Sujet Précédent Sujet Suivant

Popups adultfriendfinder casino antivirus2009

Résolu/Fermé
lousticvoyager Messages postés 30 Date d'inscription lundi 1 décembre 2008 Statut Membre Dernière intervention 11 mars 2014 - 1 déc. 2008 à 21:06
lousticvoyager Messages postés 30 Date d'inscription lundi 1 décembre 2008 Statut Membre Dernière intervention 11 mars 2014 - 11 déc. 2008 à 23:50
Bonjour,

Voilà le problème comme indiqué dans le titre, avec en plus des erreurs de script, des ralentissements et même parfois pire, l'ordinateur complètement figé.

Ca fait 3 jours que j'essaie de m'en débarasser avec antivir, spybot, ad-aware, superantispyware, navilog, ccleaner, trojanhunter, combofix, spyware terminator, vundofix etc...

Rien n'a marché, le plus efficace semblait être navilog et spyware terminator mais la vermine s'est à nouveau répandue dans l'ordi après redémarrage.

Dans windows system 32 il y a un sale dll appelé gurelido.dll qui n'arrête pas de se recréer essaye d'infecter toutes sortes de choses.

Voilà le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02, on 2008-12-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Nicolas\Bureau\Games\utorrent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\cmd.execf
C:\WINDOWS\system32\findstr.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Documents and Settings\Nicolas\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53E12A99-CD13-4EBF-A367-346453B0DDCD} - C:\WINDOWS\system32\khfFUOig.dll (file missing)
O2 - BHO: (no name) - {66b8516a-c4fd-4bf2-b96c-ee0f74419d30} - C:\WINDOWS\system32\viruvupe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [c8584b90] rundll32.exe "C:\WINDOWS\system32\zuzisoge.dll",b
O4 - HKLM\..\Run: [CPMcb6b780c] Rundll32.exe "C:\WINDOWS\system32\suzeyiji.dll",a
O4 - HKLM\..\Run: [seyofudavu] Rundll32.exe "C:\WINDOWS\system32\gurelido.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [seyofudavu] Rundll32.exe "C:\WINDOWS\system32\gurelido.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Graph.lnk = C:\WINDOWS\system32\Graphic.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - https://www.hanbiton.com/home/error.aspx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} (WinlessActiveX Control) - http://www.pangya.com/PangyaLauncher/PangyaLauncher.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{645DDFA0-4DDA-4CAC-B3F5-2A656C7C1178}: NameServer = 192.168.1.1,213.36.80.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CACC0F3E-96B9-47BA-8752-97751D917011}: NameServer = 192.168.1.1,213.36.80.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: aasmrr.dll C:\WINDOWS\system32\buzalevu.dll c:\windows\system32\suzeyiji.dll
O20 - Winlogon Notify: ssqRHYrS - ssqRHYrS.dll (file missing)
O20 - Winlogon Notify: yayaWnom - yayaWnom.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\suzeyiji.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\suzeyiji.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: {crel0ntrcsa - Unknown owner - (no file)

21 réponses

Précédent
  • 1
  • 2
Réponse 21 / 21
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 déc. 2008 à 21:49
Re,

OK,

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
0
lousticvoyager Messages postés 30 Date d'inscription lundi 1 décembre 2008 Statut Membre Dernière intervention 11 mars 2014
11 déc. 2008 à 23:50
ComboFix 08-12-11.03 - Nicolas 2008-12-11 23:34:34.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.905 [GMT 1:00]
Lancé depuis: c:\documents and settings\Nicolas\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.

