . 2008-05-31 13:05 <REP> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-05-30 23:04 . 2008-05-31 18:59 <REP> d-------- C:\Program Files\Ant Movie Catalog
2008-05-30 22:29 . 2008-06-01 12:14 <REP> d-------- C:\Program Files\Team MediaPortal
2008-05-30 22:29 . 2008-06-01 12:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-05-30 19:30 . 2008-05-30 19:30 2,142 --a------ C:\WINDOWS\system32\ST6UNST.000
2008-05-30 14:09 . 2008-05-30 19:30 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-30 14:09 . 2008-05-30 19:30 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-30 13:37 . 2008-05-30 13:37 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-28 23:22 . 2008-05-28 23:47 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-28 23:02 . 2008-06-02 22:43 <REP> d-------- C:\Program Files\WinClamAVShield
2008-05-28 22:59 . 2008-06-04 17:16 <REP> d-------- C:\Program Files\Spyware Terminator
2008-05-28 22:59 . 2008-05-28 22:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 22:59 . 2008-06-04 17:16 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Spyware Terminator
2008-05-28 22:59 . 2008-06-04 13:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-28 22:59 . 2008-05-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 22:57 . 2008-05-28 22:57 <REP> d-------- C:\Program Files\SWF Opener
2008-05-28 22:43 . 2008-05-28 22:43 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\vlc
2008-05-28 22:23 . 2008-05-28 22:23 <REP> d-------- C:\Program Files\CCleaner
2008-05-28 21:52 . 2008-05-28 21:52 <REP> d-------- C:\Program Files\VideoLAN
2008-05-28 21:43 . 2008-05-28 22:40 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-28 19:28 . 2008-06-04 16:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 19:28 . 2008-05-28 19:28 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Malwarebytes
2008-05-28 19:28 . 2008-05-28 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 19:28 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 19:28 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 19:21 . 2008-05-28 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-28 19:16 . 2008-05-28 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-28 18:47 . 2008-05-28 18:47 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-28 18:40 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-28 18:40 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-28 18:33 . 2008-05-28 18:33 <REP> d-------- C:\Program Files\Bonjour
2008-05-28 18:27 . 2008-05-28 18:27 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-28 15:56 . 2008-05-28 19:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-28 13:22 . 2008-05-28 13:22 <REP> d-------- C:\WINDOWS\Sun
2008-05-28 12:45 . 2008-05-28 12:45 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-28 08:43 . 2008-05-28 08:43 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-28 08:43 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-28 08:43 . 2004-02-01 03:02 393,216 --a------ C:\WINDOWS\system32\LameACM.acm
2008-05-28 08:43 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-28 08:43 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-28 08:43 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-05-28 08:43 . 2004-01-25 18:18 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-28 08:43 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-28 08:43 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-28 08:43 . 2004-02-01 03:02 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-27 16:06 . 2008-05-27 16:06 2,521 --a------ C:\WINDOWS\system32\NMMediaServer.cfg
2008-05-27 16:05 . 2008-05-27 16:05 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Nero
2008-05-27 15:59 . 2008-06-04 20:00 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-27 15:41 . 2008-05-27 15:41 <REP> d-------- C:\Program Files\Nero
2008-05-27 15:41 . 2008-05-27 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-05-27 15:41 . 2008-05-27 15:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-27 15:28 . 2008-06-03 22:40 <REP> d-------- C:\Program Files\eMule
2008-05-27 14:58 . 2008-05-27 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-27 14:55 . 2008-06-04 13:25 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Azureus
2008-05-27 14:03 . 2008-05-27 14:03 <REP> d-------- C:\Program Files\Java
2008-05-27 14:03 . 2008-05-27 14:03 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-27 14:03 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\Program Files\EBP
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EBP
2008-05-27 11:38 . 2008-05-27 11:38 <REP> d-------- C:\Program Files\NFO viewer
2008-05-26 23:03 . 2008-05-26 23:03 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Talkback
2008-05-26 20:47 . 2008-05-26 20:47 <REP> d-------- C:\Program Files\Extracteur Icones 3
