Ordi lent
Fermé
Dino70
Messages postés
35
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, mon ordi est lent sur le web est des pages ouvre inutilement , aussi j'ai installé NOD 32 et il ne trouve rien, quand je vais voir mes email sur MSN c trèes long.Je vous envoie le rapport de Hijackthis et il me manque des .dll
Merci
Dino
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:15, on 2008-12-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2a3e48f3-cb90-4718-8a33-59bb065a3370} - C:\WINDOWS\System32\gomakoju.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CB0C8C1D-0391-4B42-ACB5-F251E4A77DCD} - C:\WINDOWS\System32\awttq.dll (file missing)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - (no file)
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [belugusuba] Rundll32.exe "C:\WINDOWS\System32\yoyikofu.dll",s
O4 - HKLM\..\Run: [684abae0] rundll32.exe "C:\WINDOWS\System32\fafaropu.dll",b
O4 - HKLM\..\Run: [CPM6b79897c] Rundll32.exe "c:\windows\system32\woruwiva.dll",a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKCU\..\Run: [AdWare SpyWare Blocker and Removal] C:\Program Files\AdWare SpyWare Blocker and Removal\AdWare SpyWare Blocker and Removal.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [belugusuba] Rundll32.exe "C:\WINDOWS\System32\yoyikofu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [belugusuba] Rundll32.exe "C:\WINDOWS\System32\yoyikofu.dll",s (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\webaduba.dll c:\windows\system32\woruwiva.dll
O20 - Winlogon Notify: qomkjhi - qomkjhi.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woruwiva.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woruwiva.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O24 - Desktop Component 0: (no name) - http://bl146w.blu146.mail.live.com/|0|8CA804C9AB6FF50|
O24 - Desktop Component 1: (no name) - http://elcaminocentral.com/albums/album13/lside2_03.sized.jpg
End of file - 6137 bytes
Merci
Dino
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:15, on 2008-12-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2a3e48f3-cb90-4718-8a33-59bb065a3370} - C:\WINDOWS\System32\gomakoju.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CB0C8C1D-0391-4B42-ACB5-F251E4A77DCD} - C:\WINDOWS\System32\awttq.dll (file missing)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - (no file)
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [belugusuba] Rundll32.exe "C:\WINDOWS\System32\yoyikofu.dll",s
O4 - HKLM\..\Run: [684abae0] rundll32.exe "C:\WINDOWS\System32\fafaropu.dll",b
O4 - HKLM\..\Run: [CPM6b79897c] Rundll32.exe "c:\windows\system32\woruwiva.dll",a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKCU\..\Run: [AdWare SpyWare Blocker and Removal] C:\Program Files\AdWare SpyWare Blocker and Removal\AdWare SpyWare Blocker and Removal.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [belugusuba] Rundll32.exe "C:\WINDOWS\System32\yoyikofu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [belugusuba] Rundll32.exe "C:\WINDOWS\System32\yoyikofu.dll",s (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\webaduba.dll c:\windows\system32\woruwiva.dll
O20 - Winlogon Notify: qomkjhi - qomkjhi.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woruwiva.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woruwiva.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O24 - Desktop Component 0: (no name) - http://bl146w.blu146.mail.live.com/|0|8CA804C9AB6FF50|
O24 - Desktop Component 1: (no name) - http://elcaminocentral.com/albums/album13/lside2_03.sized.jpg
End of file - 6137 bytes
A voir également:
- Ordi lent
- Pc lent - Guide
- Comment reinitialiser un ordi - Guide
- Mon mac est lent comment le nettoyer - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Ecran ordi a l'envers - Guide
5 réponses
ComboFix:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware et ta connection internet
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware et ta connection internet
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
jai fait le processus mais apres mon redémarrage
ComboFix 08-12-14.04 - DINO70 2008-12-14 21:42:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.511.289 [GMT -5:00]
Lancé depuis: c:\documents and settings\DINO70\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows\System32\webaduba.dll
c:\windows\system32\woruwiva.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BM6b79897c.txt
c:\windows\system32\~.exe
c:\windows\system32\apepayad.ini
c:\windows\system32\azelujaw.ini
c:\windows\system32\dinivosa.dll
c:\windows\system32\dumphive.exe
c:\windows\System32\fafaropu.dll
c:\windows\system32\gizuruku.dll
c:\windows\system32\gomakoju.dll
c:\windows\system32\ibarelot.ini
c:\windows\system32\iyejuzob.ini
c:\windows\system32\kepuzuli.dll
c:\windows\system32\lehotago.dll
c:\windows\system32\lowetepa.dll
c:\windows\system32\mabirite.dll
c:\windows\system32\migisibi.dll
c:\windows\system32\murebiyo.dll
c:\windows\system32\nokemafu.dll
c:\windows\system32\okolayir.ini
c:\windows\system32\omimumep.ini
c:\windows\system32\orebuban.ini
c:\windows\system32\padanoku.dll
c:\windows\system32\Process.exe
c:\windows\system32\sijibale.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tolerabi.dll
c:\windows\system32\ufamekon.ini
c:\windows\system32\ufuviyey.ini
c:\windows\system32\ukunuwuf.ini
c:\windows\system32\uporafaf.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\walebesu.dll
c:\windows\system32\wamapivu.dll
c:\windows\system32\webaduba.dll.vir
c:\windows\system32\woruwiva.dll.vir
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yeyivufu.dll
c:\windows\system32\yoyikofu.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 19:56 . 2008-12-10 19:56 <REP> d-------- c:\program files\Lavasoft
2008-12-10 19:56 . 2008-12-10 19:56 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-04 10:37 . 2008-12-04 10:37 10,752 --ahs---- c:\windows\Thumbs.db
2008-12-02 10:25 . 2008-12-02 10:25 268 --ah----- C:\sqmdata18.sqm
2008-12-02 10:25 . 2008-12-02 10:25 244 --ah----- C:\sqmnoopt18.sqm
2008-12-01 23:44 . 2008-12-01 23:44 268 --ah----- C:\sqmdata17.sqm
2008-12-01 23:44 . 2008-12-01 23:44 244 --ah----- C:\sqmnoopt17.sqm
2008-12-01 23:39 . 2008-12-01 23:39 268 --ah----- C:\sqmdata15.sqm
2008-12-01 23:39 . 2008-12-01 23:39 244 --ah----- C:\sqmnoopt15.sqm
2008-12-01 23:39 . 2008-12-01 23:39 208 --ah----- C:\sqmdata16.sqm
2008-12-01 23:39 . 2008-12-01 23:39 172 --ah----- C:\sqmnoopt16.sqm
2008-12-01 18:49 . 2008-12-01 18:49 244 --ah----- C:\sqmnoopt14.sqm
2008-12-01 18:49 . 2008-12-01 18:49 232 --ah----- C:\sqmdata14.sqm
2008-12-01 18:18 . 2008-12-01 23:19 <REP> d-------- c:\windows\BDOSCAN8
2008-11-25 13:11 . 2008-12-08 22:16 352 --a------ c:\windows\wininit.ini
2008-11-24 18:31 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2008-11-24 18:31 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2008-11-24 18:26 . 2008-11-24 18:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg7
2008-11-24 18:20 . 2008-11-24 18:20 <REP> d-------- c:\program files\ESET
2008-11-24 17:50 . 2008-11-24 17:50 <REP> d-------- C:\VundoFix Backups
2008-11-24 13:30 . 2008-12-01 18:45 <REP> d-------- c:\program files\dfsdfsd
2008-11-21 20:20 . 2008-11-21 20:20 30 --a------ c:\documents and settings\DINO70\jagex_runescape_preferences.dat
2008-11-19 07:42 . 2008-12-06 18:53 <REP> d-------- c:\program files\Ricochet Infinity
2008-11-15 22:16 . 2008-11-15 22:16 10 --a------ c:\windows\popcinfo.dat
2008-11-15 22:04 . 2008-11-24 18:23 <REP> d-------- c:\program files\Shockwave.com
2008-11-15 22:04 . 2008-11-15 22:04 <REP> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-11-15 21:44 . 2008-11-15 21:44 <REP> d-------- c:\documents and settings\DINO70\Application Data\URSE Games
2008-11-15 21:19 . 2008-11-24 18:24 <REP> d-------- c:\program files\Cosmic Ball
2008-11-15 20:11 . 2008-11-15 20:11 <REP> d-------- c:\program files\ReflexiveArcade
2008-11-15 20:11 . 2008-12-01 19:23 <REP> d-------- c:\program files\Luxor
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 02:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 02:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-11 17:22 --------- d-----w c:\documents and settings\DINO70\Application Data\uTorrent
