Site s'ouvrant de manière intempestive
mahaut
-
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,
J'ai 1 site qui s'ouvre de manière intempestive et j'ai téléchargé "combofix", voici le résultat, j'espère que vous pourrez m'aider...merci d'avance
ComboFix 08-11-07.01 - Catherine 2008-11-09 14:34:27.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1965 [GMT 1:00]
Lancé depuis: c:\users\Catherine\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Conditions générales.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Confidentialité.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\MessengerSkinner.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.url
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.
2008-11-08 17:10 . 2008-11-08 17:10 <REP> d-------- c:\program files\MSN Reaper
2008-11-05 15:50 . 2008-11-05 15:50 <REP> d-------- c:\users\Catherine\AppData\Roaming\Ordigramme
2008-11-05 15:50 . 2008-11-05 15:50 <REP> d-------- c:\program files\eBayCenter
2008-11-05 15:50 . 2000-05-21 23:00 647,872 --a------ c:\windows\System32\MSComCt2.ocx
2008-11-05 15:50 . 2008-09-20 17:01 341,008 --a------ c:\windows\System32\HookMenu.ocx
2008-11-05 15:50 . 2000-10-01 23:00 119,568 --a------ c:\windows\System32\VB6FR.DLL
2008-11-05 15:50 . 2008-09-20 17:02 46,104 --a------ c:\windows\System32\VBTrayIcon.ocx
2008-11-03 16:00 . 2008-11-03 16:00 <REP> d-------- c:\users\Catherine\AppData\Roaming\Malwarebytes
2008-11-03 16:00 . 2008-11-03 16:00 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-03 16:00 . 2008-11-03 16:00 <REP> d-------- c:\programdata\Malwarebytes
2008-11-03 16:00 . 2008-11-03 16:00 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-03 16:00 . 2008-09-08 00:16 38,528 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-03 16:00 . 2008-09-08 00:16 17,200 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-01 17:55 . 2008-11-01 17:55 <REP> d-------- c:\users\Catherine\AppData\Roaming\Shareaza
2008-11-01 17:55 . 2008-11-01 21:21 <REP> d-------- c:\program files\Shareaza
2008-11-01 17:15 . 2008-11-01 17:15 <REP> d-------- c:\users\All Users\eMule
2008-11-01 17:15 . 2008-11-01 17:15 <REP> d-------- c:\programdata\eMule
2008-11-01 17:14 . 2008-11-01 17:14 <REP> d-------- c:\program files\eMule
2008-11-01 15:49 . 2008-11-01 15:51 <REP> d-------- c:\program files\Lecteur CANALPLAY
2008-11-01 15:41 . 2008-11-01 15:41 <REP> d-------- c:\users\Catherine\AppData\Roaming\FastStone
2008-11-01 15:34 . 2008-11-01 15:34 79 --a------ c:\windows\wininit.ini
2008-11-01 15:22 . 2008-11-01 15:22 <REP> d-------- c:\program files\Ice Clock 3D Screensaver
2008-11-01 15:22 . 2008-03-31 16:19 8,465,920 --a------ c:\windows\System32\Ice Clock 3D Screensaver.exe
2008-11-01 15:22 . 2008-03-28 18:55 829,440 --a------ c:\windows\System32\Ice_Clock_3D_Screensaver.scr
2008-11-01 15:20 . 2008-11-01 15:40 <REP> d-------- c:\users\Catherine\AppData\Roaming\Tunebite
2008-11-01 15:20 . 2008-11-01 15:21 <REP> d-------- c:\program files\FastStone Capture
2008-11-01 15:20 . 2008-02-20 13:47 27,936 --a------ c:\windows\System32\drivers\tbhsd.sys
2008-11-01 15:18 . 2008-11-01 15:18 <REP> d-------- c:\program files\RapidSolution
2008-11-01 15:18 . 2008-11-01 15:18 <REP> d-------- c:\program files\PixiePack Codec Pack
2008-11-01 15:08 . 2008-11-01 15:08 <REP> d-------- c:\windows\System32\3Planesoft
2008-11-01 15:08 . 2008-11-01 15:08 <REP> d-------- c:\program files\3Planesoft Screensaver Manager
2008-11-01 15:08 . 2008-03-28 17:08 458,752 --a------ c:\windows\System32\3Planesoft_Screensaver_Manager.scr
2008-11-01 15:07 . 2008-11-01 15:35 <REP> d-------- c:\users\All Users\RapidSolution
2008-11-01 15:07 . 2008-11-01 15:35 <REP> d-------- c:\programdata\RapidSolution
2008-11-01 15:07 . 2008-11-01 15:08 <REP> d-------- c:\program files\The One Ring 3D Screensaver
2008-11-01 15:07 . 2008-03-31 11:54 2,777,088 --a------ c:\windows\System32\The One Ring 3D Screensaver.exe
2008-11-01 15:07 . 2008-03-28 18:33 270,336 --a------ c:\windows\System32\The_One_Ring_3D_Screensaver.scr
2008-11-01 15:06 . 2008-11-09 14:54 <REP> d-------- c:\users\Catherine\.rainlendar2
2008-11-01 15:06 . 2008-11-01 15:06 <REP> d-------- c:\program files\Rainlendar2
2008-11-01 14:32 . 2008-11-01 14:32 <REP> d-------- c:\users\All Users\eBay
2008-11-01 14:32 . 2008-11-01 14:32 <REP> d-------- c:\programdata\eBay
2008-11-01 14:32 . 2008-11-01 14:32 <REP> d-------- c:\program files\eBay
2008-10-31 12:35 . 2008-11-02 15:43 <REP> d-------- c:\program files\MSN Messenger
