Infecté par le nouveau virus à la mode.
Dernière réponse : dans Sécurité
Bonjour,
Voilà tout est dans le titre. Depuis cette après-midi je suis infecté et malheureusement pour moi ca m'empêche de travailler efficacement sur mon ordinateur alors que je dois terminer mon travail de fin d'année d'ici vendredi.
En résumé les symptômes sont ceux-ci :
- Gestionnaire des tâches désactivé
- Une bulle windows qui me répète sans cesse que je suis infecté et que pour parer à cela je dois installer un semblant de faux antivirus. (Windows security center)
- J'ai beau passé mon ordi sour avast, ad-aware, et spybot les virus reviennent sans cesse.
- Sans oublier qu'il désactive la mise à jour automatique de windows.
Je vous poste ci-dessous mon rapport Hijackthis
Merci d'avance de vos réponses![:)]( ":)")
Voilà tout est dans le titre. Depuis cette après-midi je suis infecté et malheureusement pour moi ca m'empêche de travailler efficacement sur mon ordinateur alors que je dois terminer mon travail de fin d'année d'ici vendredi.
En résumé les symptômes sont ceux-ci :
- Gestionnaire des tâches désactivé
- Une bulle windows qui me répète sans cesse que je suis infecté et que pour parer à cela je dois installer un semblant de faux antivirus. (Windows security center)
- J'ai beau passé mon ordi sour avast, ad-aware, et spybot les virus reviennent sans cesse.
- Sans oublier qu'il désactive la mise à jour automatique de windows.
Je vous poste ci-dessous mon rapport Hijackthis
Merci d'avance de vos réponses
Autres pages sur : infecte nouveau virus mode
Lassé par la pub ? Créez un compte
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:35, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Plumy\Bureau\Norton_Removal_Tool.exe
C:\DOCUME~1\Plumy\LOCALS~1\Temp\WZSE0.TMP\symnrt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ehnavlbu.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5017] command /c del "C:\WINDOWS\system32\rqRIcdBU.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7827] cmd /c del "C:\WINDOWS\system32\rqRIcdBU.dll_old"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6212] command /c del "C:\WINDOWS\system32\rqRIcdBU.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD18] cmd /c del "C:\WINDOWS\system32\rqRIcdBU.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13635 bytes
Bonjour,
Télécharge MsnFix (de !aur3n7) sur ton Bureau.
Dézippe le sur ton bureau.
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
Exécute l'option R.
Si l'infection est détectée, presse une touche pour lancer le Nettoyage. (N)
Si tu dois redémarrer l’ordinateur fais le manuellement.
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Note: Si tu obtiens un fichier zip d’upload sur ton bureau, merci de l'envoyer sur http://upload.changelog.fr
Comment Uploader ?
Aide : Comment utiliser MSNFix.
*********
Télécharge ComboFix (de sUBs) sur ton Bureau.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Télécharge MsnFix (de !aur3n7) sur ton Bureau.
Note: Si tu obtiens un fichier zip d’upload sur ton bureau, merci de l'envoyer sur http://upload.changelog.fr
Comment Uploader ?
Aide : Comment utiliser MSNFix.
*********
Télécharge ComboFix (de sUBs) sur ton Bureau.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
MSNFix 1.720-1
C:\Documents and Settings\Plumy\Bureau\MSNFix\MSNFix
Fix exécuté le mar. 10/06/2008 - 10:25:58,01 By Plumy
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\iexplorer.exe
... C:\WINDOWS\svchost32.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\iftuyszv.exe,
.. OK ... C:\WINDOWS\iexplorer.exe
.. OK ... C:\WINDOWS\svchost32.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\iexplorer.exe
.. OK ... C:\WINDOWS\svchost32.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\DOCUME~1\Plumy\LOCALS~1\Temp\uxpatcher.zip] CB5704D5F421968878F6EEA4D4168D90
[C:\DOCUME~1\Plumy\LOCALS~1\Temp\6.0.2900.2180_EN.zip] C8E12A9ECD7B3B5BC4D853463922184F
[C:\DOCUME~1\Plumy\LOCALS~1\Temp\holyhope-holyhope-3-0.zip] 6E7846590E28D0D2DF6DA68DFCFAA742
[C:\DOCUME~1\Plumy\LOCALS~1\Temp\swfdec.zip] C9C19BAEE00111763A5E511F253A4213
==> SVP merci d'envoyer le fichier C:\DOCUME~1\Plumy\Bureau\Upload_Me.zip sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier mar. 10062008_10362498.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-aler...
