Crypt/xpack.gen... enfin, j'crois.
Forum Sécurité - Virus : Crypt/xpack.gen... enfin, j'crois.
Bonjour à tous,
Je suis depuis plusieurs jours infecté par quelque chose dont je n'arrive pas à me débarrasser simplement. Je cri donc à l'aide auprès de gens avisés.
Merci.
[DaV]
En plus de cela, je ne sait pas si c'est lié, mais j'ai beaucoup de mal à accéder à Google notamment... (recherche, Google agenda, etc...)
Voici mon rapport HiJack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BM2f1ab20f] Rundll32.exe "C:\WINDOWS\system32\ldhtcebt.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Barre latérale Google Desktop.lnk = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg
--
End of file - 7064 bytes
Bonjour,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Voici mon rapport de ComboFix.exe lancé depuis le bureau.
Merci.
ComboFix 08-05-21.2 - Administrateur 2008-05-22 14:53:30.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2626 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM2f1ab20f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXOGXpn.dll
C:\WINDOWS\system32\cdemudph.dll
C:\WINDOWS\system32\foekpqog.dll
C:\WINDOWS\system32\foqvvesk.exe
C:\WINDOWS\system32\hkyroggg.dll
C:\WINDOWS\system32\iafphrrq.dll
C:\WINDOWS\system32\kdplsrml.dll
C:\WINDOWS\system32\ldhtcebt.dll
C:\WINDOWS\system32\luvhytmx.dll
C:\WINDOWS\system32\NUDcLRqr.ini
C:\WINDOWS\system32\NUDcLRqr.ini2
C:\WINDOWS\system32\nxcjgtct.dll
C:\WINDOWS\system32\onxixtvr.exe
C:\WINDOWS\system32\puaaurig.dll
C:\WINDOWS\system32\pwcvfygx.dll
C:\WINDOWS\system32\qqavhhuq.dll
C:\WINDOWS\system32\qrclrlum.dll
C:\WINDOWS\system32\qumkiqrj.dll
C:\WINDOWS\system32\rqRLcDUN.dll
C:\WINDOWS\system32\tqphgvta.dll
C:\WINDOWS\system32\ufukaetp.exe
C:\WINDOWS\system32\uyktokpb.dll
C:\WINDOWS\system32\wcfhhvbp.dll
C:\WINDOWS\system32\whsxdfme.dll
C:\WINDOWS\system32\wpfehqdc.dll
C:\WINDOWS\system32\wuhdupal.dll
C:\WINDOWS\system32\xnwofixn.dll
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aosjxuxo.ini
C:\WINDOWS\system32\auhgcksr.ini
C:\WINDOWS\system32\bnbmnphv.exe
C:\WINDOWS\system32\dralcrev.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ncymddlj.ini
C:\WINDOWS\system32\nxifownx.ini
C:\WINDOWS\system32\pbvhhfcw.ini
C:\WINDOWS\system32\pbvhhfcw.ini2
C:\WINDOWS\system32\pnqyisxo.ini
C:\WINDOWS\system32\tismgmiw.ini
C:\WINDOWS\system32\tpatwydh.ini
C:\WINDOWS\system32\TvvEOXbc.ini
C:\WINDOWS\system32\TvvEOXbc.ini2
C:\WINDOWS\system32\vuyxpyfr.ini
C:\WINDOWS\system32\vyohvimm.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.
2008-05-22 11:33 . 2008-05-22 11:33 135,680 --a------ C:\WINDOWS\system32\lnhyxrji.dll
2008-05-21 15:49 . 2008-05-21 15:49 134,144 --a------ C:\WINDOWS\system32\rlqxqedy.dll
2008-05-21 10:58 . 2008-05-21 10:58 134,144 --a------ C:\WINDOWS\system32\cvmojeqp.dll
2008-05-21 09:57 . 2008-05-22 11:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 09:57 . 2008-05-21 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-19 12:08 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-19 12:08 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-19 12:04 . 2008-05-19 12:04 <REP> d-------- C:\Program Files\MagicISO
2008-05-19 11:27 . 2008-05-19 11:33 <REP> d-------- C:\Program Files\Ultra Video To Flash Converter
2008-05-19 11:27 . 2004-02-22 16:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-05-19 11:27 . 2006-12-31 10:16 313,344 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-19 11:16 . 2008-05-19 11:30 <REP> d-------- C:\Program Files\Total Video Converter
2008-05-19 11:00 . 2008-05-19 11:02 270 --a------ C:\WINDOWS\system32\temp_0000_65-20.aok
2008-05-19 10:57 . 2008-05-19 10:57 117 --a------ C:\WINDOWS\system32\test.aok
2008-05-19 10:36 . 2008-05-19 10:46 <REP> d-------- C:\Program Files\QuickMediaConverter
2008-05-18 20:59 . 2008-05-18 20:59 <REP> d-------- C:\VundoFix Backups
2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\WINDOWS\Applian FLV Player
2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\Program Files\FLV Player
2008-05-18 15:44 . 2008-05-18 15:47 <REP> d-------- C:\Documents and Settings\Administrateur\dwhelper
2008-05-17 12:48 . 2008-05-17 12:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ItsLabel
2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-16 21:21 . 2008-05-22 12:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla
2008-05-16 17:51 . 2008-05-16 17:51 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 17:13 . 2008-05-22 10:29 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-16 17:12 . 2008-05-17 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\srchasst
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-16 11:12 . 2008-05-16 11:12 12 --a------ C:\WINDOWS\system32\2c29931d
2008-05-16 10:09 . 2008-05-16 10:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-16 09:37 . 2008-05-16 09:39 <REP> d-------- C:\Program Files\QuickTime
2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\Avira
2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-16 09:13 . 2008-05-16 09:17 <REP> d-------- C:\fixwareout
2008-05-16 09:04 . 2008-05-16 09:04 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 21:12 . 2008-05-15 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-15 12:05 . 2008-05-15 17:31 210 --a------ C:\WINDOWS\system32\ncymddlj.tmp
2008-05-15 10:47 . 2008-05-15 10:47 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-12 11:52 . 2008-05-12 11:52 1,505,043 ---hs---- C:\WINDOWS\system32\pnqyisxo.tmp
2008-05-07 14:53 . 2008-05-07 14:53 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-05-07 14:52 . 2008-05-07 14:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-05-07 14:52 . 2008-05-07 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Propellerhead Software