2008-10-30 18:44 . 2008-10-31 21:06 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-10-30 18:44 . 2008-10-31 21:06 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-10-30 18:44 . 2008-11-01 08:22 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-10-30 18:38 . 2008-10-30 18:40 <REP> d-------- c:\users\All Users\Lavasoft
2008-10-30 18:38 . 2008-10-30 18:40 <REP> d-------- c:\programdata\Lavasoft
2008-10-30 16:30 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-30 16:30 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-30 16:30 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-30 13:44 . 2008-10-30 13:45 <REP> d-------- c:\users\All Users\CA
2008-10-30 13:44 . 2008-10-30 13:45 <REP> d-------- c:\programdata\CA
2008-10-30 13:44 . 2008-10-30 13:44 <REP> d-------- c:\program files\CA
2008-10-30 13:38 . 2008-10-30 13:38 <REP> d-------- c:\program files\Trend Micro
2008-10-30 12:39 . 2008-10-30 12:39 <REP> d-------- c:\users\All Users\Tenebril
2008-10-30 12:39 . 2008-10-30 12:39 <REP> d-------- c:\programdata\Tenebril
2008-10-30 12:39 . 2008-10-30 12:39 <REP> d-------- c:\program files\Tenebril
2008-10-30 09:17 . 2008-10-30 09:17 <REP> d-------- c:\program files\MSXML 4.0
2008-10-29 20:13 . 2008-10-29 20:13 <REP> d-------- c:\windows\System32\Logs
2008-10-29 20:13 . 2008-10-29 20:13 <REP> d-------- c:\users\Catherine\AppData\Roaming\BitDefender
2008-10-29 20:12 . 2008-10-29 20:17 <REP> d-------- c:\users\All Users\BitDefender
2008-10-29 20:12 . 2008-10-29 20:17 <REP> d-------- c:\programdata\BitDefender
2008-10-29 20:12 . 2008-10-29 20:13 <REP> d-------- c:\program files\BitDefender
2008-10-29 20:11 . 2008-10-29 20:13 <REP> d-------- c:\program files\Common Files\BitDefender
2008-10-29 12:56 . 2008-10-29 12:56 <REP> d-------- c:\users\All Users\Yahoo! Companion
2008-10-29 12:56 . 2008-10-29 12:56 <REP> d-------- c:\programdata\Yahoo! Companion
2008-10-28 21:48 . 2008-10-28 21:48 <REP> d-------- c:\program files\Yahoo!
2008-10-28 16:46 . 2008-10-28 16:46 1,044,480 -ra------ c:\windows\System32\roboex32.dll
2008-10-28 16:46 . 2008-10-28 16:46 49,152 -ra------ c:\windows\System32\inetwh32.dll
2008-10-26 14:56 . 2008-11-07 12:17 28,219 --a------ c:\users\Catherine\AppData\Roaming\nvModes.dat
2008-10-26 14:49 . 2008-10-26 14:49 <REP> d-------- c:\users\All Users\Stardock
2008-10-26 14:49 . 2008-10-26 14:49 <REP> d-------- c:\programdata\Stardock
2008-10-26 14:31 . 2000-07-21 12:05 518,416 --a------ c:\windows\System32\msxml.dll
2008-10-26 14:31 . 2002-01-05 07:40 487,424 --a------ c:\windows\System32\msvcp70.dll
2008-10-26 14:31 . 2002-01-05 08:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2008-10-26 14:31 . 2002-01-05 07:38 54,784 --a------ c:\windows\System32\msvci70.dll
2008-10-26 14:31 . 2000-10-20 01:05 25,088 --a------ c:\windows\System32\msxml3a.dll
2008-10-26 14:02 . 2008-10-26 14:31 <REP> d-------- c:\program files\Common Files\Stardock
2008-10-26 13:40 . 2008-10-26 13:40 <REP> d--h-c--- c:\users\All Users\{DE032019-B933-4DF4-9174-48C52613DA13}
2008-10-26 13:40 . 2008-10-26 13:40 <REP> d--h-c--- c:\programdata\{DE032019-B933-4DF4-9174-48C52613DA13}
2008-10-26 13:40 . 2008-10-26 14:49 <REP> d-------- c:\program files\Stardock
2008-10-26 12:34 . 2008-10-30 19:36 <REP> d-------- c:\program files\CEDP Stealer 6.0 for Messenger
2008-10-26 12:23 . 2008-10-26 12:23 <REP> d-------- c:\program files\Auslogics
2008-10-26 12:23 . 1998-06-24 01:00 115,016 --a------ c:\windows\System32\MSInet.ocx
2008-10-26 12:23 . 2000-07-15 00:00 101,888 --a------ c:\windows\System32\VB6STKIT.DLL
2008-10-26 12:23 . 1998-07-13 01:00 15,360 --a------ c:\windows\System32\INETFR.dll
2008-10-25 15:36 . 2004-03-08 23:00 609,824 --a------ c:\windows\System32\COMCTL32.ocx
2008-10-25 15:36 . 2004-03-08 23:00 212,240 --a------ c:\windows\System32\richtx32.OCX
2008-10-25 15:36 . 2004-03-08 21:00 152,848 --a------ c:\windows\System32\comdlg32.OCX
2008-10-25 15:36 . 2004-03-08 23:00 124,688 --a------ c:\windows\System32\MSWINSCK.ocx
2008-10-25 15:34 . 2008-10-25 16:03 <REP> d-------- c:\program files\MessengerDiscovery
2008-10-25 15:34 . 2006-07-11 18:35 348,160 --a------ c:\windows\System32\msvcr71.dll
2008-10-24 13:03 . 2008-10-24 13:03 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-23 16:22 . 2008-10-23 16:22 <REP> d-------- c:\users\All Users\FLEXnet
2008-10-23 16:22 . 2008-10-23 16:22 <REP> d-------- c:\programdata\FLEXnet
2008-10-23 15:42 . 2008-10-29 15:23 <REP> d-------- c:\users\Catherine\AppData\Roaming\F-Secure
2008-10-23 07:49 . 2008-10-30 16:21 <REP> d-------- c:\program files\Bonjour
2008-10-23 07:42 . 2008-10-23 07:42 <REP> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-23 07:19 . 2008-10-30 16:19 <REP> d-------- c:\program files\PowerISO