2008-05-26 12:07 . 2008-05-26 12:07 <REP> d-------- C:\Program Files\Lavasoft
2008-05-26 12:07 . 2008-05-26 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-26 12:05 . 2008-05-26 12:05 <REP> d-------- C:\Program Files\Micro Application
2008-05-26 12:05 . 2003-04-03 09:43 1,524,736 --a------ C:\WINDOWS\MediaDicoDll.dll
2008-05-26 12:05 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-26 12:05 . 2002-01-04 17:13 229,444 --a------ C:\WINDOWS\RACHook.dll
2008-05-26 12:05 . 2001-12-23 20:34 199,680 --a------ C:\WINDOWS\MediaRAC.dll
2008-05-26 12:05 . 2008-05-26 12:05 1,951 --a------ C:\WINDOWS\MediaRAC.ini
2008-05-26 12:04 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-26 12:04 . 2008-05-26 12:04 385 --a------ C:\WINDOWS\ODBC.INI
2008-05-26 12:02 . 2008-05-26 12:03 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-05-26 12:02 . 2008-05-26 12:02 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-26 11:58 . 2008-05-28 21:44 1,823 --a------ C:\WINDOWS\mozver.dat
2008-05-26 11:52 . 2008-06-04 19:30 18,328 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-26 11:40 . 2008-05-26 23:53 <REP> d-------- C:\Program Files\SiteAdvisor
2008-05-26 11:40 . 2008-06-03 22:57 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\SiteAdvisor
2008-05-26 11:39 . 2008-05-26 11:39 <REP> d-------- C:\Program Files\McAfee.com
2008-05-26 11:39 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-26 11:39 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-26 11:39 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-26 11:39 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-26 11:39 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-26 11:39 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-26 11:38 . 2008-05-26 20:11 <REP> d-------- C:\Program Files\McAfee
2008-05-26 11:38 . 2008-05-26 11:53 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-05-26 11:38 . 2008-05-26 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-26 11:28 . 2008-05-26 11:28 <REP> d-------- C:\Program Files\Yahoo!
2008-05-26 11:22 . 2008-05-26 11:22 <REP> d-------- C:\Program Files\Webteh
2008-05-26 11:21 . 2008-05-26 11:21 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2008-05-26 11:21 . 2008-05-26 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-26 11:21 . 2008-05-26 11:21 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\TuneUp Software
2008-05-26 11:21 . 2008-05-26 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-26 11:21 . 2007-01-17 14:47 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-24 16:11 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-24 16:11 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-24 16:11 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-24 16:11 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-24 16:11 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-24 16:11 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-24 16:11 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-24 16:11 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-24 16:11 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-24 16:07 . 2008-05-24 16:07 <REP> d-------- C:\Program Files\proDAD
2008-05-24 16:01 . 2008-05-24 16:01 <REP> d-------- C:\Program Files\AdorageI-SAL
2008-05-24 16:01 . 2008-05-24 16:01 <REP> d-------- C:\Program Files\AdorageI-GfxDatas
2008-05-24 15:54 . 2002-09-24 11:12 2,653,888 --a------ C:\WINDOWS\system32\LTRDG13n.OCX
2008-05-24 15:54 . 2002-09-24 11:12 534,192 --a------ C:\WINDOWS\system32\LTRVW13N.OCX
2008-05-24 15:54 . 2002-09-24 11:12 466,624 --a------ C:\WINDOWS\system32\LTRPR13n.DLL
2008-05-24 15:54 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 09:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 11:32 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-24 09:47 --------- d-----w C:\Program Files\PowerQuest
2008-05-24 09:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-24 09:39 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-24 09:37 --------- d-----w C:\Program Files\Analog Devices
2008-05-24 09:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-24 09:23 --------- d-----w C:\Program Files\Services en ligne
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:03 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" [2007-03-07 17:30 270336]
"Clavier+"="F:\Progs\Utililaires\Clavier\clavier +\Clavier.exe" [2006-11-29 15:08 69632]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 14:47 311816]
"MediaDico"="C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe" [2003-03-26 19:41 252416]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-28 13:10 2120640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-10 02:32 5513216]