2008-12-02 00:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 03:28 --------- d-----w c:\program files\Dofus
2008-10-20 01:30 --------- d-----w c:\documents and settings\DINO70\Application Data\ArcSoft
2008-10-20 01:13 --------- d-----w c:\program files\MARS
2008-10-20 01:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 01:10 --------- d-----w c:\program files\ArcSoft
2008-10-20 01:09 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-04-26 09:41 142 ----a-w c:\program files\page.html
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-05-11_ 7.22.55.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-22 01:20:02 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-11-22 01:20:03 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-01 23:19:44 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-01 23:19:44 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2008-12-01 23:19:44 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2008-12-01 23:19:48 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-12-01 23:19:49 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2008-12-01 23:19:45 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-10-05 01:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-04-21 14:59:06 131,072 ----a-w c:\windows\Downloaded Program Files\popcaploader.dll
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2000-08-31 12:00:00 73,728 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 13:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 12:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 13:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-11-24 23:23:08 10,134 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\callmsi.exe
+ 2008-11-24 23:23:08 136,448 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\egui.exe
+ 2002-12-12 05:14:32 45,696 ----a-w c:\windows\LastGood\System32\DRIVERS\stream.sys
+ 2007-07-30 23:19:12 43,352 ----a-w c:\windows\LastGood\System32\wups2.dll
- 2000-08-31 12:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 1995-07-31 17:44:46 212,480 ----a-w c:\windows\PCDLIB32.DLL
- 2000-08-31 12:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 13:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 12:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 13:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 12:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 13:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2008-03-19 23:23:20 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-11-04 15:15:38 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
- 2008-03-19 23:36:22 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
+ 2008-11-04 15:24:12 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
- 2008-03-19 23:24:02 487,424 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-11-04 15:16:16 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
- 2008-03-19 22:46:26 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-11-04 14:56:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2008-03-19 23:24:04 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-11-04 15:16:20 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2008-03-19 22:36:14 754,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-11-04 14:41:22 710,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
- 2008-03-19 22:36:16 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-11-04 14:41:24 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2008-03-19 22:36:14 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-11-04 14:41:22 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2008-03-19 22:42:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-04 14:52:10 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-04 14:41:22 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll
- 2008-03-19 23:22:34 249,856 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-11-04 15:14:58 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2008-03-19 23:25:36 442,368 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-04 15:16:52 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-04 15:23:52 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100470.exe
- 2008-03-19 23:26:20 110,592 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-11-04 15:14:42 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2008-03-19 23:22:22 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-11-04 15:14:40 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2008-03-19 22:36:14 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2008-11-04 14:41:22 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 1999-06-25 14:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 1999-06-25 15:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-05-08 13:14:20 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-05 11:18:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-05-08 13:14:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-05 11:18:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-11 17:37:26 6,272 ----a-w c:\windows\system32\drivers\AWRTPD.sys
+ 2008-04-29 16:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
- 2007-08-07 16:58:08 8,320 ----a-w c:\windows\system32\drivers\AWRTRD.sys
+ 2008-04-29 16:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-02-20 16:01:30 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-02-20 16:02:22 29,704 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-02-20 16:11:16 33,800 ----a-w c:\windows\system32\drivers\epfwtdir.sys
+ 2005-03-15 21:25:44 127,574 ----a-w c:\windows\system32\drivers\MR97310c.sys
- 2007-08-07 16:56:58 9,344 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-04-29 16:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2001-05-30 04:00:00 352,256 ----a-w c:\windows\system32\ijl15.dll
- 2008-02-22 06:23:35 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-03-20 22:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.DLL
- 2007-12-14 15:32:52 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-05-16 16:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-01-28 03:25:25 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-18 15:17:06 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-10-12 02:58:20 28,672 ----a-w c:\windows\system32\mr310exd.dll
+ 2001-10-12 14:57:18 36,864 ----a-w c:\windows\system32\mr310exv.dll
+ 2004-05-11 18:06:48 102,400 ----a-w c:\windows\system32\mr310ifc.dll
+ 2005-02-03 19:21:52 73,728 ----a-w c:\windows\system32\mr310ipc.dll
- 2008-04-06 21:56:23 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-26 22:37:10 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-06 21:56:23 48,616 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-10-26 22:37:10 48,616 ----a-w c:\windows\system32\perfc00C.dat
- 2008-04-06 21:56:23 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-26 22:37:10 311,604 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-06 21:56:23 367,658 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-10-26 22:37:10 367,658 ----a-w c:\windows\system32\perfh00C.dat
+ 2001-11-02 19:10:18 163,840 ----a-w c:\windows\system32\PhotoImpression Screen Saver.scr
+ 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2004-08-11 06:22:26 460,024 ----a-w c:\windows\system32\wma9dmod.dll
+ 2004-08-11 07:22:26 531,192 ----a-w c:\windows\system32\wmspdmod.dll
- 2000-08-31 12:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 13:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2000-08-31 12:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 13:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\webaduba.dll c:\windows\system32\woruwiva.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"SENTINEL"= snti386.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
R1 epfwtdir;epfwtdir;c:\windows\System32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2002-09-06 3584]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\System32\Drivers\usbVM305.sys [2008-03-21 392316]
.