2008-10-22 11:42 . 2008-10-23 07:50 <REP> d-------- c:\users\All Users\Adobe
2008-10-22 11:39 . 2008-10-22 12:16 <REP> d-------- c:\users\All Users\NOS
2008-10-22 11:39 . 2008-10-22 12:16 <REP> d-------- c:\programdata\NOS
2008-10-22 11:39 . 2008-10-22 12:16 <REP> d-------- c:\program files\NOS
2008-10-22 11:33 . 2008-10-22 11:33 <REP> d-------- c:\program files\Hp
2008-10-21 16:29 . 2008-10-21 16:32 <REP> d-------- c:\program files\PhotoFiltre
2008-10-21 15:02 . 2008-11-09 14:41 <REP> d-------- c:\users\Catherine\AppData\Roaming\DNA
2008-10-21 15:02 . 2008-10-23 16:11 <REP> d-------- c:\users\Catherine\AppData\Roaming\BitTorrent
2008-10-21 15:02 . 2008-10-30 16:18 <REP> d-------- c:\program files\DNA
2008-10-21 15:02 . 2008-10-21 15:02 <REP> d-------- c:\program files\BitTorrent
2008-10-21 14:54 . 2008-10-21 14:54 <REP> d-------- c:\users\Adobe\Adobe Stock Photos CS3
2008-10-21 14:53 . 2008-10-21 14:54 <REP> d-------- c:\users\Adobe\Adobe Photoshop CS3
2008-10-21 14:53 . 2008-10-21 14:53 <REP> d-------- c:\users\Adobe\Adobe Photoshop CS2
2008-10-21 14:53 . 2008-10-21 14:53 <REP> d-------- c:\users\Adobe\Adobe Help Viewer
2008-10-21 14:52 . 2008-10-21 14:53 <REP> d-------- c:\users\Adobe\Adobe Device Central CS3
2008-10-21 14:51 . 2008-10-21 14:52 <REP> d-------- c:\users\Adobe\Adobe Bridge CS3
2008-10-21 14:51 . 2008-10-21 14:51 <REP> d-------- c:\users\Adobe\Adobe Bridge
2008-10-21 14:51 . 2008-10-21 14:51 <REP> d-------- c:\users\Adobe\Acrobat 7.0
2008-10-21 14:51 . 2008-10-21 14:54 <REP> d-------- c:\users\Adobe
2008-10-21 14:49 . 2008-10-21 14:50 <REP> d-------- c:\program files\Adobe Photoshop CS3
2008-10-21 14:12 . 2008-10-21 14:12 <REP> d-------- c:\users\Catherine\AppData\Roaming\Brother
2008-10-21 13:55 . 2008-11-07 13:09 434 --a------ c:\windows\BRWMARK.INI
2008-10-21 13:55 . 2008-11-07 13:09 27 --a------ c:\windows\BRPP2KA.INI
2008-10-21 13:51 . 2008-11-07 13:08 227 --a------ c:\windows\Brpfx04a.ini
2008-10-21 13:51 . 2008-11-07 13:08 93 --a------ c:\windows\brpcfx.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 12:30 174 --sha-w c:\program files\desktop.ini
2008-10-23 12:20 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-23 12:20 --------- d-----w c:\program files\Windows Mail
2008-10-23 12:20 --------- d-----w c:\program files\Windows Journal
2008-10-23 12:20 --------- d-----w c:\program files\Windows Collaboration
2008-10-23 12:20 --------- d-----w c:\program files\Windows Calendar
2008-10-23 11:59 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-23 11:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-19 14:07 --------- d-----w c:\program files\MSBuild
2008-10-17 15:44 --------- d-----w c:\program files\Microsoft Games
2008-10-17 14:50 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-17 14:50 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-17 14:50 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-17 14:50 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-17 14:50 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-17 14:33 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-10-16 15:21 --------- d-sh--w c:\programdata\Modèles
2008-10-16 15:21 --------- d-sh--w c:\programdata\Menu Démarrer
2008-10-16 15:21 --------- d-sh--w c:\programdata\Favoris
2008-10-16 15:21 --------- d-sh--w c:\programdata\Bureau
2008-10-16 15:21 --------- d-sh--w c:\program files\Fichiers communs
2008-08-28 08:50 30,720 ----a-w c:\windows\System32\soundschemes2.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 39408]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-10-21 289088]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-10-30 160592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-04-04 739936]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-14 814144]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-13 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-13 81920]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2008-04-04 182936]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-04 727592]