"nwiz"="nwiz.exe" [2005-01-10 02:32 1490944 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-01-10 02:32 86016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-28 23:47 1817600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
C:\Documents and Settings\cruzy\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-28 23:47]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [2005-08-18 20:43]
R3 ce6230;Intel CE6230 Standalone USB Driver;C:\WINDOWS\system32\DRIVERS\CE6230StandaloneDriver.sys [2007-04-27 11:13]
R3 ce6230BDACAP;Realfine CE6230 BDA Driver;C:\WINDOWS\system32\DRIVERS\CE6230BDA.sys [2007-04-27 05:29]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 11:50]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 09:21:55 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-26 09:39:27 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-05-31 23:00:31 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-05-31 13:24:10 C:\WINDOWS\Tasks\WebReg Photosmart C6100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 20:17:29
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\cruzy\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-06-04 20:18:35
ComboFix-quarantined-files.txt 2008-06-04 18:18:21
Pre-Run: 4,795,133,952 octets libres
Post-Run: 4,820,365,312 octets libres
357 --- E O F --- 2008-05-28 06:39:12
ComboFix 08-06-03.4 - cruzy 2008-06-04 20:14:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1300 [GMT 2:00]
Endroit: C:\Documents and Settings\cruzy\Bureau\ze.exe
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\systeminfo.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.
2008-06-04 20:12 . 2008-06-04 20:13 <REP> d-------- C:\327882R2FWJFW
2008-06-04 19:30 . 2008-06-04 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-04 19:26 . 2008-06-04 19:26 <REP> d-------- C:\Program Files\SlySoft
2008-06-04 19:26 . 2008-06-04 19:26 0 ---hs---- C:\WINDOWS\SB2E57688.tmp
2008-06-03 16:00 . 2008-06-03 16:01 <REP> d-------- C:\www
2008-06-03 15:57 . 2008-06-03 15:58 <REP> d-------- C:\Program Files\EasyPHP 2.0b1
2008-06-03 14:49 . 2008-06-03 15:09 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\FileZilla
2008-06-03 14:45 . 2008-06-03 14:45 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-06-03 00:32 . 2008-06-03 00:32 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\DivX
2008-06-03 00:31 . 2008-06-03 00:31 <REP> d-------- C:\Program Files\DivX
2008-06-03 00:29 . 2008-06-03 00:29 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-06-03 00:28 . 2008-06-03 23:52 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-06-01 18:06 . 2008-06-01 18:06 <REP> d-------- C:\Program Files\SuperCopier2
2008-05-31 20:40 . 2008-06-01 22:35 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-31 13:04 . 2008-05-31 13:05 <REP> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-05-30 23:04 . 2008-05-31 18:59 <REP> d-------- C:\Program Files\Ant Movie Catalog
2008-05-30 22:29 . 2008-06-01 12:14 <REP> d-------- C:\Program Files\Team MediaPortal
2008-05-30 22:29 . 2008-06-01 12:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-05-30 19:30 . 2008-05-30 19:30 2,142 --a------ C:\WINDOWS\system32\ST6UNST.000
2008-05-30 14:09 . 2008-05-30 19:30 290,816 --------- C:\WINDOWS\Setup1.exe
2008-05-30 14:09 . 2008-05-30 19:30 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-30 13:37 . 2008-05-30 13:37 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-28 23:22 . 2008-05-28 23:47 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-28 23:02 . 2008-06-02 22:43 <REP> d-------- C:\Program Files\WinClamAVShield
2008-05-28 22:59 . 2008-06-04 17:16 <REP> d-------- C:\Program Files\Spyware Terminator
2008-05-28 22:59 . 2008-05-28 22:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 22:59 . 2008-06-04 17:16 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Spyware Terminator
2008-05-28 22:59 . 2008-06-04 13:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-28 22:59 . 2008-05-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 22:57 . 2008-05-28 22:57 <REP> d-------- C:\Program Files\SWF Opener
2008-05-28 22:43 . 2008-05-28 22:43 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\vlc
2008-05-28 22:23 . 2008-05-28 22:23 <REP> d-------- C:\Program Files\CCleaner
2008-05-28 21:52 . 2008-05-28 21:52 <REP> d-------- C:\Program Files\VideoLAN
2008-05-28 21:43 . 2008-05-28 22:40 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-28 19:28 . 2008-06-04 16:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 19:28 . 2008-05-28 19:28 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Malwarebytes