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
C:\Documents and Settings\Plumy\Bureau\MSNFix\MSNFix
Fix exécuté le mar. 10/06/2008 - 10:25:58,01 By Plumy
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\iexplorer.exe
... C:\WINDOWS\svchost32.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\iftuyszv.exe,
.. OK ... C:\WINDOWS\iexplorer.exe
.. OK ... C:\WINDOWS\svchost32.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\iexplorer.exe
.. OK ... C:\WINDOWS\svchost32.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\DOCUME~1\Plumy\LOCALS~1\Temp\uxpatcher.zip] CB5704D5F421968878F6EEA4D4168D90
[C:\DOCUME~1\Plumy\LOCALS~1\Temp\6.0.2900.2180_EN.zip] C8E12A9ECD7B3B5BC4D853463922184F
[C:\DOCUME~1\Plumy\LOCALS~1\Temp\holyhope-holyhope-3-0.zip] 6E7846590E28D0D2DF6DA68DFCFAA742
[C:\DOCUME~1\Plumy\LOCALS~1\Temp\swfdec.zip] C9C19BAEE00111763A5E511F253A4213
==> SVP merci d'envoyer le fichier C:\DOCUME~1\Plumy\Bureau\Upload_Me.zip sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier mar. 10062008_10362498.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-aler...
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
ComboFix 08-06-09.7 - Plumy 2008-06-10 11:00:25.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1396 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\jQpYayay.ini
C:\WINDOWS\system32\jQpYayay.ini2
C:\WINDOWS\system32\ljJAttUO.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmlfauit.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\UBdcIRqr.ini
C:\WINDOWS\system32\UBdcIRqr.ini2
C:\WINDOWS\system32\ublvanhe.ini
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
.
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-10 02:33 . 2008-06-10 02:33 278,528 --a------ C:\WINDOWS\system32\yayaYpQj.dll
2008-06-09 23:23 . 2008-06-10 02:07 16,896 --a------ C:\WINDOWS\iexplorer.MSNFix
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:26 . 2008-06-09 20:26 31,488 --a------ C:\WINDOWS\svchost32.MSNFix
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\winz
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\vntiho18
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\OBE1
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\kip
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\20541
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\Temp
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 20:10 . 2008-06-09 20:10 87,513 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-05 15:40 . 2008-06-05 15:40 <REP> d--hs---- C:\FOUND.003
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-29 00:47 . 2008-05-29 00:47 <REP> d--hs---- C:\FOUND.002
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-19 16:34 102,400 ----a-w C:\WINDOWS\DUMP6acf.tmp
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 18:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58AA2AAB-E945-49E7-B7A2-672AC85367E7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCAB8B7-EF41-4DEA-BB3B-7152498ADBA7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0A15EEE-28E2-4A55-A22D-DDA48987FCC0}]
C:\WINDOWS\system32\rqRIcdBU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D00A9ABF-E9A5-4289-86FB-63DD3FDAEB98}]
2008-06-10 02:33 278528 --a------ C:\WINDOWS\system32\yayaYpQj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3071c354-d8b2-11dc-a725-00163650ec10}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60eb9a96-d26d-11dc-a71e-00163650ec10}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6955-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 11:19:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc23.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGISHRD\LVMVFM\LVPRCSRV.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-10 11:25:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 09:25:24
Pre-Run: 6,238,994,432 octets libres
Post-Run: 16,918,446,080 octets libres
443 --- E O F --- 2008-05-17 09:25:41
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1396 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\jQpYayay.ini
C:\WINDOWS\system32\jQpYayay.ini2
C:\WINDOWS\system32\ljJAttUO.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmlfauit.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\UBdcIRqr.ini
C:\WINDOWS\system32\UBdcIRqr.ini2
C:\WINDOWS\system32\ublvanhe.ini
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
.
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-10 02:33 . 2008-06-10 02:33 278,528 --a------ C:\WINDOWS\system32\yayaYpQj.dll
2008-06-09 23:23 . 2008-06-10 02:07 16,896 --a------ C:\WINDOWS\iexplorer.MSNFix
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:26 . 2008-06-09 20:26 31,488 --a------ C:\WINDOWS\svchost32.MSNFix
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\winz
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\vntiho18
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\OBE1
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\kip
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\WINDOWS\system32\20541
2008-06-09 20:10 . 2008-06-09 20:10 <REP> d-------- C:\Temp
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 20:10 . 2008-06-09 20:10 87,513 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-05 15:40 . 2008-06-05 15:40 <REP> d--hs---- C:\FOUND.003
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-29 00:47 . 2008-05-29 00:47 <REP> d--hs---- C:\FOUND.002
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-19 16:34 102,400 ----a-w C:\WINDOWS\DUMP6acf.tmp
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 18:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58AA2AAB-E945-49E7-B7A2-672AC85367E7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCAB8B7-EF41-4DEA-BB3B-7152498ADBA7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0A15EEE-28E2-4A55-A22D-DDA48987FCC0}]
C:\WINDOWS\system32\rqRIcdBU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D00A9ABF-E9A5-4289-86FB-63DD3FDAEB98}]
2008-06-10 02:33 278528 --a------ C:\WINDOWS\system32\yayaYpQj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3071c354-d8b2-11dc-a725-00163650ec10}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60eb9a96-d26d-11dc-a71e-00163650ec10}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6955-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 11:19:55
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc23.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRAM FILES\FICHIERS COMMUNS\LOGISHRD\LVMVFM\LVPRCSRV.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-10 11:25:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 09:25:24
Pre-Run: 6,238,994,432 octets libres
Post-Run: 16,918,446,080 octets libres
443 --- E O F --- 2008-05-17 09:25:41
Re,
Ce n'est pas fini.