2008-05-07 14:50 . 2008-05-07 14:50 <REP> d-------- C:\Program Files\Propellerhead
2008-05-07 12:32 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-07 09:41 . 2008-05-07 09:41 <REP> d-------- C:\Program Files\M-Audio
2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Native Instruments
2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-05-06 20:49 . 2008-05-06 21:00 1,480 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-05-06 15:53 . 2008-05-09 00:50 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 16:34 . 2008-05-06 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-05 16:26 . 2008-05-22 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-05 16:24 . 2008-05-05 16:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-05-05 16:07 . 2008-05-05 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-05 16:06 . 2008-05-05 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-03 16:58 . 2008-05-03 16:58 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-30 15:05 . 2008-04-30 15:05 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-30 15:03 . 2008-04-30 15:03 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\system32\msvcsv60.dll
2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\msocreg32.dat
2008-04-29 16:11 . 2008-04-29 16:11 <REP> d-------- C:\Program Files\IK Multimedia
2008-04-29 15:39 . 2008-04-29 15:40 <REP> d-------- C:\Program Files\Waves
2008-04-29 14:25 . 2008-04-29 14:25 3,693,554 --a------ C:\WINDOWS\system32\TmpA1392546
2008-04-29 13:52 . 2008-04-29 13:52 3,693,554 --a------ C:\WINDOWS\system32\TmpA13018890
2008-04-29 10:51 . 2008-04-29 10:51 3,693,554 --a------ C:\WINDOWS\system32\TmpA2175078
2008-04-29 10:14 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-29 10:14 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-29 10:14 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:16 . 2008-04-30 19:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Preferences
2008-04-28 13:16 . 2008-04-28 13:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves
2008-04-28 13:14 . 2008-04-28 13:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Audio
2008-04-28 08:56 . 2008-04-28 08:56 34 --a------ C:\WINDOWS\Blink.ini
2008-04-25 09:47 . 2008-05-17 12:48 51 --a------ C:\WINDOWS\CDEDJECT.INI
2008-04-25 09:46 . 2008-04-25 09:46 <REP> d-------- C:\Program Files\HotKey CD-Eject
2008-04-25 09:37 . 2008-04-25 09:37 <REP> d-------- C:\Program Files\Antares Audio Technologies
2008-04-24 20:13 . 2008-04-24 20:13 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-24 15:15 . 2008-04-24 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iZotope
2008-04-24 15:11 . 2008-05-06 23:29 <REP> d-------- C:\Program Files\iZotope
2008-04-24 15:11 . 2008-04-24 15:11 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2008-04-24 10:57 . 2008-04-24 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-24 10:31 . 2008-04-24 10:31 <REP> d-------- C:\Program Files\Nero
2008-04-24 10:31 . 2008-04-24 10:57 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-23 20:38 . 2008-04-23 20:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\WinAmp Control
2008-04-23 20:20 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\bubbles.scr
2008-04-23 16:36 . 2008-04-23 16:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-04-23 16:35 . 2008-04-23 16:35 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-23 10:44 . 2008-05-15 21:30 <REP> d-------- C:\Program Files\iColorFolder
2008-04-23 09:42 . 2006-02-16 03:07 43,904 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Google
2008-04-22 14:57 . 2008-04-22 14:57 <REP> d-------- C:\Program Files\Microsoft Works
2008-04-22 14:54 . 2008-04-22 14:54 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-04-22 14:54 . 2008-04-22 14:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-22 14:53 . 2008-04-22 14:53 <REP> dr-h----- C:\MSOCache
2008-04-22 14:40 . 2008-05-22 11:54 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-22 14:40 . 2008-04-22 14:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2008-04-22 14:40 . 2008-04-22 14:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-04-22 08:18 . 2008-04-22 08:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
2008-04-22 08:17 . 2008-04-22 08:17 <REP> d-------- C:\Program Files\RocketDock
2008-04-22 08:06 . 2008-04-22 08:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\HP
2008-04-22 08:04 . 2008-04-22 08:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-22 08:01 . 2008-04-22 08:01 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-04-22 08:01 . 2008-04-22 08:02 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-04-22 08:01 . 2008-04-22 08:01 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-04-22 08:00 . 2006-06-27 09:58 876,544 -ra------ C:\WINDOWS\system32\hpwwiax1.dll
2008-04-22 08:00 . 2006-04-02 09:41 835,072 -ra------ C:\WINDOWS\system32\hpwtiop1.dll
2008-04-22 08:00 . 2006-03-20 02:48 286,720 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-04-22 08:00 . 2005-08-26 03:19 258,122 -ra------ C:\WINDOWS\system32\hpovst09.dll
2008-04-22 08:00 . 2005-10-12 04:20 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-04-22 08:00 . 2006-07-03 11:54 38,400 --a------ C:\WINDOWS\system32\hpz3l4sa.dll
2008-04-22 08:00 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-04-22 08:00 . 2008-04-22 08:00 156 --a------ C:\WINDOWS\system32\AddPort.ini
2008-04-22 07:59 . 2008-04-22 08:00 <REP> d-------- C:\TEMP
2008-04-22 07:59 . 2008-04-22 08:00 831 --a------ C:\WINDOWS\hpntwksetup.ini
2008-04-22 07:58 . 2008-04-22 07:58 <REP> d-------- C:\WINDOWS\carrier