2008-05-28 19:28 . 2008-05-28 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 19:28 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 19:28 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 19:21 . 2008-05-28 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-28 19:16 . 2008-05-28 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-28 18:47 . 2008-05-28 18:47 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-28 18:40 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-28 18:40 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-28 18:33 . 2008-05-28 18:33 <REP> d-------- C:\Program Files\Bonjour
2008-05-28 18:27 . 2008-05-28 18:27 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-28 15:56 . 2008-05-28 19:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-28 13:22 . 2008-05-28 13:22 <REP> d-------- C:\WINDOWS\Sun
2008-05-28 12:45 . 2008-05-28 12:45 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-28 08:43 . 2008-05-28 08:43 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-28 08:43 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-28 08:43 . 2004-02-01 03:02 393,216 --a------ C:\WINDOWS\system32\LameACM.acm
2008-05-28 08:43 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-28 08:43 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-28 08:43 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-05-28 08:43 . 2004-01-25 18:18 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-28 08:43 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-28 08:43 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-28 08:43 . 2004-02-01 03:02 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-27 16:06 . 2008-05-27 16:06 2,521 --a------ C:\WINDOWS\system32\NMMediaServer.cfg
2008-05-27 16:05 . 2008-05-27 16:05 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Nero
2008-05-27 15:59 . 2008-06-04 20:00 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-27 15:41 . 2008-05-27 15:41 <REP> d-------- C:\Program Files\Nero
2008-05-27 15:41 . 2008-05-27 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-05-27 15:41 . 2008-05-27 15:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-27 15:28 . 2008-06-03 22:40 <REP> d-------- C:\Program Files\eMule
2008-05-27 14:58 . 2008-05-27 14:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-27 14:55 . 2008-06-04 13:25 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Azureus
2008-05-27 14:03 . 2008-05-27 14:03 <REP> d-------- C:\Program Files\Java
2008-05-27 14:03 . 2008-05-27 14:03 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-27 14:03 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\Program Files\EBP
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EBP
2008-05-27 11:38 . 2008-05-27 11:38 <REP> d-------- C:\Program Files\NFO viewer
2008-05-26 23:03 . 2008-05-26 23:03 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\Talkback
2008-05-26 20:47 . 2008-05-26 20:47 <REP> d-------- C:\Program Files\Extracteur Icones 3
2008-05-26 12:07 . 2008-05-26 12:07 <REP> d-------- C:\Program Files\Lavasoft
2008-05-26 12:07 . 2008-05-26 12:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-26 12:05 . 2008-05-26 12:05 <REP> d-------- C:\Program Files\Micro Application
2008-05-26 12:05 . 2003-04-03 09:43 1,524,736 --a------ C:\WINDOWS\MediaDicoDll.dll
2008-05-26 12:05 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-26 12:05 . 2002-01-04 17:13 229,444 --a------ C:\WINDOWS\RACHook.dll
2008-05-26 12:05 . 2001-12-23 20:34 199,680 --a------ C:\WINDOWS\MediaRAC.dll
2008-05-26 12:05 . 2008-05-26 12:05 1,951 --a------ C:\WINDOWS\MediaRAC.ini
2008-05-26 12:04 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-26 12:04 . 2008-05-26 12:04 385 --a------ C:\WINDOWS\ODBC.INI
2008-05-26 12:02 . 2008-05-26 12:03 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-05-26 12:02 . 2008-05-26 12:02 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-26 11:58 . 2008-05-28 21:44 1,823 --a------ C:\WINDOWS\mozver.dat
2008-05-26 11:52 . 2008-06-04 19:30 18,328 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-26 11:40 . 2008-05-26 23:53 <REP> d-------- C:\Program Files\SiteAdvisor
2008-05-26 11:40 . 2008-06-03 22:57 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\SiteAdvisor
2008-05-26 11:39 . 2008-05-26 11:39 <REP> d-------- C:\Program Files\McAfee.com
2008-05-26 11:39 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-26 11:39 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-26 11:39 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-26 11:39 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-26 11:39 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-26 11:39 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-26 11:38 . 2008-05-26 20:11 <REP> d-------- C:\Program Files\McAfee
2008-05-26 11:38 . 2008-05-26 11:53 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-05-26 11:38 . 2008-05-26 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-26 11:28 . 2008-05-26 11:28 <REP> d-------- C:\Program Files\Yahoo!