Sélectionne l'intégralité du cadre ci-dessous :
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
![]()
Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Ce n'est pas fini.
Sélectionne l'intégralité du cadre ci-dessous :
Collect::
C:\WINDOWS\system32\yayaYpQj.dll
C:\WINDOWS\system32\rqRIcdBU.dll
C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc23.tmp
C:\WINDOWS\system32\iftuyszv.exe
C:\Temp
C:\WINDOWS\system32\winz
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\OBE1
C:\WINDOWS\system32\kip
C:\WINDOWS\system32\20541
Driver::
mchInjDrv
File::
C:\WINDOWS\DUMP6acf.tmp
C:\WINDOWS\svchost32.MSNFix
C:\WINDOWS\system32\yayaYpQj.dll
C:\WINDOWS\iexplorer.MSNFix
Folder::
C:\FOUND.002
C:\FOUND.003
C:\Temp
C:\WINDOWS\system32\winz
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\OBE1
C:\WINDOWS\system32\kip
C:\WINDOWS\system32\20541
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58AA2AAB-E945-49E7-B7A2-672AC85367E7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCAB8B7-EF41-4DEA-BB3B-7152498ADBA7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0A15EEE-28E2-4A55-A22D-DDA48987FCC0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D00A9ABF-E9A5-4289-86FB-63DD3FDAEB98}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"320d18a1"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
C:\WINDOWS\system32\yayaYpQj.dll
C:\WINDOWS\system32\rqRIcdBU.dll
C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc23.tmp
C:\WINDOWS\system32\iftuyszv.exe
C:\Temp
C:\WINDOWS\system32\winz
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\OBE1
C:\WINDOWS\system32\kip
C:\WINDOWS\system32\20541
Driver::
mchInjDrv
File::
C:\WINDOWS\DUMP6acf.tmp
C:\WINDOWS\svchost32.MSNFix
C:\WINDOWS\system32\yayaYpQj.dll
C:\WINDOWS\iexplorer.MSNFix
Folder::
C:\FOUND.002
C:\FOUND.003
C:\Temp
C:\WINDOWS\system32\winz
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\OBE1
C:\WINDOWS\system32\kip
C:\WINDOWS\system32\20541
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58AA2AAB-E945-49E7-B7A2-672AC85367E7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCAB8B7-EF41-4DEA-BB3B-7152498ADBA7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0A15EEE-28E2-4A55-A22D-DDA48987FCC0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D00A9ABF-E9A5-4289-86FB-63DD3FDAEB98}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"320d18a1"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
ComboFix 08-06-09.7 - Plumy 2008-06-10 21:18:15.2 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1294 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Plumy\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\DUMP6acf.tmp
C:\WINDOWS\iexplorer.MSNFix
C:\WINDOWS\svchost32.MSNFix
C:\WINDOWS\system32\yayaYpQj.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\FOUND.002
C:\FOUND.002\FILE0000.CHK
C:\FOUND.002\FILE0001.CHK
C:\FOUND.002\FILE0002.CHK
C:\FOUND.002\FILE0003.CHK
C:\FOUND.002\FILE0004.CHK
C:\FOUND.002\FILE0005.CHK
C:\FOUND.002\FILE0006.CHK
C:\FOUND.002\FILE0007.CHK
C:\FOUND.002\FILE0008.CHK
C:\FOUND.002\FILE0009.CHK
C:\FOUND.002\FILE0010.CHK
C:\FOUND.002\FILE0011.CHK
C:\FOUND.002\FILE0012.CHK
C:\FOUND.002\FILE0013.CHK
C:\FOUND.002\FILE0014.CHK
C:\FOUND.002\FILE0015.CHK
C:\FOUND.002\FILE0016.CHK
C:\FOUND.002\FILE0017.CHK
C:\FOUND.002\FILE0018.CHK
C:\FOUND.002\FILE0019.CHK
C:\FOUND.002\FILE0020.CHK
C:\FOUND.002\FILE0021.CHK
C:\FOUND.002\FILE0022.CHK
C:\FOUND.002\FILE0023.CHK
C:\FOUND.002\FILE0024.CHK
C:\FOUND.002\FILE0025.CHK
C:\FOUND.002\FILE0026.CHK
C:\FOUND.002\FILE0027.CHK
C:\FOUND.002\FILE0028.CHK
C:\FOUND.002\FILE0029.CHK
C:\FOUND.002\FILE0030.CHK
C:\FOUND.002\FILE0031.CHK
C:\FOUND.002\FILE0032.CHK
C:\FOUND.002\FILE0033.CHK
C:\FOUND.002\FILE0034.CHK
C:\FOUND.002\FILE0035.CHK
C:\FOUND.002\FILE0036.CHK
C:\FOUND.002\FILE0037.CHK
C:\FOUND.002\FILE0038.CHK
C:\FOUND.002\FILE0039.CHK
C:\FOUND.002\FILE0040.CHK
C:\FOUND.002\FILE0041.CHK
C:\FOUND.002\FILE0042.CHK
C:\FOUND.002\FILE0043.CHK
C:\FOUND.002\FILE0044.CHK
C:\FOUND.002\FILE0045.CHK
C:\FOUND.002\FILE0046.CHK
C:\FOUND.002\FILE0047.CHK
C:\FOUND.002\FILE0048.CHK
C:\FOUND.002\FILE0049.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.003\FILE0001.CHK
C:\Temp
C:\WINDOWS\BM313e2b3d.xml
C:\WINDOWS\DUMP6acf.tmp
C:\WINDOWS\iexplorer.MSNFix
C:\WINDOWS\pskt.ini
C:\WINDOWS\svchost32.MSNFix
C:\WINDOWS\system32\20541
C:\WINDOWS\system32\bhcociio.dll
C:\WINDOWS\system32\heaxturt.dll
C:\WINDOWS\system32\jQpYayay.ini
C:\WINDOWS\system32\jQpYayay.ini2
C:\WINDOWS\system32\kip
C:\WINDOWS\system32\OBE1
C:\WINDOWS\system32\oiicochb.ini
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\winz
C:\WINDOWS\system32\wrthhiwt.dll
C:\WINDOWS\system32\yayaYpQj.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
.