eBayCenter.lnk - c:\program files\eBayCenter\ebaycenter.exe [2008-11-05 297608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3602932860-3227844776-4121120085-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E7793A3-0842-41FE-ACC7-B81A15974E52}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{31464AC8-998E-4A43-9175-522A356946D9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07D8CDEA-034D-4350-A70C-A9ADB30B8DF2}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{E4005498-2C4D-4899-BAB6-A045CDEBFD96}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{509CDD9C-63FB-4C34-93C8-DD8A307FC114}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{7785BBA0-21BC-4AC9-8418-E5A16A7491BD}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{56A4A1E6-718B-4E5B-930E-E88572DF69AE}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{06C340D5-E354-4726-8990-C19F00529891}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{2C511DFC-888C-47D7-94CC-69C6D821B29D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BEF94329-85C2-43D6-ADD9-03AD0FABD5FE}"= UDP:c:\program files\RapidSolution\RS Audials One\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{5AA937EF-3430-490D-BF58-F37FA1EB64A8}"= TCP:c:\program files\RapidSolution\RS Audials One\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{67D96A72-D154-4F7A-B1E2-92C41D914974}"= UDP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
"{DC063384-7580-4282-948E-C997957F42EF}"= TCP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
"{31A5DC15-160C-4F25-9E07-60E3D0C4484D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{088D399F-20DE-4609-8C67-53127A995E5D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2008-07-25 212008]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure Internet Security\HIPS\fshs.sys [2008-10-30 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-04-04 34752]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-10-30 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2008-04-04 12896]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2007-12-10 305920]
R3 btwaudio;Périphérique audio Bluetooth;c:\windows\system32\drivers\btwaudio.sys [2007-12-12 80424]
R3 btwavdt;Bluetooth AVDT;c:\windows\system32\drivers\btwavdt.sys [2007-12-12 80936]
R3 btwrchid;btwrchid;c:\windows\system32\DRIVERS\btwrchid.sys [2007-12-12 16168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-04-04 62048]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-04-04 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-04-04 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2741a68f-9dc1-11dd-b70e-00218639261e}]
\shell\AutoRun\command - PortableVault.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad8ef706-9b92-11dd-940f-806e6f6e6963}]
\shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad8ef749-9b92-11dd-940f-c0766bc435c4}]
\shell\AutoRun\command - PortableVault.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-CanalPlayerHelper - c:\program files\Lecteur CANALPLAY\CanalPlayerHelper.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\ulcxjr9n.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\plugins\np_VR_OgloPlugin.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 14:52:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure Internet Security\Common\FSMA32.EXE
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\F-Secure Internet Security\Common\FSMB32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\stacsv.exe
c:\program files\F-Secure Internet Security\Common\FCH32.EXE
c:\program files\F-Secure Internet Security\Anti-Virus\fsqh.exe
c:\program files\F-Secure Internet Security\Common\FAMEH32.EXE
c:\program files\F-Secure Internet Security\FSPC\fspc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\F-Secure Internet Security\FSAUA\program\fsaua.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fssm32.exe
c:\program files\F-Secure Internet Security\FWES\program\fsdfwd.exe
c:\program files\F-Secure Internet Security\FSAUA\program\fsus.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsav32.exe
c:\windows\System32\conime.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\F-Secure Internet Security\FSGUI\fsguidll.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Heure de fin: 2008-11-09 15:12:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-09 13:59:20
Avant-CF: 55.950.761.984 octets libres
Après-CF: 55,809,228,800 octets libres
329 --- E O F --- 2008-11-08 11:37:46
J'ai 1 site qui s'ouvre de manière intempestive et j'ai téléchargé "combofix", voici le résultat, j'espère que vous pourrez m'aider...merci d'avance
ComboFix 08-11-07.01 - Catherine 2008-11-09 14:34:27.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1965 [GMT 1:00]
Lancé depuis: c:\users\Catherine\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Conditions générales.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Confidentialité.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\MessengerSkinner.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.url
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.