2008-12-11 01:17 . 2008-12-11 01:56 <REP> d-------- c:\program files\UsbFix
2008-12-11 00:57 . 2004-08-04 00:54 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-11 00:57 . 2004-08-04 00:54 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-10 14:32 . 2008-12-10 14:33 <REP> d-------- c:\program files\Yahoo!
2008-12-06 00:29 . 2008-12-06 00:29 <REP> d-------- C:\rsit
2008-12-02 02:35 . 2008-12-02 02:35 <REP> d-------- c:\program files\MSXML 4.0
2008-12-02 02:34 . 2008-12-10 22:44 1,393 --a------ c:\windows\imsins.BAK
2008-12-02 01:32 . 2008-12-11 01:08 <REP> d-------- C:\ToolBar SD
2008-12-02 01:18 . 2008-12-02 01:18 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-02 01:18 . 2008-12-02 01:18 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-02 01:18 . 2008-12-02 01:18 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-02 01:18 . 2008-12-02 01:18 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-30 23:53 . 2008-12-11 22:14 1,307 --a------ c:\windows\system32\BIN_STRSBW.SPT
2008-11-30 22:58 . 2008-12-10 14:19 <REP> d-------- c:\program files\Spyware Terminator
2008-11-30 22:58 . 2008-12-10 15:01 <REP> d-------- c:\documents and settings\Nicolas\Application Data\Spyware Terminator
2008-11-30 22:58 . 2008-12-11 19:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-30 22:58 . 2008-11-30 22:58 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-30 15:46 . 2008-11-30 23:53 <REP> d-------- c:\documents and settings\Nicolas\Application Data\SUPERAntiSpyware.com
2008-11-30 15:46 . 2008-11-30 15:46 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 14:33 . 2008-11-30 14:33 <REP> d-------- c:\program files\CCleaner
2008-11-29 21:26 . 2008-11-29 21:26 <REP> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-11-29 21:10 . 2008-12-11 01:02 <REP> d-------- c:\documents and settings\Nicolas\Application Data\GameHouse
2008-11-29 13:49 . 2008-11-30 23:53 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-29 00:13 . 2008-11-29 00:13 <REP> d-------- c:\documents and settings\Nicolas\Application Data\Pogo Games
2008-11-29 00:02 . 2008-11-29 00:02 <REP> d-------- c:\program files\Pogo To Go
2008-11-28 23:57 . 2008-11-30 00:43 <REP> d-------- C:\Lop SD
2008-11-28 22:25 . 2008-11-28 22:25 0 --a------ c:\windows\LiveBilliards.INI
2008-11-28 22:08 . 2008-11-30 16:22 <REP> d-------- c:\program files\Live Billiards Deluxe
2008-11-27 21:18 . 2007-08-05 00:13 <REP> d-------- c:\program files\help
2008-11-27 21:18 . 2007-08-05 00:13 <REP> d-------- c:\program files\data
2008-11-27 21:18 . 2004-10-18 17:04 161,280 --a------ c:\program files\fmod.dll
2008-11-27 21:18 . 2008-11-27 21:21 8 --a------ c:\program files\temp.dat
2008-11-27 21:17 . 2008-09-15 14:37 196,608 --a------ c:\windows\system32\Graphic.exe
2008-11-27 20:18 . 2008-11-27 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 20:18 . 2008-11-27 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\MinigolfAdventures
2008-11-27 20:10 . 2008-11-30 23:50 <REP> d-------- c:\windows\3D Ultra Minigolf Adventures
2008-11-25 21:05 . 2008-11-25 21:06 <REP> d-------- c:\program files\uusee
2008-11-25 14:42 . 2008-11-25 14:42 <REP> d-------- c:\windows\Rocket Bowl
2008-11-25 14:40 . 2008-11-25 14:40 <REP> d-------- c:\windows\Gutterball 2
2008-11-25 14:30 . 2008-11-25 14:30 <REP> d-------- c:\windows\Saints & Sinners Bowling
2008-11-25 14:30 . 2008-11-25 14:43 <REP> d-------- c:\program files\Saints & Sinners Bowling
2008-11-23 15:26 . 2008-11-23 15:26 <REP> d-------- c:\documents and settings\All Users\Application Data\HipSoft
2008-11-23 15:24 . 2008-11-23 15:25 <REP> d-------- c:\program files\Flip Words 2
2008-11-23 00:44 . 2008-11-23 00:44 <REP> d-------- c:\windows\Elf Bowling - Hawaiian Vacation
2008-11-23 00:44 . 2008-11-23 00:44 <REP> d-------- c:\program files\Elf Bowling - Hawaiian Vacation
2008-11-23 00:44 . 2008-11-24 22:00 <REP> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo
2008-11-22 20:49 . 2008-11-22 20:49 <REP> d-------- c:\program files\Veetle