2008-06-10 22:39 . 2008-06-10 22:39 <REP> d--hs---- C:\FOUND.002
2008-06-10 21:15 . 2008-06-10 21:15 7,474 -rahs---- C:\WINDOWS\Nar.vbs
2008-06-10 21:15 . 2008-06-10 21:17 7,474 -rahs---- C:\nar.vbs
2008-06-10 13:39 . 2008-06-10 13:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-10 13:39 . 2008-06-10 13:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 18:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_11.24.57.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 09:19:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 20:49:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-10 08:36:48 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-10 09:20:30 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B1A8D7C-CF32-4428-AA73-32CEF4E43A18}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0A15EEE-28E2-4A55-A22D-DDA48987FCC0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f7d61959-2add-419a-8aaf-0e78421f508c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"nar"="C:\WINDOWS\nar.vbs" [2008-06-10 21:15 7474]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3071c354-d8b2-11dc-a725-00163650ec10}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60eb9a96-d26d-11dc-a71e-00163650ec10}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6955-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6956-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 22:50:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-10 22:55:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 20:55:44
ComboFix2.txt 2008-06-10 09:25:30
Pre-Run: 16,706,371,584 octets libres
Post-Run: 16,708,665,344 octets libres
420 --- E O F --- 2008-05-17 09:25:41
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1294 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Plumy\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\DUMP6acf.tmp
C:\WINDOWS\iexplorer.MSNFix
C:\WINDOWS\svchost32.MSNFix
C:\WINDOWS\system32\yayaYpQj.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\FOUND.002
C:\FOUND.002\FILE0000.CHK
C:\FOUND.002\FILE0001.CHK
C:\FOUND.002\FILE0002.CHK
C:\FOUND.002\FILE0003.CHK
C:\FOUND.002\FILE0004.CHK
C:\FOUND.002\FILE0005.CHK
C:\FOUND.002\FILE0006.CHK
C:\FOUND.002\FILE0007.CHK
C:\FOUND.002\FILE0008.CHK
C:\FOUND.002\FILE0009.CHK
C:\FOUND.002\FILE0010.CHK
C:\FOUND.002\FILE0011.CHK
C:\FOUND.002\FILE0012.CHK
C:\FOUND.002\FILE0013.CHK
C:\FOUND.002\FILE0014.CHK
C:\FOUND.002\FILE0015.CHK
C:\FOUND.002\FILE0016.CHK
C:\FOUND.002\FILE0017.CHK
C:\FOUND.002\FILE0018.CHK
C:\FOUND.002\FILE0019.CHK
C:\FOUND.002\FILE0020.CHK
C:\FOUND.002\FILE0021.CHK
C:\FOUND.002\FILE0022.CHK
C:\FOUND.002\FILE0023.CHK
C:\FOUND.002\FILE0024.CHK
C:\FOUND.002\FILE0025.CHK
C:\FOUND.002\FILE0026.CHK
C:\FOUND.002\FILE0027.CHK
C:\FOUND.002\FILE0028.CHK
C:\FOUND.002\FILE0029.CHK
C:\FOUND.002\FILE0030.CHK
C:\FOUND.002\FILE0031.CHK
C:\FOUND.002\FILE0032.CHK
C:\FOUND.002\FILE0033.CHK
C:\FOUND.002\FILE0034.CHK
C:\FOUND.002\FILE0035.CHK
C:\FOUND.002\FILE0036.CHK
C:\FOUND.002\FILE0037.CHK
C:\FOUND.002\FILE0038.CHK
C:\FOUND.002\FILE0039.CHK
C:\FOUND.002\FILE0040.CHK
C:\FOUND.002\FILE0041.CHK
C:\FOUND.002\FILE0042.CHK
C:\FOUND.002\FILE0043.CHK
C:\FOUND.002\FILE0044.CHK
C:\FOUND.002\FILE0045.CHK
C:\FOUND.002\FILE0046.CHK
C:\FOUND.002\FILE0047.CHK
C:\FOUND.002\FILE0048.CHK
C:\FOUND.002\FILE0049.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.003\FILE0001.CHK
C:\Temp
C:\WINDOWS\BM313e2b3d.xml
C:\WINDOWS\DUMP6acf.tmp
C:\WINDOWS\iexplorer.MSNFix
C:\WINDOWS\pskt.ini
C:\WINDOWS\svchost32.MSNFix
C:\WINDOWS\system32\20541
C:\WINDOWS\system32\bhcociio.dll
C:\WINDOWS\system32\heaxturt.dll
C:\WINDOWS\system32\jQpYayay.ini
C:\WINDOWS\system32\jQpYayay.ini2
C:\WINDOWS\system32\kip
C:\WINDOWS\system32\OBE1
C:\WINDOWS\system32\oiicochb.ini
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\winz
C:\WINDOWS\system32\wrthhiwt.dll
C:\WINDOWS\system32\yayaYpQj.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
.