2008-05-26 11:22 . 2008-05-26 11:22 <REP> d-------- C:\Program Files\Webteh
2008-05-26 11:21 . 2008-05-26 11:21 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2008-05-26 11:21 . 2008-05-26 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-26 11:21 . 2008-05-26 11:21 <REP> d-------- C:\Documents and Settings\cruzy\Application Data\TuneUp Software
2008-05-26 11:21 . 2008-05-26 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-26 11:21 . 2007-01-17 14:47 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-24 16:11 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-24 16:11 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-24 16:11 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-24 16:11 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-24 16:11 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-24 16:11 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-24 16:11 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-24 16:11 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-24 16:11 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-24 16:07 . 2008-05-24 16:07 <REP> d-------- C:\Program Files\proDAD
2008-05-24 16:01 . 2008-05-24 16:01 <REP> d-------- C:\Program Files\AdorageI-SAL
2008-05-24 16:01 . 2008-05-24 16:01 <REP> d-------- C:\Program Files\AdorageI-GfxDatas
2008-05-24 15:54 . 2002-09-24 11:12 2,653,888 --a------ C:\WINDOWS\system32\LTRDG13n.OCX
2008-05-24 15:54 . 2002-09-24 11:12 534,192 --a------ C:\WINDOWS\system32\LTRVW13N.OCX
2008-05-24 15:54 . 2002-09-24 11:12 466,624 --a------ C:\WINDOWS\system32\LTRPR13n.DLL
2008-05-24 15:54 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 09:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 11:32 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-24 09:47 --------- d-----w C:\Program Files\PowerQuest
2008-05-24 09:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-24 09:39 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-24 09:37 --------- d-----w C:\Program Files\Analog Devices
2008-05-24 09:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-24 09:23 --------- d-----w C:\Program Files\Services en ligne
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:03 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" [2007-03-07 17:30 270336]
"Clavier+"="F:\Progs\Utililaires\Clavier\clavier +\Clavier.exe" [2006-11-29 15:08 69632]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 14:47 311816]
"MediaDico"="C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe" [2003-03-26 19:41 252416]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-28 13:10 2120640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-10 02:32 5513216]
"nwiz"="nwiz.exe" [2005-01-10 02:32 1490944 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-01-10 02:32 86016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-28 23:47 1817600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
C:\Documents and Settings\cruzy\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-28 23:47]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [2005-08-18 20:43]
R3 ce6230;Intel CE6230 Standalone USB Driver;C:\WINDOWS\system32\DRIVERS\CE6230StandaloneDriver.sys [2007-04-27 11:13]
R3 ce6230BDACAP;Realfine CE6230 BDA Driver;C:\WINDOWS\system32\DRIVERS\CE6230BDA.sys [2007-04-27 05:29]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 11:50]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 09:21:55 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-26 09:39:27 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-05-31 23:00:31 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-05-31 13:24:10 C:\WINDOWS\Tasks\WebReg Photosmart C6100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 20:17:29
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\cruzy\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-06-04 20:18:35
ComboFix-quarantined-files.txt 2008-06-04 18:18:21
Pre-Run: 4,795,133,952 octets libres
Post-Run: 4,820,365,312 octets libres
357 --- E O F --- 2008-05-28 06:39:12
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
merci de m'aider encore