2008-04-22 07:51 . 2008-04-22 08:06 153,353 --a------ C:\WINDOWS\hpwins05.dat
2008-04-22 03:27 . 2008-04-22 03:27 <REP> d-------- C:\Program Files\Alwil Software
2008-04-22 03:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-22 03:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-22 03:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-22 03:26 . 2008-04-22 08:02 <REP> d-------- C:\Program Files\HP
2008-04-22 03:01 . 2008-04-22 03:01 <REP> d-------- C:\Program Files\Winamp
2008-04-22 03:01 . 2008-05-06 20:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Winamp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-05-16 09:44 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
2008-05-15 09:30 208,896 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-04-29 11:52 --------- d-----w C:\Program Files\IrfanView
2008-04-22 00:55 --------- d-----w C:\Program Files\uTorrent
2008-04-22 00:27 --------- d-----w C:\Program Files\iLok
2008-04-21 22:56 --------- d-----w C:\Program Files\Intel
2008-04-21 22:43 --------- d-----w C:\Program Files\Java
2008-04-21 22:43 --------- d-----w C:\Program Files\Foxit
2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-21 22:42 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-04-21 22:41 --------- d-----w C:\Program Files\Services en ligne
2008-04-21 22:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-15 18:46 270,336 ----a-w C:\WINDOWS\system32\DigiPlatformSupport.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-16_11.23.33.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-18 14:03:29 473,600 ----a-w C:\WINDOWS\Applian FLV Player\uninstall.exe
- 2008-05-16 09:21:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 12:56:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 10:08:38 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
+ 2008-05-19 10:08:25 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-05-19 09:27:20 34,308 ----a-w C:\WINDOWS\system32\bassmod.dll
+ 1998-07-12 19:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
- 2008-04-23 14:20:42 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_59E52B1134BCBE10AFBB4D22AB2D85F4ADED304A\iLokDrvr.sys
+ 2008-05-16 09:44:17 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_59E52B1134BCBE10AFBB4D22AB2D85F4ADED304A\iLokDrvr.sys
- 2008-05-06 07:21:39 1,484,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-22 12:56:34 1,484,496 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-02-20 13:34:06 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
+ 2005-08-27 11:38:58 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
- 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-02-20 14:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-02-20 14:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 1998-07-12 23:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
- 2004-08-19 14:09:36 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 19:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 1998-07-13 00:00:00 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL
+ 2000-10-01 19:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 2000-07-15 05:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36b37c03-cf0e-4760-8a61-5e93d1c5e53b}]
2008-05-22 11:33 135680 --a------ C:\WINDOWS\system32\lnhyxrji.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-19 16:09 101888 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
"VIDC.YV12"= yv12vfw.dll
"midi1"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 21:50]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 01:16]
R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 01:15]
R3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-05-16 11:44]
R3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-22 18:01]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-16 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 14:57:10
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\icon_snow.png 3223 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-22 14:59:09 - machine was rebooted [Administrateur]
ComboFix-quarantined-files.txt 2008-05-22 12:58:44
Pre-Run: 59,177,263,104 octets libres
Post-Run: 59,256,795,136 octets libres
352
Re,
Télécharge MSNFix.zip (!aur3n7) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Répondre à Angeldark
Bon, la bonne nouvelle, c'est que mon ordi ne reste pas insensible à tes traitements, ce qui est déjà pas mal. Il trouve des choses j'ai l'impression.
Merci encore, c'est très cool de m'aider avec mon microbe.
MSNFix 1.717
C:\Documents and Settings\Administrateur\Bureau\MSNFix
Fix exécuté le 22/05/2008 - 16:11:27,28 By Administrateur
mode normal
************************ Recherche les fichiers présents
... C:\??????.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\??????.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22052008_16160167.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
Important : http://msnfix.changelog.fr/index.p [...] /32-alerte
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Re,
On continue 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
ça a pris un peu de temps, mais tu dois déjà être au courant que ce test là est long j'imagine...
Voici le rapport :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 777
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 168550
Temps écoulé: 4 hour(s), 54 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Refais un scan Combofix
Répondre à Angeldark
Le rapport de ComboFix:
ComboFix 08-05-21.2 - Administrateur 2008-05-23 11:06:10.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2583 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\msvcsv60.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.