2008-06-10 22:39 . 2008-06-10 22:39 <REP> d--hs---- C:\FOUND.002
2008-06-10 21:15 . 2008-06-10 21:15 7,474 -rahs---- C:\WINDOWS\Nar.vbs
2008-06-10 21:15 . 2008-06-10 21:17 7,474 -rahs---- C:\nar.vbs
2008-06-10 13:39 . 2008-06-10 13:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-10 13:39 . 2008-06-10 13:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 18:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_11.24.57.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 09:19:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 20:49:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-10 08:36:48 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-10 09:20:30 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B1A8D7C-CF32-4428-AA73-32CEF4E43A18}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0A15EEE-28E2-4A55-A22D-DDA48987FCC0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f7d61959-2add-419a-8aaf-0e78421f508c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"nar"="C:\WINDOWS\nar.vbs" [2008-06-10 21:15 7474]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3071c354-d8b2-11dc-a725-00163650ec10}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60eb9a96-d26d-11dc-a71e-00163650ec10}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6955-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6956-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 22:50:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-10 22:55:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 20:55:44
ComboFix2.txt 2008-06-10 09:25:30
Pre-Run: 16,706,371,584 octets libres
Post-Run: 16,708,665,344 octets libres
420 --- E O F --- 2008-05-17 09:25:41
Re,
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Sélectionne l’intégralité du cadre ci-dessous :
Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton Bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).
******
Sélectionne l'intégralité du cadre ci-dessous :
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
![]()
Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Sélectionne l’intégralité du cadre ci-dessous :
@echo off & cls
CD \
del /q "%windir%\Temp\*.*"
del /q "%windir%\Prefetch\*.*"
del /q "%userprofile%\Cookies\*.*"
del /s /q "%temp%\*.*"
del /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /s /q "%userprofile%\Local Settings\Historique\*.*"
exit
CD \
del /q "%windir%\Temp\*.*"
del /q "%windir%\Prefetch\*.*"
del /q "%userprofile%\Cookies\*.*"
del /s /q "%temp%\*.*"
del /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /s /q "%userprofile%\Local Settings\Historique\*.*"
exit
Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton Bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).
******
Sélectionne l'intégralité du cadre ci-dessous :
Collect::
C:\WINDOWS\Nar.vbs
C:\nar.vbs
Driver::
mchInjDrv
Folder::
C:\FOUND.002
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nar"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
C:\WINDOWS\Nar.vbs
C:\nar.vbs
Driver::
mchInjDrv
Folder::
C:\FOUND.002
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nar"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
ComboFix 08-06-09.7 - Plumy 2008-06-11 19:39:34.3 - FAT32x86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1761 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Plumy\Bureau\CFScript.txt
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\FOUND.002
C:\nar.vbs
C:\WINDOWS\Nar.vbs
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.
2008-06-11 15:27 . 2008-06-11 15:27 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 18:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_11.24.57.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 09:19:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 17:47:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-10-26 17:48:14 434,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 13:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL
- 2008-05-15 05:34:02 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-11 01:11:56 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-15 05:34:02 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-11 01:11:56 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-15 05:34:02 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-06-11 01:11:56 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-15 05:34:02 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-11 01:11:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-15 05:34:02 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-11 01:11:56 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-15 05:34:02 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-11 01:11:56 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-15 05:34:02 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-11 01:11:56 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-15 05:34:02 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-11 01:11:56 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-15 05:34:02 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-11 01:11:56 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-15 05:34:02 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-11 01:11:56 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-15 05:34:02 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-11 01:11:56 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-06-10 08:36:48 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-11 03:28:40 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-08 01:45 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3071c354-d8b2-11dc-a725-00163650ec10}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60eb9a96-d26d-11dc-a71e-00163650ec10}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6955-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6956-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 19:47:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-11 19:52:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 17:52:38
ComboFix3.txt 2008-06-10 09:25:30
ComboFix2.txt 2008-06-10 20:55:48
Pre-Run: 19,196,379,136 octets libres
Post-Run: 17,072,160,768 octets libres
362 --- E O F --- 2008-06-11 01:11:56
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1761 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Plumy\Bureau\CFScript.txt
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\FOUND.002
C:\nar.vbs
C:\WINDOWS\Nar.vbs
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.