2008-11-08 17:10 . 2008-11-08 17:10 <REP> d-------- c:\program files\MSN Reaper
2008-11-05 15:50 . 2008-11-05 15:50 <REP> d-------- c:\users\Catherine\AppData\Roaming\Ordigramme
2008-11-05 15:50 . 2008-11-05 15:50 <REP> d-------- c:\program files\eBayCenter
2008-11-05 15:50 . 2000-05-21 23:00 647,872 --a------ c:\windows\System32\MSComCt2.ocx
2008-11-05 15:50 . 2008-09-20 17:01 341,008 --a------ c:\windows\System32\HookMenu.ocx
2008-11-05 15:50 . 2000-10-01 23:00 119,568 --a------ c:\windows\System32\VB6FR.DLL
2008-11-05 15:50 . 2008-09-20 17:02 46,104 --a------ c:\windows\System32\VBTrayIcon.ocx
2008-11-03 16:00 . 2008-11-03 16:00 <REP> d-------- c:\users\Catherine\AppData\Roaming\Malwarebytes
2008-11-03 16:00 . 2008-11-03 16:00 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-03 16:00 . 2008-11-03 16:00 <REP> d-------- c:\programdata\Malwarebytes
2008-11-03 16:00 . 2008-11-03 16:00 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-03 16:00 . 2008-09-08 00:16 38,528 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-03 16:00 . 2008-09-08 00:16 17,200 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-01 17:55 . 2008-11-01 17:55 <REP> d-------- c:\users\Catherine\AppData\Roaming\Shareaza
2008-11-01 17:55 . 2008-11-01 21:21 <REP> d-------- c:\program files\Shareaza
2008-11-01 17:15 . 2008-11-01 17:15 <REP> d-------- c:\users\All Users\eMule
2008-11-01 17:15 . 2008-11-01 17:15 <REP> d-------- c:\programdata\eMule
2008-11-01 17:14 . 2008-11-01 17:14 <REP> d-------- c:\program files\eMule
2008-11-01 15:49 . 2008-11-01 15:51 <REP> d-------- c:\program files\Lecteur CANALPLAY
2008-11-01 15:41 . 2008-11-01 15:41 <REP> d-------- c:\users\Catherine\AppData\Roaming\FastStone
2008-11-01 15:34 . 2008-11-01 15:34 79 --a------ c:\windows\wininit.ini
2008-11-01 15:22 . 2008-11-01 15:22 <REP> d-------- c:\program files\Ice Clock 3D Screensaver
2008-11-01 15:22 . 2008-03-31 16:19 8,465,920 --a------ c:\windows\System32\Ice Clock 3D Screensaver.exe
2008-11-01 15:22 . 2008-03-28 18:55 829,440 --a------ c:\windows\System32\Ice_Clock_3D_Screensaver.scr
2008-11-01 15:20 . 2008-11-01 15:40 <REP> d-------- c:\users\Catherine\AppData\Roaming\Tunebite
2008-11-01 15:20 . 2008-11-01 15:21 <REP> d-------- c:\program files\FastStone Capture
2008-11-01 15:20 . 2008-02-20 13:47 27,936 --a------ c:\windows\System32\drivers\tbhsd.sys
2008-11-01 15:18 . 2008-11-01 15:18 <REP> d-------- c:\program files\RapidSolution
2008-11-01 15:18 . 2008-11-01 15:18 <REP> d-------- c:\program files\PixiePack Codec Pack
2008-11-01 15:08 . 2008-11-01 15:08 <REP> d-------- c:\windows\System32\3Planesoft
2008-11-01 15:08 . 2008-11-01 15:08 <REP> d-------- c:\program files\3Planesoft Screensaver Manager
2008-11-01 15:08 . 2008-03-28 17:08 458,752 --a------ c:\windows\System32\3Planesoft_Screensaver_Manager.scr
2008-11-01 15:07 . 2008-11-01 15:35 <REP> d-------- c:\users\All Users\RapidSolution
2008-11-01 15:07 . 2008-11-01 15:35 <REP> d-------- c:\programdata\RapidSolution
2008-11-01 15:07 . 2008-11-01 15:08 <REP> d-------- c:\program files\The One Ring 3D Screensaver
2008-11-01 15:07 . 2008-03-31 11:54 2,777,088 --a------ c:\windows\System32\The One Ring 3D Screensaver.exe
2008-11-01 15:07 . 2008-03-28 18:33 270,336 --a------ c:\windows\System32\The_One_Ring_3D_Screensaver.scr
2008-11-01 15:06 . 2008-11-09 14:54 <REP> d-------- c:\users\Catherine\.rainlendar2
2008-11-01 15:06 . 2008-11-01 15:06 <REP> d-------- c:\program files\Rainlendar2
2008-11-01 14:32 . 2008-11-01 14:32 <REP> d-------- c:\users\All Users\eBay
2008-11-01 14:32 . 2008-11-01 14:32 <REP> d-------- c:\programdata\eBay
2008-11-01 14:32 . 2008-11-01 14:32 <REP> d-------- c:\program files\eBay
2008-10-31 12:35 . 2008-11-02 15:43 <REP> d-------- c:\program files\MSN Messenger
2008-10-30 18:44 . 2008-10-31 21:06 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-10-30 18:44 . 2008-10-31 21:06 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-10-30 18:44 . 2008-11-01 08:22 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-10-30 18:38 . 2008-10-30 18:40 <REP> d-------- c:\users\All Users\Lavasoft
2008-10-30 18:38 . 2008-10-30 18:40 <REP> d-------- c:\programdata\Lavasoft
2008-10-30 16:30 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-30 16:30 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-30 16:30 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-30 13:44 . 2008-10-30 13:45 <REP> d-------- c:\users\All Users\CA