2008-05-23 09:54 . 2008-05-23 09:54 <REP> d-------- C:\WINDOWS\LastGood
2008-05-23 09:54 . 2008-05-23 09:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-22 17:02 . 2008-05-22 17:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-05-22 17:01 . 2008-05-22 17:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 17:01 . 2008-05-22 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-22 17:01 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-22 17:01 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 16:17 . 2007-10-25 18:43 8,516,608 --a------ C:\WINDOWS\system32\SETCA.tmp
2008-05-22 16:17 . 2007-10-25 18:43 8,516,608 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2008-05-22 16:17 . 2007-07-09 15:19 582,656 --a------ C:\WINDOWS\system32\SETA3.tmp
2008-05-22 16:17 . 2007-07-09 15:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-22 11:33 . 2008-05-22 11:33 135,680 --a------ C:\WINDOWS\system32\lnhyxrji.dll
2008-05-21 15:49 . 2008-05-21 15:49 134,144 --a------ C:\WINDOWS\system32\rlqxqedy.dll
2008-05-21 10:58 . 2008-05-21 10:58 134,144 --a------ C:\WINDOWS\system32\cvmojeqp.dll
2008-05-21 09:57 . 2008-05-22 11:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 09:57 . 2008-05-21 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-19 12:08 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-19 12:08 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-19 12:04 . 2008-05-19 12:04 <REP> d-------- C:\Program Files\MagicISO
2008-05-19 11:27 . 2008-05-19 11:33 <REP> d-------- C:\Program Files\Ultra Video To Flash Converter
2008-05-19 11:27 . 2004-02-22 16:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-05-19 11:27 . 2006-12-31 10:16 313,344 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-19 11:16 . 2008-05-19 11:30 <REP> d-------- C:\Program Files\Total Video Converter
2008-05-19 11:00 . 2008-05-19 11:02 270 --a------ C:\WINDOWS\system32\temp_0000_65-20.aok
2008-05-19 10:57 . 2008-05-19 10:57 117 --a------ C:\WINDOWS\system32\test.aok
2008-05-19 10:36 . 2008-05-19 10:46 <REP> d-------- C:\Program Files\QuickMediaConverter
2008-05-18 20:59 . 2008-05-18 20:59 <REP> d-------- C:\VundoFix Backups
2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\WINDOWS\Applian FLV Player
2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\Program Files\FLV Player
2008-05-18 15:44 . 2008-05-18 15:47 <REP> d-------- C:\Documents and Settings\Administrateur\dwhelper
2008-05-17 12:48 . 2008-05-17 12:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ItsLabel
2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-16 21:21 . 2008-05-23 10:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla
2008-05-16 17:51 . 2008-05-16 17:51 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 17:13 . 2008-05-23 10:34 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-16 17:12 . 2008-05-17 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\srchasst
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-16 11:12 . 2008-05-16 11:12 12 --a------ C:\WINDOWS\system32\2c29931d
2008-05-16 10:09 . 2008-05-16 10:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-16 09:37 . 2008-05-16 09:39 <REP> d-------- C:\Program Files\QuickTime
2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\Avira
2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-16 09:13 . 2008-05-16 09:17 <REP> d-------- C:\fixwareout
2008-05-16 09:04 . 2008-05-16 09:04 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 21:12 . 2008-05-15 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-15 12:05 . 2008-05-15 17:31 210 --a------ C:\WINDOWS\system32\ncymddlj.tmp
2008-05-15 10:47 . 2008-05-15 10:47 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-12 11:52 . 2008-05-12 11:52 1,505,043 ---hs---- C:\WINDOWS\system32\pnqyisxo.tmp
2008-05-07 14:53 . 2008-05-07 14:53 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-05-07 14:52 . 2008-05-07 14:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-05-07 14:52 . 2008-05-07 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Propellerhead Software
2008-05-07 14:50 . 2008-05-07 14:50 <REP> d-------- C:\Program Files\Propellerhead
2008-05-07 12:32 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-07 09:41 . 2008-05-07 09:41 <REP> d-------- C:\Program Files\M-Audio
2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Native Instruments
2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-05-06 20:49 . 2008-05-06 21:00 1,480 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-05-06 15:53 . 2008-05-09 00:50 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 16:34 . 2008-05-06 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-05 16:26 . 2008-05-22 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-05 16:24 . 2008-05-05 16:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-05-05 16:07 . 2008-05-05 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-05 16:06 . 2008-05-05 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-03 16:58 . 2008-05-03 16:58 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-30 15:05 . 2008-04-30 15:05 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-30 15:03 . 2008-04-30 15:03 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\msocreg32.dat
2008-04-29 16:11 . 2008-04-29 16:11 <REP> d-------- C:\Program Files\IK Multimedia
2008-04-29 15:39 . 2008-04-29 15:40 <REP> d-------- C:\Program Files\Waves
2008-04-29 14:25 . 2008-04-29 14:25 3,693,554 --a------ C:\WINDOWS\system32\TmpA1392546
2008-04-29 13:52 . 2008-04-29 13:52 3,693,554 --a------ C:\WINDOWS\system32\TmpA13018890
2008-04-29 10:51 . 2008-04-29 10:51 3,693,554 --a------ C:\WINDOWS\system32\TmpA2175078
2008-04-29 10:14 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-29 10:14 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.MSNFix
2008-04-29 10:14 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:16 . 2008-04-30 19:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Preferences
2008-04-28 13:16 . 2008-04-28 13:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves
2008-04-28 13:14 . 2008-04-28 13:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Audio
2008-04-28 08:56 . 2008-04-28 08:56 34 --a------ C:\WINDOWS\Blink.ini
2008-04-25 09:47 . 2008-05-17 12:48 51 --a------ C:\WINDOWS\CDEDJECT.INI
2008-04-25 09:46 . 2008-04-25 09:46 <REP> d-------- C:\Program Files\HotKey CD-Eject
2008-04-25 09:37 . 2008-04-25 09:37 <REP> d-------- C:\Program Files\Antares Audio Technologies
2008-04-24 20:13 . 2008-04-24 20:13 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-24 15:15 . 2008-04-24 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iZotope
2008-04-24 15:11 . 2008-05-06 23:29 <REP> d-------- C:\Program Files\iZotope
2008-04-24 15:11 . 2008-04-24 15:11 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2008-04-24 10:57 . 2008-04-24 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-24 10:31 . 2008-04-24 10:31 <REP> d-------- C:\Program Files\Nero
2008-04-24 10:31 . 2008-04-24 10:57 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-23 20:38 . 2008-04-23 20:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\WinAmp Control
2008-04-23 20:20 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\bubbles.scr