2008-06-11 15:27 . 2008-06-11 15:27 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 18:27 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_11.24.57.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 09:19:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 17:47:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-10-26 17:48:14 434,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 13:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL
- 2008-05-15 05:34:02 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-11 01:11:56 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-15 05:34:02 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-11 01:11:56 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-15 05:34:02 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-06-11 01:11:56 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-15 05:34:02 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-11 01:11:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-15 05:34:02 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-11 01:11:56 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-15 05:34:02 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-11 01:11:56 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-15 05:34:02 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-11 01:11:56 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-15 05:34:02 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-11 01:11:56 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-15 05:34:02 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-11 01:11:56 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-15 05:34:02 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-11 01:11:56 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-15 05:34:02 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-11 01:11:56 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-06-10 08:36:48 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-11 03:28:40 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-08 01:45 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3071c354-d8b2-11dc-a725-00163650ec10}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60eb9a96-d26d-11dc-a71e-00163650ec10}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6955-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6956-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 19:47:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-11 19:52:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 17:52:38
ComboFix3.txt 2008-06-10 09:25:30
ComboFix2.txt 2008-06-10 20:55:48
Pre-Run: 19,196,379,136 octets libres
Post-Run: 17,072,160,768 octets libres
362 --- E O F --- 2008-06-11 01:11:56
On dirait que l'infection se relance.
Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.
Autorise les Active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.
Poste un nouveau rapport Hijackthis.
Aide : Comment faire un scan en ligne avec Kaspersky .
Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.
Aide : Comment faire un scan en ligne avec Kaspersky .
Je me demande si mon disque dur n'est pas une source infectieuse. Parce que hier quand je l'ai rebranché j'avais effectivement le virus qui infecte les fichiers system d'autorun des lecteurs qui a au final l'effet d'empêcher l'accès a celui ci. Bien évidemment je l'ai scanné et supprimé le fichier vbs et l'autorun.inf mais quand tu parles d'une relance de l'infection je ne vois que ca comme explication. Je vais faire en sorte de laisser mon disque dur hors tension le temps qu'on résolve dabord le premier problème.
Ps : le scan kaspersky est en route
Ps : le scan kaspersky est en route
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 11, 2008 18:33:17
Records in database: 852643
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
G:\
Scan statistics:
Files scanned: 267032
Threat name: 4
Infected objects: 7
Suspicious objects: 5
Duration of the scan: 02:32:09
File name / Threat name / Threats count
C:\Documents and Settings\Plumy\Bureau\[4]-Submit_2008-06-11@19.39.zip Suspicious: Type_Script 2
C:\QooBox\Quarantine\C\WINDOWS\system32\yayaYpQj.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bhcociio.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\heaxturt.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wrthhiwt.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\Nar.vbs.vir Suspicious: Type_Script 1
C:\QooBox\Quarantine\C\nar.vbs.vir Suspicious: Type_Script 1
D:\nar.vbs Suspicious: Type_Script 1
D:\Documents and Settings\Plumy\Mes documents\vtp5_5.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Documents and Settings\Plumy\Mes documents\Post-By-Anonymousien.rar Infected: not-a-virus![:p]( ":p")
SWTool.Win32.AirCrack.a 1
The selected area was scanned.
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 11, 2008 18:33:17
Records in database: 852643
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
G:\
Scan statistics:
Files scanned: 267032
Threat name: 4
Infected objects: 7
Suspicious objects: 5
Duration of the scan: 02:32:09
File name / Threat name / Threats count
C:\Documents and Settings\Plumy\Bureau\[4]-Submit_2008-06-11@19.39.zip Suspicious: Type_Script 2
C:\QooBox\Quarantine\C\WINDOWS\system32\yayaYpQj.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bhcociio.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\heaxturt.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wrthhiwt.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\Nar.vbs.vir Suspicious: Type_Script 1
C:\QooBox\Quarantine\C\nar.vbs.vir Suspicious: Type_Script 1
D:\nar.vbs Suspicious: Type_Script 1
D:\Documents and Settings\Plumy\Mes documents\vtp5_5.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Documents and Settings\Plumy\Mes documents\Post-By-Anonymousien.rar Infected: not-a-virus
SWTool.Win32.AirCrack.a 1The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:59:55, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ehnavlbu.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Intel PROSet Wireless.lnk = C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13447 bytes
Scan saved at 0:59:55, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ehnavlbu.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Intel PROSet Wireless.lnk = C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13447 bytes
ComboFix 08-06-09.7 - Plumy 2008-06-13 3:32:44.4 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1413 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.