Contenu du dossier 'Tâches planifiées'
2008-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- G:\setup.exe []
2008-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2007-04-10 16:46]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{2a3e48f3-cb90-4718-8a33-59bb065a3370} - c:\windows\System32\gomakoju.dll
BHO-{CB0C8C1D-0391-4B42-ACB5-F251E4A77DCD} - c:\windows\System32\awttq.dll
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Antispyware - c:\program files\AntiSpywareApp\Antispyware.exe
HKCU-Run-AdWare SpyWare Blocker and Removal - c:\program files\AdWare SpyWare Blocker and Removal\AdWare SpyWare Blocker and Removal.exe
HKLM-Run-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe
HKLM-Run-CPM6b79897c - c:\windows\system32\woruwiva.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-qomkjhi - qomkjhi.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 21:47:07
Windows 5.1.2600 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(596)
c:\windows\System32\dssenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Heure de fin: 2008-12-14 21:51:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-15 02:51:26
ComboFix2.txt 2008-05-11 11:23:37
Avant-CF: 20 551 356 416 octets libres
Après-CF: 22,776,336,384 octets libres
winxpsp1_fr_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect
333
ComboFix 08-12-14.04 - DINO70 2008-12-14 21:42:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.511.289 [GMT -5:00]
Lancé depuis: c:\documents and settings\DINO70\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows\System32\webaduba.dll
c:\windows\system32\woruwiva.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BM6b79897c.txt
c:\windows\system32\~.exe
c:\windows\system32\apepayad.ini
c:\windows\system32\azelujaw.ini
c:\windows\system32\dinivosa.dll
c:\windows\system32\dumphive.exe
c:\windows\System32\fafaropu.dll
c:\windows\system32\gizuruku.dll
c:\windows\system32\gomakoju.dll
c:\windows\system32\ibarelot.ini
c:\windows\system32\iyejuzob.ini
c:\windows\system32\kepuzuli.dll
c:\windows\system32\lehotago.dll
c:\windows\system32\lowetepa.dll
c:\windows\system32\mabirite.dll
c:\windows\system32\migisibi.dll
c:\windows\system32\murebiyo.dll
c:\windows\system32\nokemafu.dll
c:\windows\system32\okolayir.ini
c:\windows\system32\omimumep.ini
c:\windows\system32\orebuban.ini
c:\windows\system32\padanoku.dll
c:\windows\system32\Process.exe
c:\windows\system32\sijibale.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tolerabi.dll
c:\windows\system32\ufamekon.ini
c:\windows\system32\ufuviyey.ini
c:\windows\system32\ukunuwuf.ini
c:\windows\system32\uporafaf.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\walebesu.dll
c:\windows\system32\wamapivu.dll
c:\windows\system32\webaduba.dll.vir
c:\windows\system32\woruwiva.dll.vir
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yeyivufu.dll
c:\windows\system32\yoyikofu.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 19:56 . 2008-12-10 19:56 <REP> d-------- c:\program files\Lavasoft
2008-12-10 19:56 . 2008-12-10 19:56 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-04 10:37 . 2008-12-04 10:37 10,752 --ahs---- c:\windows\Thumbs.db
2008-12-02 10:25 . 2008-12-02 10:25 268 --ah----- C:\sqmdata18.sqm
2008-12-02 10:25 . 2008-12-02 10:25 244 --ah----- C:\sqmnoopt18.sqm
2008-12-01 23:44 . 2008-12-01 23:44 268 --ah----- C:\sqmdata17.sqm
2008-12-01 23:44 . 2008-12-01 23:44 244 --ah----- C:\sqmnoopt17.sqm
2008-12-01 23:39 . 2008-12-01 23:39 268 --ah----- C:\sqmdata15.sqm
2008-12-01 23:39 . 2008-12-01 23:39 244 --ah----- C:\sqmnoopt15.sqm
2008-12-01 23:39 . 2008-12-01 23:39 208 --ah----- C:\sqmdata16.sqm
2008-12-01 23:39 . 2008-12-01 23:39 172 --ah----- C:\sqmnoopt16.sqm
2008-12-01 18:49 . 2008-12-01 18:49 244 --ah----- C:\sqmnoopt14.sqm
2008-12-01 18:49 . 2008-12-01 18:49 232 --ah----- C:\sqmdata14.sqm
2008-12-01 18:18 . 2008-12-01 23:19 <REP> d-------- c:\windows\BDOSCAN8
2008-11-25 13:11 . 2008-12-08 22:16 352 --a------ c:\windows\wininit.ini
2008-11-24 18:31 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2008-11-24 18:31 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2008-11-24 18:26 . 2008-11-24 18:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg7
2008-11-24 18:20 . 2008-11-24 18:20 <REP> d-------- c:\program files\ESET
2008-11-24 17:50 . 2008-11-24 17:50 <REP> d-------- C:\VundoFix Backups
2008-11-24 13:30 . 2008-12-01 18:45 <REP> d-------- c:\program files\dfsdfsd
2008-11-21 20:20 . 2008-11-21 20:20 30 --a------ c:\documents and settings\DINO70\jagex_runescape_preferences.dat
2008-11-19 07:42 . 2008-12-06 18:53 <REP> d-------- c:\program files\Ricochet Infinity
2008-11-15 22:16 . 2008-11-15 22:16 10 --a------ c:\windows\popcinfo.dat
2008-11-15 22:04 . 2008-11-24 18:23 <REP> d-------- c:\program files\Shockwave.com
2008-11-15 22:04 . 2008-11-15 22:04 <REP> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-11-15 21:44 . 2008-11-15 21:44 <REP> d-------- c:\documents and settings\DINO70\Application Data\URSE Games
2008-11-15 21:19 . 2008-11-24 18:24 <REP> d-------- c:\program files\Cosmic Ball
2008-11-15 20:11 . 2008-11-15 20:11 <REP> d-------- c:\program files\ReflexiveArcade
2008-11-15 20:11 . 2008-12-01 19:23 <REP> d-------- c:\program files\Luxor
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 02:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 02:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-11 17:22 --------- d-----w c:\documents and settings\DINO70\Application Data\uTorrent
2008-12-02 00:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 03:28 --------- d-----w c:\program files\Dofus
2008-10-20 01:30 --------- d-----w c:\documents and settings\DINO70\Application Data\ArcSoft
2008-10-20 01:13 --------- d-----w c:\program files\MARS
2008-10-20 01:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 01:10 --------- d-----w c:\program files\ArcSoft
2008-10-20 01:09 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-04-26 09:41 142 ----a-w c:\program files\page.html
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-05-11_ 7.22.55.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-22 01:20:02 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-11-22 01:20:03 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-01 23:19:44 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-01 23:19:44 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2008-12-01 23:19:44 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2008-12-01 23:19:48 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-12-01 23:19:49 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2008-12-01 23:19:45 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-10-05 01:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-04-21 14:59:06 131,072 ----a-w c:\windows\Downloaded Program Files\popcaploader.dll