2008-10-30 13:44 . 2008-10-30 13:45 <REP> d-------- c:\programdata\CA
2008-10-30 13:44 . 2008-10-30 13:44 <REP> d-------- c:\program files\CA
2008-10-30 13:38 . 2008-10-30 13:38 <REP> d-------- c:\program files\Trend Micro
2008-10-30 12:39 . 2008-10-30 12:39 <REP> d-------- c:\users\All Users\Tenebril
2008-10-30 12:39 . 2008-10-30 12:39 <REP> d-------- c:\programdata\Tenebril
2008-10-30 12:39 . 2008-10-30 12:39 <REP> d-------- c:\program files\Tenebril
2008-10-30 09:17 . 2008-10-30 09:17 <REP> d-------- c:\program files\MSXML 4.0
2008-10-29 20:13 . 2008-10-29 20:13 <REP> d-------- c:\windows\System32\Logs
2008-10-29 20:13 . 2008-10-29 20:13 <REP> d-------- c:\users\Catherine\AppData\Roaming\BitDefender
2008-10-29 20:12 . 2008-10-29 20:17 <REP> d-------- c:\users\All Users\BitDefender
2008-10-29 20:12 . 2008-10-29 20:17 <REP> d-------- c:\programdata\BitDefender
2008-10-29 20:12 . 2008-10-29 20:13 <REP> d-------- c:\program files\BitDefender
2008-10-29 20:11 . 2008-10-29 20:13 <REP> d-------- c:\program files\Common Files\BitDefender
2008-10-29 12:56 . 2008-10-29 12:56 <REP> d-------- c:\users\All Users\Yahoo! Companion
2008-10-29 12:56 . 2008-10-29 12:56 <REP> d-------- c:\programdata\Yahoo! Companion
2008-10-28 21:48 . 2008-10-28 21:48 <REP> d-------- c:\program files\Yahoo!
2008-10-28 16:46 . 2008-10-28 16:46 1,044,480 -ra------ c:\windows\System32\roboex32.dll
2008-10-28 16:46 . 2008-10-28 16:46 49,152 -ra------ c:\windows\System32\inetwh32.dll
2008-10-26 14:56 . 2008-11-07 12:17 28,219 --a------ c:\users\Catherine\AppData\Roaming\nvModes.dat
2008-10-26 14:49 . 2008-10-26 14:49 <REP> d-------- c:\users\All Users\Stardock
2008-10-26 14:49 . 2008-10-26 14:49 <REP> d-------- c:\programdata\Stardock
2008-10-26 14:31 . 2000-07-21 12:05 518,416 --a------ c:\windows\System32\msxml.dll
2008-10-26 14:31 . 2002-01-05 07:40 487,424 --a------ c:\windows\System32\msvcp70.dll
2008-10-26 14:31 . 2002-01-05 08:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2008-10-26 14:31 . 2002-01-05 07:38 54,784 --a------ c:\windows\System32\msvci70.dll
2008-10-26 14:31 . 2000-10-20 01:05 25,088 --a------ c:\windows\System32\msxml3a.dll
2008-10-26 14:02 . 2008-10-26 14:31 <REP> d-------- c:\program files\Common Files\Stardock
2008-10-26 13:40 . 2008-10-26 13:40 <REP> d--h-c--- c:\users\All Users\{DE032019-B933-4DF4-9174-48C52613DA13}
2008-10-26 13:40 . 2008-10-26 13:40 <REP> d--h-c--- c:\programdata\{DE032019-B933-4DF4-9174-48C52613DA13}
2008-10-26 13:40 . 2008-10-26 14:49 <REP> d-------- c:\program files\Stardock
2008-10-26 12:34 . 2008-10-30 19:36 <REP> d-------- c:\program files\CEDP Stealer 6.0 for Messenger
2008-10-26 12:23 . 2008-10-26 12:23 <REP> d-------- c:\program files\Auslogics
2008-10-26 12:23 . 1998-06-24 01:00 115,016 --a------ c:\windows\System32\MSInet.ocx
2008-10-26 12:23 . 2000-07-15 00:00 101,888 --a------ c:\windows\System32\VB6STKIT.DLL
2008-10-26 12:23 . 1998-07-13 01:00 15,360 --a------ c:\windows\System32\INETFR.dll
2008-10-25 15:36 . 2004-03-08 23:00 609,824 --a------ c:\windows\System32\COMCTL32.ocx
2008-10-25 15:36 . 2004-03-08 23:00 212,240 --a------ c:\windows\System32\richtx32.OCX
2008-10-25 15:36 . 2004-03-08 21:00 152,848 --a------ c:\windows\System32\comdlg32.OCX
2008-10-25 15:36 . 2004-03-08 23:00 124,688 --a------ c:\windows\System32\MSWINSCK.ocx
2008-10-25 15:34 . 2008-10-25 16:03 <REP> d-------- c:\program files\MessengerDiscovery
2008-10-25 15:34 . 2006-07-11 18:35 348,160 --a------ c:\windows\System32\msvcr71.dll
2008-10-24 13:03 . 2008-10-24 13:03 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-23 16:22 . 2008-10-23 16:22 <REP> d-------- c:\users\All Users\FLEXnet
2008-10-23 16:22 . 2008-10-23 16:22 <REP> d-------- c:\programdata\FLEXnet
2008-10-23 15:42 . 2008-10-29 15:23 <REP> d-------- c:\users\Catherine\AppData\Roaming\F-Secure
2008-10-23 07:49 . 2008-10-30 16:21 <REP> d-------- c:\program files\Bonjour
2008-10-23 07:42 . 2008-10-23 07:42 <REP> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-23 07:19 . 2008-10-30 16:19 <REP> d-------- c:\program files\PowerISO
2008-10-22 11:42 . 2008-10-23 07:50 <REP> d-------- c:\users\All Users\Adobe
2008-10-22 11:39 . 2008-10-22 12:16 <REP> d-------- c:\users\All Users\NOS