2008-06-13 02:11 . 2008-06-13 03:32 7,474 -rahs---- C:\nar.vbs
2008-06-12 03:33 . 2008-06-12 03:33 7,474 -rahs---- C:\WINDOWS\Nar.vbs
2008-06-12 03:10 . 2008-06-12 03:10 <REP> d-------- C:\Program Files\Common Files
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_11.24.57.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 09:19:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 14:04:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-10-26 17:48:14 434,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 13:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL
- 2008-05-15 05:34:02 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-11 01:11:56 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-15 05:34:02 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-11 01:11:56 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-15 05:34:02 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-06-11 01:11:56 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-15 05:34:02 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-11 01:11:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-15 05:34:02 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-11 01:11:56 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-15 05:34:02 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-11 01:11:56 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-15 05:34:02 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-11 01:11:56 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-15 05:34:02 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-11 01:11:56 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-15 05:34:02 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-11 01:11:56 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-15 05:34:02 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-11 01:11:56 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-15 05:34:02 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-11 01:11:56 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:28 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:28 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:28 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:28 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:36 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:36 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-16 09:02:36 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:30 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:02:36 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:30 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:02:36 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:30 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:02:38 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:38 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:36 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:02:38 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:36 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:38 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:02:40 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:40 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:02:40 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-11-02 12:36:10 18,176 ----a-w C:\WINDOWS\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motccgp.sys
+ 2007-01-22 16:33:00 7,680 ----a-w C:\WINDOWS\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motccgpfl.sys
+ 2007-11-02 12:51:28 6,400 ----a-w C:\WINDOWS\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motswch.sys
+ 2006-11-13 12:45:54 1,419,232 ----a-w C:\WINDOWS\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\wdfcoinstaller01005.dll
+ 2007-06-18 12:18:26 23,680 ----a-w C:\WINDOWS\system32\DRVSTORE\motmodem_77C6F3FBF2928E6DAC7B8A901D5589738CDDC62C\motmodem.sys
+ 2006-11-13 12:45:54 1,419,232 ----a-w C:\WINDOWS\system32\DRVSTORE\motmodem_77C6F3FBF2928E6DAC7B8A901D5589738CDDC62C\wdfcoinstaller01005.dll
+ 2006-07-28 05:10:08 6,144 ----a-w C:\WINDOWS\system32\DRVSTORE\motodrv_3F184E5829BCAF0569D41003B75A0ECD209143B9\mot_ci.dll
+ 2007-10-10 14:41:50 42,112 ----a-w C:\WINDOWS\system32\DRVSTORE\motodrv_3F184E5829BCAF0569D41003B75A0ECD209143B9\motodrv.sys
+ 2007-01-23 19:36:20 6,016 ----a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\motfilt.sys
+ 2007-11-02 12:41:06 22,272 ----a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\Motousbnet.sys
+ 2007-11-02 12:51:28 6,400 ----a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\motswch.sys
+ 2006-11-13 12:45:54 1,419,232 ----a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\wdfcoinstaller01005.dll
+ 2007-06-18 12:18:26 23,680 ----a-w C:\WINDOWS\system32\DRVSTORE\motport_9A5A85088EA432AA30AB62E19BFD4CEC1FF62E6D\motport.sys
+ 2006-11-13 12:45:54 1,419,232 ----a-w C:\WINDOWS\system32\DRVSTORE\motport_9A5A85088EA432AA30AB62E19BFD4CEC1FF62E6D\wdfcoinstaller01005.dll
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:36 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:02:36 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:02:36 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:30 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:02:36 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:30 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:02:36 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:30 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:02:38 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:36 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:02:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:36 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-10-08 19:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-10 08:36:48 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-12 14:06:08 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
- 2008-02-16 09:02:40 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:40 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:46 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-08 01:45 185896]
"nar"="C:\WINDOWS\nar.vbs" [2008-06-12 03:33 7474]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-02-04 22:47:35 114688]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-02-17 14:04:13 335872]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 17:18:36 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-23 12:24:36 805392]
Intel PROSet Wireless.lnk - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [2008-03-04 14:41:50 1101824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3071c354-d8b2-11dc-a725-00163650ec10}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60eb9a96-d26d-11dc-a71e-00163650ec10}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6955-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6956-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 03:36:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-06-13 3:36:34
ComboFix-quarantined-files.txt 2008-06-13 01:36:32
ComboFix4.txt 2008-06-10 09:25:30
ComboFix3.txt 2008-06-10 20:55:48
ComboFix2.txt 2008-06-11 17:52:42
Pre-Run: 17,649,500,160 octets libres
Post-Run: 17,810,391,040 octets libres
429 --- E O F --- 2008-06-12 01:03:24
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1413 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.