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2000-08-31 12:00:00 73,728 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 13:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 12:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 13:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-11-24 23:23:08 10,134 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\callmsi.exe
+ 2008-11-24 23:23:08 136,448 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\egui.exe
+ 2002-12-12 05:14:32 45,696 ----a-w c:\windows\LastGood\System32\DRIVERS\stream.sys
+ 2007-07-30 23:19:12 43,352 ----a-w c:\windows\LastGood\System32\wups2.dll
- 2000-08-31 12:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 1995-07-31 17:44:46 212,480 ----a-w c:\windows\PCDLIB32.DLL
- 2000-08-31 12:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 13:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 12:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 13:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 12:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 13:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2008-03-19 23:23:20 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-11-04 15:15:38 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
- 2008-03-19 23:36:22 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
+ 2008-11-04 15:24:12 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
- 2008-03-19 23:24:02 487,424 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-11-04 15:16:16 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
- 2008-03-19 22:46:26 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-11-04 14:56:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2008-03-19 23:24:04 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-11-04 15:16:20 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2008-03-19 22:36:14 754,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-11-04 14:41:22 710,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
- 2008-03-19 22:36:16 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-11-04 14:41:24 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2008-03-19 22:36:14 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-11-04 14:41:22 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2008-03-19 22:42:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-04 14:52:10 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-04 14:41:22 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll
- 2008-03-19 23:22:34 249,856 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-11-04 15:14:58 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2008-03-19 23:25:36 442,368 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-04 15:16:52 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-04 15:23:52 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100470.exe
- 2008-03-19 23:26:20 110,592 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-11-04 15:14:42 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2008-03-19 23:22:22 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-11-04 15:14:40 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2008-03-19 22:36:14 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2008-11-04 14:41:22 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 1999-06-25 14:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 1999-06-25 15:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-05-08 13:14:20 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-05 11:18:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-05-08 13:14:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-05 11:18:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-11 17:37:26 6,272 ----a-w c:\windows\system32\drivers\AWRTPD.sys
+ 2008-04-29 16:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
- 2007-08-07 16:58:08 8,320 ----a-w c:\windows\system32\drivers\AWRTRD.sys
+ 2008-04-29 16:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-02-20 16:01:30 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-02-20 16:02:22 29,704 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-02-20 16:11:16 33,800 ----a-w c:\windows\system32\drivers\epfwtdir.sys
+ 2005-03-15 21:25:44 127,574 ----a-w c:\windows\system32\drivers\MR97310c.sys
- 2007-08-07 16:56:58 9,344 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-04-29 16:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2001-05-30 04:00:00 352,256 ----a-w c:\windows\system32\ijl15.dll
- 2008-02-22 06:23:35 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-03-20 22:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.DLL
- 2007-12-14 15:32:52 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-05-16 16:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-01-28 03:25:25 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-18 15:17:06 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-10-12 02:58:20 28,672 ----a-w c:\windows\system32\mr310exd.dll
+ 2001-10-12 14:57:18 36,864 ----a-w c:\windows\system32\mr310exv.dll
+ 2004-05-11 18:06:48 102,400 ----a-w c:\windows\system32\mr310ifc.dll
+ 2005-02-03 19:21:52 73,728 ----a-w c:\windows\system32\mr310ipc.dll
- 2008-04-06 21:56:23 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-26 22:37:10 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-06 21:56:23 48,616 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-10-26 22:37:10 48,616 ----a-w c:\windows\system32\perfc00C.dat
- 2008-04-06 21:56:23 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-26 22:37:10 311,604 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-06 21:56:23 367,658 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-10-26 22:37:10 367,658 ----a-w c:\windows\system32\perfh00C.dat
+ 2001-11-02 19:10:18 163,840 ----a-w c:\windows\system32\PhotoImpression Screen Saver.scr
+ 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2004-08-11 06:22:26 460,024 ----a-w c:\windows\system32\wma9dmod.dll
+ 2004-08-11 07:22:26 531,192 ----a-w c:\windows\system32\wmspdmod.dll
- 2000-08-31 12:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 13:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2000-08-31 12:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 13:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\webaduba.dll c:\windows\system32\woruwiva.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"SENTINEL"= snti386.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
R1 epfwtdir;epfwtdir;c:\windows\System32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2002-09-06 3584]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\System32\Drivers\usbVM305.sys [2008-03-21 392316]
.