2008-04-23 16:36 . 2008-04-23 16:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-04-23 16:35 . 2008-04-23 16:35 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-23 10:44 . 2008-05-15 21:30 <REP> d-------- C:\Program Files\iColorFolder
2008-04-23 09:42 . 2006-02-16 03:07 43,904 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 08:50 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-23 08:19 1,083 ----a-w C:\WINDOWS\Fonts\LTe50150.pfm
2008-05-21 14:14 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Digidesign
2008-05-19 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-05-16 09:44 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
2008-05-15 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 09:30 208,896 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-05-07 07:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 18:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp
2008-05-05 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-29 11:52 --------- d-----w C:\Program Files\IrfanView
2008-04-23 13:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-04-22 16:01 --------- d-----w C:\Program Files\Google
2008-04-22 12:57 --------- d-----w C:\Program Files\Microsoft Works
2008-04-22 12:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-22 12:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2008-04-22 12:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-04-22 06:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
2008-04-22 06:17 --------- d-----w C:\Program Files\RocketDock
2008-04-22 06:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HP
2008-04-22 06:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-04-22 06:02 --------- d-----w C:\Program Files\HP
2008-04-22 06:02 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-04-22 06:01 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-22 06:01 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-04-22 01:27 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 01:01 --------- d-----w C:\Program Files\Winamp
2008-04-22 00:55 --------- d-----w C:\Program Files\uTorrent
2008-04-22 00:27 --------- d-----w C:\Program Files\iLok
2008-04-21 23:34 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy
2008-04-21 23:34 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-04-21 23:34 --------- d-----w C:\Program Files\Bonjour
2008-04-21 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-04-21 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-21 23:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PACE Anti-Piracy
2008-04-21 23:26 --------- d-----w C:\Program Files\InterLok
2008-04-21 23:24 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2008-04-21 23:24 --------- d-----w C:\Program Files\Digidesign
2008-04-21 23:21 --------- d-----w C:\Program Files\Fichiers communs\LogiShared
2008-04-21 23:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Logitech
2008-04-21 23:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-21 23:19 --------- d-----w C:\Program Files\Logitech
2008-04-21 23:19 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-04-21 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-21 23:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-04-21 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-21 23:14 --------- d-----w C:\Program Files\My Company Name
2008-04-21 23:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-21 23:10 --------- d-----w C:\Program Files\ASUS
2008-04-21 23:08 --------- d-----w C:\Program Files\Marvell
2008-04-21 23:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\TMP
2008-04-21 23:03 --------- d-----w C:\Program Files\Analog Devices
2008-04-21 22:56 --------- d-----w C:\Program Files\Intel
2008-04-21 22:43 --------- d-----w C:\Program Files\Java
2008-04-21 22:43 --------- d-----w C:\Program Files\Foxit
2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-21 22:42 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-04-21 22:41 --------- d-----w C:\Program Files\Services en ligne
2008-04-21 22:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-15 18:46 270,336 ----a-w C:\WINDOWS\system32\DigiPlatformSupport.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 08:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-20 07:56 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 07:56 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-16_11.23.33.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-18 14:03:29 473,600 ----a-w C:\WINDOWS\Applian FLV Player\uninstall.exe
- 2008-05-16 09:21:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 07:52:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-09-09 15:02:04 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-29 09:59:14 318,976 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2008-05-19 10:08:38 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
+ 2008-05-19 10:08:25 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-05-19 09:27:20 34,308 ----a-w C:\WINDOWS\system32\bassmod.dll
- 2007-09-09 15:00:46 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 1998-07-12 19:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
- 2007-09-09 15:00:47 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:31:57 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 09:31:57 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 09:31:58 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-02-20 05:20:23 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-16 09:31:58 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 09:31:58 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 09:31:58 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-20 06:52:42 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-15 09:07:53 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-16 09:31:58 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-21 06:25:34 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-02-16 09:31:58 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-12-18 14:41:58 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-02-16 09:31:58 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-11-07 09:50:06 733,696 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-07-06 10:05:47 72,960 ------w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 12:50:47 138,240 ------w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:50:47 47,104 ------w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:50:47 16,896 ------w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:50:47 660,992 ------w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:50:47 177,152 ------w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:50:47 95,744 ------w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:50:47 48,640 ------w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:50:47 527,360 ------w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-02-16 09:31:59 3,087,872 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 09:31:59 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-02-16 09:31:59 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-02-16 09:31:59 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2007-12-04 18:41:36 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2008-02-16 09:31:59 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:36:31 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-02-16 09:32:00 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 09:32:00 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-10-30 16:53:32 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-02-16 09:32:00 620,544 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-02-16 09:32:00 670,208 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-25 07:28:30 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-03 20:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-03 21:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2007-09-09 14:59:50 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2007-09-09 15:00:08 360,704 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2008-04-23 14:20:42 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_59E52B1134BCBE10AFBB4D22AB2D85F4ADED304A\iLokDrvr.sys