2008-10-22 11:39 . 2008-10-22 12:16 <REP> d-------- c:\programdata\NOS
2008-10-22 11:39 . 2008-10-22 12:16 <REP> d-------- c:\program files\NOS
2008-10-22 11:33 . 2008-10-22 11:33 <REP> d-------- c:\program files\Hp
2008-10-21 16:29 . 2008-10-21 16:32 <REP> d-------- c:\program files\PhotoFiltre
2008-10-21 15:02 . 2008-11-09 14:41 <REP> d-------- c:\users\Catherine\AppData\Roaming\DNA
2008-10-21 15:02 . 2008-10-23 16:11 <REP> d-------- c:\users\Catherine\AppData\Roaming\BitTorrent
2008-10-21 15:02 . 2008-10-30 16:18 <REP> d-------- c:\program files\DNA
2008-10-21 15:02 . 2008-10-21 15:02 <REP> d-------- c:\program files\BitTorrent
2008-10-21 14:54 . 2008-10-21 14:54 <REP> d-------- c:\users\Adobe\Adobe Stock Photos CS3
2008-10-21 14:53 . 2008-10-21 14:54 <REP> d-------- c:\users\Adobe\Adobe Photoshop CS3
2008-10-21 14:53 . 2008-10-21 14:53 <REP> d-------- c:\users\Adobe\Adobe Photoshop CS2
2008-10-21 14:53 . 2008-10-21 14:53 <REP> d-------- c:\users\Adobe\Adobe Help Viewer
2008-10-21 14:52 . 2008-10-21 14:53 <REP> d-------- c:\users\Adobe\Adobe Device Central CS3
2008-10-21 14:51 . 2008-10-21 14:52 <REP> d-------- c:\users\Adobe\Adobe Bridge CS3
2008-10-21 14:51 . 2008-10-21 14:51 <REP> d-------- c:\users\Adobe\Adobe Bridge
2008-10-21 14:51 . 2008-10-21 14:51 <REP> d-------- c:\users\Adobe\Acrobat 7.0
2008-10-21 14:51 . 2008-10-21 14:54 <REP> d-------- c:\users\Adobe
2008-10-21 14:49 . 2008-10-21 14:50 <REP> d-------- c:\program files\Adobe Photoshop CS3
2008-10-21 14:12 . 2008-10-21 14:12 <REP> d-------- c:\users\Catherine\AppData\Roaming\Brother
2008-10-21 13:55 . 2008-11-07 13:09 434 --a------ c:\windows\BRWMARK.INI
2008-10-21 13:55 . 2008-11-07 13:09 27 --a------ c:\windows\BRPP2KA.INI
2008-10-21 13:51 . 2008-11-07 13:08 227 --a------ c:\windows\Brpfx04a.ini
2008-10-21 13:51 . 2008-11-07 13:08 93 --a------ c:\windows\brpcfx.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 12:30 174 --sha-w c:\program files\desktop.ini
2008-10-23 12:20 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-23 12:20 --------- d-----w c:\program files\Windows Mail
2008-10-23 12:20 --------- d-----w c:\program files\Windows Journal
2008-10-23 12:20 --------- d-----w c:\program files\Windows Collaboration
2008-10-23 12:20 --------- d-----w c:\program files\Windows Calendar
2008-10-23 11:59 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-23 11:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-19 14:07 --------- d-----w c:\program files\MSBuild
2008-10-17 15:44 --------- d-----w c:\program files\Microsoft Games
2008-10-17 14:50 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-17 14:50 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-17 14:50 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-17 14:50 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-17 14:50 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-17 14:33 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2008-10-16 15:21 --------- d-sh--w c:\programdata\Modèles
2008-10-16 15:21 --------- d-sh--w c:\programdata\Menu Démarrer
2008-10-16 15:21 --------- d-sh--w c:\programdata\Favoris
2008-10-16 15:21 --------- d-sh--w c:\programdata\Bureau
2008-10-16 15:21 --------- d-sh--w c:\program files\Fichiers communs
2008-08-28 08:50 30,720 ----a-w c:\windows\System32\soundschemes2.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 39408]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-10-21 289088]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-10-30 160592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-04-04 739936]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-14 814144]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-13 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-13 81920]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2008-04-04 182936]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-04 727592]