Contenu du dossier 'Tâches planifiées'
2008-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- G:\setup.exe []
2008-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2007-04-10 16:46]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{2a3e48f3-cb90-4718-8a33-59bb065a3370} - c:\windows\System32\gomakoju.dll
BHO-{CB0C8C1D-0391-4B42-ACB5-F251E4A77DCD} - c:\windows\System32\awttq.dll
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Antispyware - c:\program files\AntiSpywareApp\Antispyware.exe
HKCU-Run-AdWare SpyWare Blocker and Removal - c:\program files\AdWare SpyWare Blocker and Removal\AdWare SpyWare Blocker and Removal.exe
HKLM-Run-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe
HKLM-Run-CPM6b79897c - c:\windows\system32\woruwiva.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-qomkjhi - qomkjhi.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 21:47:07
Windows 5.1.2600 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(596)
c:\windows\System32\dssenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Heure de fin: 2008-12-14 21:51:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-15 02:51:26
ComboFix2.txt 2008-05-11 11:23:37
Avant-CF: 20 551 356 416 octets libres
Après-CF: 22,776,336,384 octets libres
winxpsp1_fr_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect
333
jai fait le processus mais apres mon redémarrage
ComboFix 08-12-14.04 - DINO70 2008-12-14 21:42:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.511.289 [GMT -5:00]
Lancé depuis: c:\documents and settings\DINO70\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows\System32\webaduba.dll
c:\windows\system32\woruwiva.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BM6b79897c.txt
c:\windows\system32\~.exe
c:\windows\system32\apepayad.ini
c:\windows\system32\azelujaw.ini
c:\windows\system32\dinivosa.dll
c:\windows\system32\dumphive.exe
c:\windows\System32\fafaropu.dll
c:\windows\system32\gizuruku.dll
c:\windows\system32\gomakoju.dll
c:\windows\system32\ibarelot.ini
c:\windows\system32\iyejuzob.ini
c:\windows\system32\kepuzuli.dll
c:\windows\system32\lehotago.dll
c:\windows\system32\lowetepa.dll
c:\windows\system32\mabirite.dll
c:\windows\system32\migisibi.dll
c:\windows\system32\murebiyo.dll
c:\windows\system32\nokemafu.dll
c:\windows\system32\okolayir.ini
c:\windows\system32\omimumep.ini
c:\windows\system32\orebuban.ini
c:\windows\system32\padanoku.dll
c:\windows\system32\Process.exe
c:\windows\system32\sijibale.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tolerabi.dll
c:\windows\system32\ufamekon.ini
c:\windows\system32\ufuviyey.ini
c:\windows\system32\ukunuwuf.ini
c:\windows\system32\uporafaf.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\walebesu.dll
c:\windows\system32\wamapivu.dll
c:\windows\system32\webaduba.dll.vir
c:\windows\system32\woruwiva.dll.vir
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yeyivufu.dll
c:\windows\system32\yoyikofu.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 19:56 . 2008-12-10 19:56 <REP> d-------- c:\program files\Lavasoft
2008-12-10 19:56 . 2008-12-10 19:56 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-04 10:37 . 2008-12-04 10:37 10,752 --ahs---- c:\windows\Thumbs.db
2008-12-02 10:25 . 2008-12-02 10:25 268 --ah----- C:\sqmdata18.sqm
2008-12-02 10:25 . 2008-12-02 10:25 244 --ah----- C:\sqmnoopt18.sqm
2008-12-01 23:44 . 2008-12-01 23:44 268 --ah----- C:\sqmdata17.sqm
2008-12-01 23:44 . 2008-12-01 23:44 244 --ah----- C:\sqmnoopt17.sqm
2008-12-01 23:39 . 2008-12-01 23:39 268 --ah----- C:\sqmdata15.sqm
2008-12-01 23:39 . 2008-12-01 23:39 244 --ah----- C:\sqmnoopt15.sqm
2008-12-01 23:39 . 2008-12-01 23:39 208 --ah----- C:\sqmdata16.sqm
2008-12-01 23:39 . 2008-12-01 23:39 172 --ah----- C:\sqmnoopt16.sqm
2008-12-01 18:49 . 2008-12-01 18:49 244 --ah----- C:\sqmnoopt14.sqm
2008-12-01 18:49 . 2008-12-01 18:49 232 --ah----- C:\sqmdata14.sqm
2008-12-01 18:18 . 2008-12-01 23:19 <REP> d-------- c:\windows\BDOSCAN8
2008-11-25 13:11 . 2008-12-08 22:16 352 --a------ c:\windows\wininit.ini
2008-11-24 18:31 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2008-11-24 18:31 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2008-11-24 18:26 . 2008-11-24 18:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg7
2008-11-24 18:20 . 2008-11-24 18:20 <REP> d-------- c:\program files\ESET
2008-11-24 17:50 . 2008-11-24 17:50 <REP> d-------- C:\VundoFix Backups
2008-11-24 13:30 . 2008-12-01 18:45 <REP> d-------- c:\program files\dfsdfsd
2008-11-21 20:20 . 2008-11-21 20:20 30 --a------ c:\documents and settings\DINO70\jagex_runescape_preferences.dat
2008-11-19 07:42 . 2008-12-06 18:53 <REP> d-------- c:\program files\Ricochet Infinity
2008-11-15 22:16 . 2008-11-15 22:16 10 --a------ c:\windows\popcinfo.dat
2008-11-15 22:04 . 2008-11-24 18:23 <REP> d-------- c:\program files\Shockwave.com
2008-11-15 22:04 . 2008-11-15 22:04 <REP> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-11-15 21:44 . 2008-11-15 21:44 <REP> d-------- c:\documents and settings\DINO70\Application Data\URSE Games
2008-11-15 21:19 . 2008-11-24 18:24 <REP> d-------- c:\program files\Cosmic Ball
2008-11-15 20:11 . 2008-11-15 20:11 <REP> d-------- c:\program files\ReflexiveArcade
2008-11-15 20:11 . 2008-12-01 19:23 <REP> d-------- c:\program files\Luxor
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 02:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 02:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-11 17:22 --------- d-----w c:\documents and settings\DINO70\Application Data\uTorrent
2008-12-02 00:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 03:28 --------- d-----w c:\program files\Dofus
2008-10-20 01:30 --------- d-----w c:\documents and settings\DINO70\Application Data\ArcSoft
2008-10-20 01:13 --------- d-----w c:\program files\MARS
2008-10-20 01:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 01:10 --------- d-----w c:\program files\ArcSoft
2008-10-20 01:09 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-04-26 09:41 142 ----a-w c:\program files\page.html
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-05-11_ 7.22.55.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-22 01:20:02 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-11-22 01:20:03 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-01 23:19:44 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-01 23:19:44 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2008-12-01 23:19:44 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2008-12-01 23:19:48 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-12-01 23:19:49 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2008-12-01 23:19:45 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-10-05 01:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-04-21 14:59:06 131,072 ----a-w c:\windows\Downloaded Program Files\popcaploader.dll