+ 2008-05-16 09:44:17 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_59E52B1134BCBE10AFBB4D22AB2D85F4ADED304A\iLokDrvr.sys
- 2007-09-09 15:00:47 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-09-09 15:00:48 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-09-09 15:00:48 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-05-06 07:21:39 1,484,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-22 12:56:34 1,484,496 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-09-09 15:00:48 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-09-09 14:58:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:25:34 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-09-09 15:00:49 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-09-09 15:00:49 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-09 14:59:01 733,184 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:50:06 733,696 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-02-20 13:34:06 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
+ 2005-08-27 11:38:58 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
- 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-02-20 14:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-02-20 14:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2004-08-19 14:09:32 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:50:47 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-19 14:09:32 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:50:47 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-19 14:09:32 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:50:47 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-19 14:09:32 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:50:47 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-19 14:09:32 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:50:47 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-19 14:09:32 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:50:47 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-19 14:09:34 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:50:47 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-19 14:09:34 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:50:47 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 1998-07-12 23:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
- 2004-08-19 14:09:34 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-19 14:09:34 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-09-09 15:00:52 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-19 14:09:34 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 09:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-19 14:09:34 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-19 14:09:34 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-19 14:09:34 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-09-09 15:00:53 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-19 14:09:34 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-19 14:09:34 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-19 14:09:34 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-19 14:09:36 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-09-09 15:00:53 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-19 14:09:36 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 19:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
- 2007-09-09 14:59:23 838,360 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-19 14:09:36 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2007-09-09 14:59:38 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:41:36 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 1998-07-13 00:00:00 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL
- 2007-09-09 15:00:53 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-09-09 14:59:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2000-10-01 19:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 2000-07-15 05:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
- 2007-09-09 15:02:06 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36b37c03-cf0e-4760-8a61-5e93d1c5e53b}]
2008-05-22 11:33 135680 --a------ C:\WINDOWS\system32\lnhyxrji.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-19 16:09 101888 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Barre lat‚rale Google Desktop.lnk - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-22 18:01:16 29744]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-22 01:19:35 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
"VIDC.YV12"= yv12vfw.dll
"midi1"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 21:50]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 01:16]
R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 01:15]
R3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-05-16 11:44]
R3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-22 18:01]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 11:07:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-23 11:07:59
ComboFix-quarantined-files.txt 2008-05-23 09:07:57
ComboFix2.txt 2008-05-22 12:59:10
Pre-Run: 59,137,875,968 octets libres
Post-Run: 59,134,160,896 octets libres
466 --- E O F --- 2008-05-23 07:56:29
T'as une idée de ce que c'est que ce microbe? vu les tests que tu me fais faire, j'pense que oui, mais je demande, z'au cas z'ou?!
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
J'ai bien mis le CFScript.txt dans ComboFix, mais il ne m'a pas demandé de choisir une option, il a fait son scan tout seul. Et il ne m'a pas demandé de redémarrer, mais j'ai rebooté qd mm.
Voici les rapports:
ComboFix 08-05-21.2 - Administrateur 2008-05-23 13:00:36.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2767 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\system32\cvmojeqp.dll
C:\WINDOWS\system32\lnhyxrji.dll
C:\WINDOWS\system32\ncymddlj.tmp
C:\WINDOWS\system32\pnqyisxo.tmp
C:\WINDOWS\system32\rlqxqedy.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\cvmojeqp.dll
C:\WINDOWS\system32\lnhyxrji.dll
C:\WINDOWS\system32\ncymddlj.tmp
C:\WINDOWS\system32\pnqyisxo.tmp
C:\WINDOWS\system32\rlqxqedy.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.