2008-11-22 20:49 . 2008-11-22 20:49 48,396 --a------ c:\windows\UninstVeetleTVPlayer.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 22:38 16,920,608 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-11 16:37 200,960 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-11 15:58 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-11 13:17 2,446,336 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-12-11 00:02 --------- d-----w c:\documents and settings\Nicolas\Application Data\uTorrent
2008-12-10 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 13:33 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-10 12:39 2,410,496 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-12-10 12:32 2,410,496 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-12-08 13:00 2,408,448 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-12-08 01:50 2,416,640 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-12-07 14:36 2,407,424 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-12-07 14:16 2,407,424 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-12-06 07:46 2,404,352 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-12-06 07:30 2,404,352 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-05 22:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-03 13:55 --------- d-----w c:\program files\Winamp
2008-12-02 20:55 2,386,432 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-12-02 19:24 --------- d-----w c:\program files\BFG
2008-12-02 11:41 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-02 01:18 8,394,808 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-02 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-02 00:23 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-01 21:46 2,334,720 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-11-30 22:51 --------- d-----w c:\program files\Navilog1
2008-11-29 22:25 --------- d-----w c:\program files\uTorrent
2008-11-29 20:35 --------- d-----w c:\program files\GameHouse
2008-11-29 13:55 --------- d-----w c:\program files\MagicISO
2008-11-29 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-29 12:53 --------- d-----w c:\program files\Lavasoft
2008-11-28 23:44 --------- d-----w c:\program files\eMule
2008-11-27 20:21 552 ----a-w c:\program files\saved.cfg
2008-11-27 20:21 3,902 ----a-w c:\program files\log.txt
2008-11-27 20:20 0 ----a-w c:\program files\Console.log
2008-11-27 20:20 --------- d-----w c:\program files\temp
2008-11-14 15:39 --------- d-----w c:\program files\Ricochet Infinity
2008-11-10 11:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 19:45 2,097,664 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-10-27 17:59 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-27 17:45 --------- d-----w c:\documents and settings\Nicolas\Application Data\OpenOffice.org
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-19 23:39 --------- d-----w c:\documents and settings\Nicolas\Application Data\Infothek Scan
2008-10-19 22:27 --------- d-----w c:\program files\ma-config.com
2008-10-19 22:27 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-10-18 21:11 --------- d-----w c:\program files\Micro Application
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-12 12:34 --------- d-----w c:\documents and settings\Nicolas\Application Data\Skyline
2008-10-12 00:54 --------- d-----w c:\program files\Skyline
2008-10-12 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\Skyline
2008-10-11 15:19 --------- d-----w c:\program files\TVUPlayer
2008-10-11 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 11:33 1,965,568 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-01-13 01:14 19,864 ----a-w c:\documents and settings\Nicolas\Application Data\GDIPFONTCACHEV1.DAT
2005-05-06 13:30 75 ----a-w c:\program files\config.cfg
2002-08-27 16:40 55,313 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2002-04-16 10:27 5 --sha-w c:\windows\system32\CdI5T.drv
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-05 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 ef7834c1d9ddf4c7da697d8c24a03791 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 ef7834c1d9ddf4c7da697d8c24a03791 c:\windows\system32\drivers\tcpip.sys