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2000-08-31 12:00:00 73,728 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 13:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 12:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 13:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-11-24 23:23:08 10,134 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\callmsi.exe
+ 2008-11-24 23:23:08 136,448 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\egui.exe
+ 2002-12-12 05:14:32 45,696 ----a-w c:\windows\LastGood\System32\DRIVERS\stream.sys
+ 2007-07-30 23:19:12 43,352 ----a-w c:\windows\LastGood\System32\wups2.dll
- 2000-08-31 12:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 1995-07-31 17:44:46 212,480 ----a-w c:\windows\PCDLIB32.DLL
- 2000-08-31 12:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 13:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 12:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 13:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 12:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 13:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2008-03-19 23:23:20 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-11-04 15:15:38 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
- 2008-03-19 23:36:22 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
+ 2008-11-04 15:24:12 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
- 2008-03-19 23:24:02 487,424 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-11-04 15:16:16 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
- 2008-03-19 22:46:26 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-11-04 14:56:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2008-03-19 23:24:04 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-11-04 15:16:20 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2008-03-19 22:36:14 754,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-11-04 14:41:22 710,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
- 2008-03-19 22:36:16 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-11-04 14:41:24 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2008-03-19 22:36:14 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-11-04 14:41:22 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2008-03-19 22:42:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-04 14:52:10 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-04 14:41:22 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll
- 2008-03-19 23:22:34 249,856 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-11-04 15:14:58 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2008-03-19 23:25:36 442,368 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-04 15:16:52 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-04 15:23:52 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100470.exe
- 2008-03-19 23:26:20 110,592 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-11-04 15:14:42 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2008-03-19 23:22:22 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-11-04 15:14:40 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2008-03-19 22:36:14 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2008-11-04 14:41:22 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 1999-06-25 14:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 1999-06-25 15:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-05-08 13:14:20 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-05 11:18:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-05-08 13:14:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-05 11:18:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-11 17:37:26 6,272 ----a-w c:\windows\system32\drivers\AWRTPD.sys
+ 2008-04-29 16:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
- 2007-08-07 16:58:08 8,320 ----a-w c:\windows\system32\drivers\AWRTRD.sys
+ 2008-04-29 16:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-02-20 16:01:30 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-02-20 16:02:22 29,704 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-02-20 16:11:16 33,800 ----a-w c:\windows\system32\drivers\epfwtdir.sys
+ 2005-03-15 21:25:44 127,574 ----a-w c:\windows\system32\drivers\MR97310c.sys
- 2007-08-07 16:56:58 9,344 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-04-29 16:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2001-05-30 04:00:00 352,256 ----a-w c:\windows\system32\ijl15.dll
- 2008-02-22 06:23:35 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-03-20 22:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.DLL
- 2007-12-14 15:32:52 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-05-16 16:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-01-28 03:25:25 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-18 15:17:06 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-10-12 02:58:20 28,672 ----a-w c:\windows\system32\mr310exd.dll
+ 2001-10-12 14:57:18 36,864 ----a-w c:\windows\system32\mr310exv.dll
+ 2004-05-11 18:06:48 102,400 ----a-w c:\windows\system32\mr310ifc.dll
+ 2005-02-03 19:21:52 73,728 ----a-w c:\windows\system32\mr310ipc.dll
- 2008-04-06 21:56:23 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-26 22:37:10 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-06 21:56:23 48,616 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-10-26 22:37:10 48,616 ----a-w c:\windows\system32\perfc00C.dat
- 2008-04-06 21:56:23 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-26 22:37:10 311,604 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-06 21:56:23 367,658 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-10-26 22:37:10 367,658 ----a-w c:\windows\system32\perfh00C.dat
+ 2001-11-02 19:10:18 163,840 ----a-w c:\windows\system32\PhotoImpression Screen Saver.scr
+ 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2004-08-11 06:22:26 460,024 ----a-w c:\windows\system32\wma9dmod.dll
+ 2004-08-11 07:22:26 531,192 ----a-w c:\windows\system32\wmspdmod.dll
- 2000-08-31 12:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 13:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2000-08-31 12:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 13:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\webaduba.dll c:\windows\system32\woruwiva.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"SENTINEL"= snti386.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
R1 epfwtdir;epfwtdir;c:\windows\System32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2002-09-06 3584]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\System32\Drivers\usbVM305.sys [2008-03-21 392316]
.