2008-05-23 12:52 . 2008-05-23 12:52 823,296 --a------ C:\WINDOWS\isRS-000.tmp
2008-05-23 12:52 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\is-QC62H.tmp
2008-05-23 09:54 . 2008-05-23 09:54 <REP> d-------- C:\WINDOWS\LastGood
2008-05-23 09:54 . 2008-05-23 09:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-22 17:02 . 2008-05-22 17:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-05-22 17:01 . 2008-05-22 17:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 17:01 . 2008-05-22 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-22 17:01 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-22 17:01 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 16:17 . 2007-10-25 18:43 8,516,608 --a------ C:\WINDOWS\system32\SETCA.tmp
2008-05-22 16:17 . 2007-10-25 18:43 8,516,608 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2008-05-22 16:17 . 2007-07-09 15:19 582,656 --a------ C:\WINDOWS\system32\SETA3.tmp
2008-05-22 16:17 . 2007-07-09 15:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-21 09:57 . 2008-05-23 12:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 09:57 . 2008-05-21 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-19 12:08 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-19 12:08 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-19 12:04 . 2008-05-19 12:04 <REP> d-------- C:\Program Files\MagicISO
2008-05-19 11:27 . 2008-05-23 12:18 <REP> d-------- C:\Program Files\Ultra Video To Flash Converter
2008-05-19 11:16 . 2008-05-19 11:30 <REP> d-------- C:\Program Files\Total Video Converter
2008-05-19 11:00 . 2008-05-19 11:02 270 --a------ C:\WINDOWS\system32\temp_0000_65-20.aok
2008-05-19 10:57 . 2008-05-19 10:57 117 --a------ C:\WINDOWS\system32\test.aok
2008-05-19 10:36 . 2008-05-19 10:46 <REP> d-------- C:\Program Files\QuickMediaConverter
2008-05-18 20:59 . 2008-05-18 20:59 <REP> d-------- C:\VundoFix Backups
2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\WINDOWS\Applian FLV Player
2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\Program Files\FLV Player
2008-05-18 15:44 . 2008-05-18 15:47 <REP> d-------- C:\Documents and Settings\Administrateur\dwhelper
2008-05-17 12:48 . 2008-05-17 12:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ItsLabel
2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-16 21:21 . 2008-05-23 12:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla
2008-05-16 17:51 . 2008-05-16 17:51 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 17:13 . 2008-05-23 10:34 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-16 17:12 . 2008-05-17 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\srchasst
2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-16 11:12 . 2008-05-16 11:12 12 --a------ C:\WINDOWS\system32\2c29931d
2008-05-16 10:09 . 2008-05-16 10:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-16 09:37 . 2008-05-16 09:39 <REP> d-------- C:\Program Files\QuickTime
2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\Avira
2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-16 09:13 . 2008-05-16 09:17 <REP> d-------- C:\fixwareout
2008-05-16 09:04 . 2008-05-16 09:04 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 21:12 . 2008-05-15 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-15 10:47 . 2008-05-15 10:47 <REP> d-------- C:\Program Files\Enigma Software Group
2008-05-07 14:53 . 2008-05-07 14:53 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-05-07 14:52 . 2008-05-07 14:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-05-07 14:52 . 2008-05-07 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Propellerhead Software
2008-05-07 14:50 . 2008-05-07 14:50 <REP> d-------- C:\Program Files\Propellerhead
2008-05-07 12:32 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-07 09:41 . 2008-05-07 09:41 <REP> d-------- C:\Program Files\M-Audio
2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Native Instruments
2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-05-06 20:49 . 2008-05-06 21:00 1,480 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-05-06 15:53 . 2008-05-09 00:50 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 16:34 . 2008-05-06 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-05 16:26 . 2008-05-23 12:45 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-05 16:24 . 2008-05-05 16:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-05-05 16:07 . 2008-05-05 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-05 16:06 . 2008-05-05 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-03 16:58 . 2008-05-03 16:58 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-30 15:05 . 2008-04-30 15:05 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-30 15:03 . 2008-04-30 15:03 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\msocreg32.dat
2008-04-29 16:11 . 2008-04-29 16:11 <REP> d-------- C:\Program Files\IK Multimedia
2008-04-29 15:39 . 2008-04-29 15:40 <REP> d-------- C:\Program Files\Waves
2008-04-29 14:25 . 2008-04-29 14:25 3,693,554 --a------ C:\WINDOWS\system32\TmpA1392546
2008-04-29 13:52 . 2008-04-29 13:52 3,693,554 --a------ C:\WINDOWS\system32\TmpA13018890
2008-04-29 10:51 . 2008-04-29 10:51 3,693,554 --a------ C:\WINDOWS\system32\TmpA2175078
2008-04-29 10:14 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-29 10:14 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.MSNFix
2008-04-29 10:14 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-28 13:16 . 2008-04-30 19:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Preferences
2008-04-28 13:16 . 2008-04-28 13:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves
2008-04-28 13:14 . 2008-04-28 13:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Audio
2008-04-28 08:56 . 2008-04-28 08:56 34 --a------ C:\WINDOWS\Blink.ini
2008-04-25 09:47 . 2008-05-23 12:32 51 --a------ C:\WINDOWS\CDEDJECT.INI
2008-04-25 09:46 . 2008-04-25 09:46 <REP> d-------- C:\Program Files\HotKey CD-Eject
2008-04-25 09:37 . 2008-04-25 09:37 <REP> d-------- C:\Program Files\Antares Audio Technologies
2008-04-24 20:13 . 2008-04-24 20:13 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-24 15:15 . 2008-04-24 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iZotope
2008-04-24 15:11 . 2008-05-06 23:29 <REP> d-------- C:\Program Files\iZotope
2008-04-24 15:11 . 2008-04-24 15:11 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2008-04-24 10:57 . 2008-04-24 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-24 10:31 . 2008-04-24 10:31 <REP> d-------- C:\Program Files\Nero
2008-04-24 10:31 . 2008-04-24 10:57 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-23 20:38 . 2008-04-23 20:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\WinAmp Control
2008-04-23 20:20 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\bubbles.scr
2008-04-23 16:36 . 2008-04-23 16:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-04-23 16:35 . 2008-05-23 12:52 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-23 10:44 . 2008-05-15 21:30 <REP> d-------- C:\Program Files\iColorFolder