eBayCenter.lnk - c:\program files\eBayCenter\ebaycenter.exe [2008-11-05 297608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3602932860-3227844776-4121120085-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E7793A3-0842-41FE-ACC7-B81A15974E52}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{31464AC8-998E-4A43-9175-522A356946D9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07D8CDEA-034D-4350-A70C-A9ADB30B8DF2}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{E4005498-2C4D-4899-BAB6-A045CDEBFD96}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{509CDD9C-63FB-4C34-93C8-DD8A307FC114}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{7785BBA0-21BC-4AC9-8418-E5A16A7491BD}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{56A4A1E6-718B-4E5B-930E-E88572DF69AE}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{06C340D5-E354-4726-8990-C19F00529891}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{2C511DFC-888C-47D7-94CC-69C6D821B29D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BEF94329-85C2-43D6-ADD9-03AD0FABD5FE}"= UDP:c:\program files\RapidSolution\RS Audials One\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{5AA937EF-3430-490D-BF58-F37FA1EB64A8}"= TCP:c:\program files\RapidSolution\RS Audials One\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{67D96A72-D154-4F7A-B1E2-92C41D914974}"= UDP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
"{DC063384-7580-4282-948E-C997957F42EF}"= TCP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
"{31A5DC15-160C-4F25-9E07-60E3D0C4484D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{088D399F-20DE-4609-8C67-53127A995E5D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2008-07-25 212008]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure Internet Security\HIPS\fshs.sys [2008-10-30 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-04-04 34752]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-10-30 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2008-04-04 12896]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2007-12-10 305920]
R3 btwaudio;Périphérique audio Bluetooth;c:\windows\system32\drivers\btwaudio.sys [2007-12-12 80424]
R3 btwavdt;Bluetooth AVDT;c:\windows\system32\drivers\btwavdt.sys [2007-12-12 80936]
R3 btwrchid;btwrchid;c:\windows\system32\DRIVERS\btwrchid.sys [2007-12-12 16168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-04-04 62048]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-04-04 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-04-04 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2741a68f-9dc1-11dd-b70e-00218639261e}]
\shell\AutoRun\command - PortableVault.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad8ef706-9b92-11dd-940f-806e6f6e6963}]
\shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad8ef749-9b92-11dd-940f-c0766bc435c4}]
\shell\AutoRun\command - PortableVault.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-CanalPlayerHelper - c:\program files\Lecteur CANALPLAY\CanalPlayerHelper.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\ulcxjr9n.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\plugins\np_VR_OgloPlugin.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 14:52:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure Internet Security\Common\FSMA32.EXE
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\F-Secure Internet Security\Common\FSMB32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\stacsv.exe
c:\program files\F-Secure Internet Security\Common\FCH32.EXE
c:\program files\F-Secure Internet Security\Anti-Virus\fsqh.exe
c:\program files\F-Secure Internet Security\Common\FAMEH32.EXE
c:\program files\F-Secure Internet Security\FSPC\fspc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\F-Secure Internet Security\FSAUA\program\fsaua.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fssm32.exe
c:\program files\F-Secure Internet Security\FWES\program\fsdfwd.exe
c:\program files\F-Secure Internet Security\FSAUA\program\fsus.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsav32.exe
c:\windows\System32\conime.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\F-Secure Internet Security\FSGUI\fsguidll.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Heure de fin: 2008-11-09 15:12:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-09 13:59:20
Avant-CF: 55.950.761.984 octets libres
Après-CF: 55,809,228,800 octets libres
329 --- E O F --- 2008-11-08 11:37:46
A voir également:
- Site s'ouvrant de manière intempestive
- Site de telechargement - Accueil - Outils
- Site x - Guide
- Site de partage de photos - Guide
- Quel site remplace coco - Accueil - Réseaux sociaux
- Meilleur site de vente entre particulier - Guide