Contenu du dossier 'Tâches planifiées'
2008-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- G:\setup.exe []
2008-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2007-04-10 16:46]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{2a3e48f3-cb90-4718-8a33-59bb065a3370} - c:\windows\System32\gomakoju.dll
BHO-{CB0C8C1D-0391-4B42-ACB5-F251E4A77DCD} - c:\windows\System32\awttq.dll
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Antispyware - c:\program files\AntiSpywareApp\Antispyware.exe
HKCU-Run-AdWare SpyWare Blocker and Removal - c:\program files\AdWare SpyWare Blocker and Removal\AdWare SpyWare Blocker and Removal.exe
HKLM-Run-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe
HKLM-Run-CPM6b79897c - c:\windows\system32\woruwiva.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-qomkjhi - qomkjhi.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 21:47:07
Windows 5.1.2600 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(596)
c:\windows\System32\dssenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Heure de fin: 2008-12-14 21:51:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-15 02:51:26
ComboFix2.txt 2008-05-11 11:23:37
Avant-CF: 20 551 356 416 octets libres
Après-CF: 22,776,336,384 octets libres
winxpsp1_fr_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect
333
ComboFix 08-12-14.04 - DINO70 2008-12-14 21:42:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.511.289 [GMT -5:00]
Lancé depuis: c:\documents and settings\DINO70\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows\System32\webaduba.dll
c:\windows\system32\woruwiva.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BM6b79897c.txt
c:\windows\system32\~.exe
c:\windows\system32\apepayad.ini
c:\windows\system32\azelujaw.ini
c:\windows\system32\dinivosa.dll
c:\windows\system32\dumphive.exe
c:\windows\System32\fafaropu.dll
c:\windows\system32\gizuruku.dll
c:\windows\system32\gomakoju.dll
c:\windows\system32\ibarelot.ini
c:\windows\system32\iyejuzob.ini
c:\windows\system32\kepuzuli.dll
c:\windows\system32\lehotago.dll
c:\windows\system32\lowetepa.dll
c:\windows\system32\mabirite.dll
c:\windows\system32\migisibi.dll
c:\windows\system32\murebiyo.dll
c:\windows\system32\nokemafu.dll
c:\windows\system32\okolayir.ini
c:\windows\system32\omimumep.ini
c:\windows\system32\orebuban.ini
c:\windows\system32\padanoku.dll
c:\windows\system32\Process.exe
c:\windows\system32\sijibale.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tolerabi.dll
c:\windows\system32\ufamekon.ini
c:\windows\system32\ufuviyey.ini
c:\windows\system32\ukunuwuf.ini
c:\windows\system32\uporafaf.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\walebesu.dll
c:\windows\system32\wamapivu.dll
c:\windows\system32\webaduba.dll.vir
c:\windows\system32\woruwiva.dll.vir
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yeyivufu.dll
c:\windows\system32\yoyikofu.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 19:56 . 2008-12-10 19:56 <REP> d-------- c:\program files\Lavasoft
2008-12-10 19:56 . 2008-12-10 19:56 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-04 10:37 . 2008-12-04 10:37 10,752 --ahs---- c:\windows\Thumbs.db
2008-12-02 10:25 . 2008-12-02 10:25 268 --ah----- C:\sqmdata18.sqm
2008-12-02 10:25 . 2008-12-02 10:25 244 --ah----- C:\sqmnoopt18.sqm
2008-12-01 23:44 . 2008-12-01 23:44 268 --ah----- C:\sqmdata17.sqm
2008-12-01 23:44 . 2008-12-01 23:44 244 --ah----- C:\sqmnoopt17.sqm
2008-12-01 23:39 . 2008-12-01 23:39 268 --ah----- C:\sqmdata15.sqm
2008-12-01 23:39 . 2008-12-01 23:39 244 --ah----- C:\sqmnoopt15.sqm
2008-12-01 23:39 . 2008-12-01 23:39 208 --ah----- C:\sqmdata16.sqm
2008-12-01 23:39 . 2008-12-01 23:39 172 --ah----- C:\sqmnoopt16.sqm
2008-12-01 18:49 . 2008-12-01 18:49 244 --ah----- C:\sqmnoopt14.sqm
2008-12-01 18:49 . 2008-12-01 18:49 232 --ah----- C:\sqmdata14.sqm
2008-12-01 18:18 . 2008-12-01 23:19 <REP> d-------- c:\windows\BDOSCAN8
2008-11-25 13:11 . 2008-12-08 22:16 352 --a------ c:\windows\wininit.ini
2008-11-24 18:31 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2008-11-24 18:31 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2008-11-24 18:26 . 2008-11-24 18:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg7
2008-11-24 18:20 . 2008-11-24 18:20 <REP> d-------- c:\program files\ESET
2008-11-24 17:50 . 2008-11-24 17:50 <REP> d-------- C:\VundoFix Backups
2008-11-24 13:30 . 2008-12-01 18:45 <REP> d-------- c:\program files\dfsdfsd
2008-11-21 20:20 . 2008-11-21 20:20 30 --a------ c:\documents and settings\DINO70\jagex_runescape_preferences.dat
2008-11-19 07:42 . 2008-12-06 18:53 <REP> d-------- c:\program files\Ricochet Infinity
2008-11-15 22:16 . 2008-11-15 22:16 10 --a------ c:\windows\popcinfo.dat
2008-11-15 22:04 . 2008-11-24 18:23 <REP> d-------- c:\program files\Shockwave.com
2008-11-15 22:04 . 2008-11-15 22:04 <REP> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-11-15 21:44 . 2008-11-15 21:44 <REP> d-------- c:\documents and settings\DINO70\Application Data\URSE Games
2008-11-15 21:19 . 2008-11-24 18:24 <REP> d-------- c:\program files\Cosmic Ball
2008-11-15 20:11 . 2008-11-15 20:11 <REP> d-------- c:\program files\ReflexiveArcade
2008-11-15 20:11 . 2008-12-01 19:23 <REP> d-------- c:\program files\Luxor
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 02:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 02:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-11 17:22 --------- d-----w c:\documents and settings\DINO70\Application Data\uTorrent
2008-12-02 00:22 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 12:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 03:28 --------- d-----w c:\program files\Dofus
2008-10-20 01:30 --------- d-----w c:\documents and settings\DINO70\Application Data\ArcSoft
2008-10-20 01:13 --------- d-----w c:\program files\MARS
2008-10-20 01:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 01:10 --------- d-----w c:\program files\ArcSoft
2008-10-20 01:09 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-04-26 09:41 142 ----a-w c:\program files\page.html
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-05-11_ 7.22.55.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-22 01:20:02 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-11-22 01:20:03 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-01 23:19:44 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-01 23:19:44 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2008-12-01 23:19:44 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2008-12-01 23:19:48 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-12-01 23:19:49 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2008-12-01 23:19:45 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-10-05 01:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-04-21 14:59:06 131,072 ----a-w c:\windows\Downloaded Program Files\popcaploader.dll
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2000-08-31 12:00:00 73,728 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 13:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 12:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 13:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-11-24 23:23:08 10,134 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\callmsi.exe
+ 2008-11-24 23:23:08 136,448 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\egui.exe
+ 2002-12-12 05:14:32 45,696 ----a-w c:\windows\LastGood\System32\DRIVERS\stream.sys
+ 2007-07-30 23:19:12 43,352 ----a-w c:\windows\LastGood\System32\wups2.dll