2008-04-23 09:42 . 2006-02-16 03:07 43,904 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 10:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-05-23 10:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-23 08:19 1,083 ----a-w C:\WINDOWS\Fonts\LTe50150.pfm
2008-05-21 14:14 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Digidesign
2008-05-16 09:44 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
2008-05-15 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 09:30 208,896 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-05-07 07:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 18:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp
2008-05-05 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-29 11:52 --------- d-----w C:\Program Files\IrfanView
2008-04-23 13:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-04-22 16:01 --------- d-----w C:\Program Files\Google
2008-04-22 12:57 --------- d-----w C:\Program Files\Microsoft Works
2008-04-22 12:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-22 12:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2008-04-22 12:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-04-22 06:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
2008-04-22 06:17 --------- d-----w C:\Program Files\RocketDock
2008-04-22 06:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HP
2008-04-22 06:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-04-22 06:02 --------- d-----w C:\Program Files\HP
2008-04-22 06:02 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-04-22 06:01 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-22 06:01 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-04-22 01:27 --------- d-----w C:\Program Files\Alwil Software
2008-04-22 01:01 --------- d-----w C:\Program Files\Winamp
2008-04-22 00:55 --------- d-----w C:\Program Files\uTorrent
2008-04-22 00:27 --------- d-----w C:\Program Files\iLok
2008-04-21 23:34 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy
2008-04-21 23:34 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-04-21 23:34 --------- d-----w C:\Program Files\Bonjour
2008-04-21 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-04-21 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-21 23:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PACE Anti-Piracy
2008-04-21 23:26 --------- d-----w C:\Program Files\InterLok
2008-04-21 23:24 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
2008-04-21 23:24 --------- d-----w C:\Program Files\Digidesign
2008-04-21 23:21 --------- d-----w C:\Program Files\Fichiers communs\LogiShared
2008-04-21 23:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Logitech
2008-04-21 23:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-21 23:19 --------- d-----w C:\Program Files\Logitech
2008-04-21 23:19 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-04-21 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-21 23:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-04-21 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-21 23:14 --------- d-----w C:\Program Files\My Company Name
2008-04-21 23:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-21 23:10 --------- d-----w C:\Program Files\ASUS
2008-04-21 23:08 --------- d-----w C:\Program Files\Marvell
2008-04-21 23:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\TMP
2008-04-21 23:03 --------- d-----w C:\Program Files\Analog Devices
2008-04-21 22:56 --------- d-----w C:\Program Files\Intel
2008-04-21 22:43 --------- d-----w C:\Program Files\Java
2008-04-21 22:43 --------- d-----w C:\Program Files\Foxit
2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-21 22:42 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-04-21 22:41 --------- d-----w C:\Program Files\Services en ligne
2008-04-21 22:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-15 18:46 270,336 ----a-w C:\WINDOWS\system32\DigiPlatformSupport.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 08:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-20 07:56 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 07:56 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
"Hot CD Eject"="C:\Program Files\HotKey CD-Eject\Cdeject.exe" [2002-04-02 08:35 385536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-19 16:09 101888 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Barre lat‚rale Google Desktop.lnk - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-22 18:01:16 29744]
HotKey CD Eject.lnk - C:\Program Files\HotKey CD-Eject\Cdeject.exe [2002-04-02 08:35:04 385536]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-22 01:19:35 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
"VIDC.YV12"= yv12vfw.dll
"midi1"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 21:50]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 01:16]
R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 01:15]
R3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-05-16 11:44]
R3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-22 18:01]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 13:00:59
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-23 13:01:12
ComboFix-quarantined-files.txt 2008-05-23 11:01:11
ComboFix2.txt 2008-05-23 09:08:00
ComboFix3.txt 2008-05-22 12:59:10
Pre-Run: 59,132,575,744 octets libres
Post-Run: 59,125,268,480 octets libres
304 --- E O F --- 2008-05-23 07:56:29
Et HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:43, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HotKey CD-Eject\Cdeject.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Hot CD Eject] C:\Program Files\HotKey CD-Eject\Cdeject.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Barre latérale Google Desktop.lnk = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg
--
End of file - 7230 bytes
Ton pc se comporte mieux ?
Répondre à Angeldark
ça m'a l'air pas mal, je l'utilise cet APM, et je te confirme ce soir... En tout cas, je te dis dès à présent, MERCI BEAUCOUP!!
Atte'!
Avira Antivir m'a encore sonné 2 fois dans l'APM pour des fichiers infectés par Crypt/xpack.gen. Ces fichiers ont des nom dont on dirait que se sont à chaque fois des suites aléatoires de chiffres et de lettres, mais à chaque fois du même nombre de caractères. Je ne sais pas si ça peut aider, mais comme j'ai remarqué ça, je te le dis...
David.
Tu as l'emplacement ?
Répondre à Angeldark
Bien écoute, après ce WE pendant lequel je ne me suis pas servi de l'ordi, plus aucun message d'Avira Antivir depuis ce matin...
A priori ça a l'air d'avoir disparu.
Merci beaucoup, c'est génial de retrouver un ordi qui marche comme il faut... je ne crie pas victoire parce que je n'ai strictement rien fait depuis le dernier message d'Antivir donc, c'est pour le moins étrange.
En tout cas, toutes mes félicitations et mes remerciements pour cette remise en forme express.
De rien 
Répondre à Angeldark
Bon, ben tout à l'air de fonctionner normalement et plus aucune alerte.
Petite question bonus, est-ce qu'il y a un utilitaire pour désinstaller les softs que tu m'as fais installer par hasard?
Oui : ToolsCleaner
Répondre à Angeldark
Il y a 1050 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