2006-08-03 02:54 506368 86db0fdaf2591c86389d36cf44658cfe c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-02_14.53.38.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 08:11:45 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 08:11:45 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 08:11:45 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 08:11:45 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 08:11:45 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:39:40 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 08:11:45 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 08:11:45 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 08:11:46 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 08:11:46 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:12:27 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 08:11:48 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 08:11:48 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 08:11:49 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 08:11:49 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 08:11:49 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 09:11:52 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 08:11:52 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 08:11:52 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 08:11:52 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 08:11:52 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 08:11:52 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 08:11:52 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 08:11:53 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 08:11:53 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 08:11:54 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-12-02 01:52:21 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-10 21:45:06 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-02 01:52:22 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-10 21:45:07 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-02 01:52:21 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-10 21:45:07 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-02 01:52:22 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-10 21:45:07 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-02 01:52:22 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-10 21:45:07 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-02 01:52:22 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-10 21:45:07 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-02 01:52:21 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-10 21:45:07 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-02 01:52:21 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-10 21:45:07 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-02 01:52:22 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-10 21:45:07 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-02 01:52:22 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-10 21:45:07 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-02 01:52:21 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-10 21:45:07 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
- 2008-08-26 08:11:45 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 08:11:45 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:18:31 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-07-18 21:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-08-26 08:11:45 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:18:31 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 08:11:45 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:18:31 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 08:11:45 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:18:31 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:00 282,624 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:00:15 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 08:11:45 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:39:40 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:12:20 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 08:11:45 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:18:32 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 08:11:45 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:18:32 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 08:11:46 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 08:11:46 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:18:32 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:12:27 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 08:11:48 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:18:35 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 08:11:48 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 08:11:49 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:18:36 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 19:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 08:11:49 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 08:11:49 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 09:11:52 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-17 00:48:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 08:11:52 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:18:40 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 08:11:52 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:18:40 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 08:11:52 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:18:41 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 08:11:52 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:18:41 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 08:11:52 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:18:41 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-24 11:19:40 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:17:02 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 08:11:52 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:18:41 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 08:11:53 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:18:42 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 08:11:53 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:18:42 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 08:11:54 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:18:43 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-18 20:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 20:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-18 21:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 21:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-18 21:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-18 21:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-18 21:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-18 21:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-08-26 08:11:45 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 08:11:45 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 08:11:45 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-26 08:11:45 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:39:40 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 08:11:45 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 08:11:45 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 08:11:46 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 08:11:46 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:12:27 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 08:11:48 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 08:11:48 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 08:11:49 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-18 19:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-04-12 15:38:18 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-12-10 13:34:49 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-11-03 15:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 08:11:49 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 08:11:49 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 09:11:52 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 00:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 08:11:52 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 08:11:52 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 08:11:52 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 08:11:52 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 08:11:52 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 08:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2007-03-21 18:54:16 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL
+ 2007-04-09 16:09:44 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL
- 2007-03-21 18:54:16 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE
+ 2007-04-09 16:09:44 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE
- 2007-03-21 18:54:16 69,632 ----a-w c:\windows\system32\TWUNK_32.EXE
+ 2007-04-09 16:09:44 69,632 ----a-w c:\windows\system32\TWUNK_32.EXE
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 08:11:52 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 08:11:53 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 08:11:53 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-18 20:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 20:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-11 16:39:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_dc8.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-30 2246144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.D263"= xl_x263dec.dll
"VIDC.XJPG"= camfc.dll
"MSVideo"= ucdvfw.dll
"VIDC.YV12"= xl_yv12.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-10 23:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-30 14:45 1829712 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-05 13:00 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Nicolas\\Bureau\\Games\\utorrent.exe"=
"c:\\Program Files\\sina\\SAP\\SAPlatform.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2005-06-01 97920]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-30 142592]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-08-04 3712]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys []
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys []
S2 AVWEBCAM;AVWebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2007-12-15 12416]
S3 {crel0ntrcsa;{crel0ntrcsa; []
S3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [2008-08-13 72192]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-09-02 191656]
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\DRIVERS\MRVW225.sys [2007-06-01 299904]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\DRIVERS\ucdnt.sys [2006-08-03 899980]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS []
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys []
.
Contenu du dossier 'Tâches planifiées'

2008-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
TCP: {645DDFA0-4DDA-4CAC-B3F5-2A656C7C1178} = 192.168.1.1,213.36.80.1
TCP: {CACC0F3E-96B9-47BA-8752-97751D917011} = 192.168.1.1,213.36.80.1
FF - ProfilePath - c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\i7xbauyw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\i7xbauyw.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\i7xbauyw.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 23:38:08
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
Heure de fin: 2008-12-11 23:39:29
ComboFix-quarantined-files.txt 2008-12-11 22:39:18

Avant-CF: 47,668,723,712 octets libres
Après-CF: 48,691,564,544 octets libres

471 --- E O F --- 2008-12-11 16:50:59
0

Discussions similaires

Cresus Casino , vos avis ?
jojo130166 -
dailybet -

16 réponses
Cresus Casino : retrait
Pedrito400 -
alex -

116 réponses
Cresus casino avis
Abdela0101 -
bazfile -

1 réponse
Vous connaissez Cresus Casino ? Quel est votre avis ?
MirD73@ -
Moos -

165 réponses
Cresus Casino compte bloqué. Est-ce une arnaque ?
nykko69 -
bazfile -

10 réponses