- 2000-08-31 12:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 1995-07-31 17:44:46 212,480 ----a-w c:\windows\PCDLIB32.DLL
- 2000-08-31 12:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 13:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 12:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 12:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 13:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 12:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 13:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2008-03-19 23:23:20 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-11-04 15:15:38 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
- 2008-03-19 23:36:22 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
+ 2008-11-04 15:24:12 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
- 2008-03-19 23:24:02 487,424 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-11-04 15:16:16 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
- 2008-03-19 22:46:26 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-11-04 14:56:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2008-03-19 23:24:04 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-11-04 15:16:20 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2008-03-19 22:36:14 754,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-11-04 14:41:22 710,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
- 2008-03-19 22:36:16 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-11-04 14:41:24 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2008-03-19 22:36:14 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-11-04 14:41:22 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2008-03-19 22:42:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-04 14:52:10 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-11-04 14:41:22 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll
- 2008-03-19 23:22:34 249,856 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-11-04 15:14:58 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2008-03-19 23:25:36 442,368 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-04 15:16:52 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-04 15:23:52 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100470.exe
- 2008-03-19 23:26:20 110,592 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-11-04 15:14:42 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2008-03-19 23:22:22 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-11-04 15:14:40 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2008-03-19 22:36:14 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2008-11-04 14:41:22 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 1999-06-25 14:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 1999-06-25 15:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-05-08 13:14:20 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-05 11:18:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-05-08 13:14:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-05 11:18:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-11 17:37:26 6,272 ----a-w c:\windows\system32\drivers\AWRTPD.sys
+ 2008-04-29 16:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
- 2007-08-07 16:58:08 8,320 ----a-w c:\windows\system32\drivers\AWRTRD.sys
+ 2008-04-29 16:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-02-20 16:01:30 39,944 ----a-w c:\windows\system32\drivers\eamon.sys
+ 2008-02-20 16:02:22 29,704 ----a-w c:\windows\system32\drivers\easdrv.sys
+ 2008-02-20 16:11:16 33,800 ----a-w c:\windows\system32\drivers\epfwtdir.sys
+ 2005-03-15 21:25:44 127,574 ----a-w c:\windows\system32\drivers\MR97310c.sys
- 2007-08-07 16:56:58 9,344 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-04-29 16:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2001-05-30 04:00:00 352,256 ----a-w c:\windows\system32\ijl15.dll
- 2008-02-22 06:23:35 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-03-20 22:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.DLL
- 2007-12-14 15:32:52 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-05-16 16:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-01-28 03:25:25 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-18 15:17:06 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-10-12 02:58:20 28,672 ----a-w c:\windows\system32\mr310exd.dll
+ 2001-10-12 14:57:18 36,864 ----a-w c:\windows\system32\mr310exv.dll
+ 2004-05-11 18:06:48 102,400 ----a-w c:\windows\system32\mr310ifc.dll
+ 2005-02-03 19:21:52 73,728 ----a-w c:\windows\system32\mr310ipc.dll
- 2008-04-06 21:56:23 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-26 22:37:10 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-06 21:56:23 48,616 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-10-26 22:37:10 48,616 ----a-w c:\windows\system32\perfc00C.dat
- 2008-04-06 21:56:23 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-26 22:37:10 311,604 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-06 21:56:23 367,658 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-10-26 22:37:10 367,658 ----a-w c:\windows\system32\perfh00C.dat
+ 2001-11-02 19:10:18 163,840 ----a-w c:\windows\system32\PhotoImpression Screen Saver.scr
+ 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2004-08-11 06:22:26 460,024 ----a-w c:\windows\system32\wma9dmod.dll
+ 2004-08-11 07:22:26 531,192 ----a-w c:\windows\system32\wmspdmod.dll
- 2000-08-31 12:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 13:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2000-08-31 12:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 13:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\webaduba.dll c:\windows\system32\woruwiva.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"SENTINEL"= snti386.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
R1 epfwtdir;epfwtdir;c:\windows\System32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2002-09-06 3584]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\System32\Drivers\usbVM305.sys [2008-03-21 392316]
.
Contenu du dossier 'Tâches planifiées'
2008-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- G:\setup.exe []
2008-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2007-04-10 16:46]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{2a3e48f3-cb90-4718-8a33-59bb065a3370} - c:\windows\System32\gomakoju.dll
BHO-{CB0C8C1D-0391-4B42-ACB5-F251E4A77DCD} - c:\windows\System32\awttq.dll
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Antispyware - c:\program files\AntiSpywareApp\Antispyware.exe
HKCU-Run-AdWare SpyWare Blocker and Removal - c:\program files\AdWare SpyWare Blocker and Removal\AdWare SpyWare Blocker and Removal.exe
HKLM-Run-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe
HKLM-Run-CPM6b79897c - c:\windows\system32\woruwiva.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-qomkjhi - qomkjhi.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 21:47:07
Windows 5.1.2600 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(596)
c:\windows\System32\dssenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Heure de fin: 2008-12-14 21:51:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-15 02:51:26
ComboFix2.txt 2008-05-11 11:23:37
Avant-CF: 20 551 356 416 octets libres
Après-CF: 22,776,336,384 octets libres
winxpsp1_fr_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect
333
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question