2008-06-13 02:11 . 2008-06-13 03:32 7,474 -rahs---- C:\nar.vbs
2008-06-12 03:33 . 2008-06-12 03:33 7,474 -rahs---- C:\WINDOWS\Nar.vbs
2008-06-12 03:10 . 2008-06-12 03:10 <REP> d-------- C:\Program Files\Common Files
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_11.24.57.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 09:19:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 14:04:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-10-26 17:48:14 434,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 13:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSO.DLL
- 2008-05-15 05:34:02 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-11 01:11:56 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-15 05:34:02 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-11 01:11:56 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-15 05:34:02 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-06-11 01:11:56 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-15 05:34:02 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-11 01:11:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-15 05:34:02 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-11 01:11:56 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-15 05:34:02 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-11 01:11:56 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-15 05:34:02 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-11 01:11:56 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-15 05:34:02 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-11 01:11:56 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-15 05:34:02 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-11 01:11:56 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-15 05:34:02 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-11 01:11:56 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-15 05:34:02 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-11 01:11:56 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:28 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:28 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:28 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:28 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:36 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:36 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-16 09:02:36 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:30 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:02:36 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:30 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:02:36 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:30 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:02:38 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:38 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:36 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:02:38 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:36 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:38 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:02:40 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:40 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:02:40 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-11-02 12:36:10 18,176 ----a-w C:\WINDOWS\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motccgp.sys
+ 2007-01-22 16:33:00 7,680 ----a-w C:\WINDOWS\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motccgpfl.sys
+ 2007-11-02 12:51:28 6,400 ----a-w C:\WINDOWS\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motswch.sys
+ 2006-11-13 12:45:54 1,419,232 ----a-w C:\WINDOWS\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\wdfcoinstaller01005.dll
+ 2007-06-18 12:18:26 23,680 ----a-w C:\WINDOWS\system32\DRVSTORE\motmodem_77C6F3FBF2928E6DAC7B8A901D5589738CDDC62C\motmodem.sys
+ 2006-11-13 12:45:54 1,419,232 ----a-w C:\WINDOWS\system32\DRVSTORE\motmodem_77C6F3FBF2928E6DAC7B8A901D5589738CDDC62C\wdfcoinstaller01005.dll
+ 2006-07-28 05:10:08 6,144 ----a-w C:\WINDOWS\system32\DRVSTORE\motodrv_3F184E5829BCAF0569D41003B75A0ECD209143B9\mot_ci.dll
+ 2007-10-10 14:41:50 42,112 ----a-w C:\WINDOWS\system32\DRVSTORE\motodrv_3F184E5829BCAF0569D41003B75A0ECD209143B9\motodrv.sys
+ 2007-01-23 19:36:20 6,016 ----a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\motfilt.sys
+ 2007-11-02 12:41:06 22,272 ----a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\Motousbnet.sys
+ 2007-11-02 12:51:28 6,400 ----a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\motswch.sys
+ 2006-11-13 12:45:54 1,419,232 ----a-w C:\WINDOWS\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\wdfcoinstaller01005.dll
+ 2007-06-18 12:18:26 23,680 ----a-w C:\WINDOWS\system32\DRVSTORE\motport_9A5A85088EA432AA30AB62E19BFD4CEC1FF62E6D\motport.sys
+ 2006-11-13 12:45:54 1,419,232 ----a-w C:\WINDOWS\system32\DRVSTORE\motport_9A5A85088EA432AA30AB62E19BFD4CEC1FF62E6D\wdfcoinstaller01005.dll
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:36 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:02:36 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:02:36 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:30 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:02:36 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:30 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:02:36 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:30 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:02:38 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:36 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:02:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:36 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-10-08 19:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-10 08:36:48 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-12 14:06:08 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
- 2008-02-16 09:02:40 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:40 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:46 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-08 01:45 185896]
"nar"="C:\WINDOWS\nar.vbs" [2008-06-12 03:33 7474]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-02-04 22:47:35 114688]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-02-17 14:04:13 335872]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 17:18:36 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-23 12:24:36 805392]
Intel PROSet Wireless.lnk - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [2008-03-04 14:41:50 1101824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3071c354-d8b2-11dc-a725-00163650ec10}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60eb9a96-d26d-11dc-a71e-00163650ec10}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6955-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de4f6956-2e34-11dd-a752-2e2b3c4d5e6f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 03:36:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-06-13 3:36:34
ComboFix-quarantined-files.txt 2008-06-13 01:36:32
ComboFix4.txt 2008-06-10 09:25:30
ComboFix3.txt 2008-06-10 20:55:48
ComboFix2.txt 2008-06-11 17:52:42
Pre-Run: 17,649,500,160 octets libres
Post-Run: 17,810,391,040 octets libres
429 --- E O F --- 2008-06-12 01:03:24
Re,
Télécharge Flash Disinfector (de sUBs) sur ton Bureau.
Connecte tous les périphériques externes ( DD , USB , ..... )
Double clique sur Flash Disinfector et laisse toi guider.
Télécharge Flash Disinfector (de sUBs) sur ton Bureau.
Voilà tous mes périphériques de stockage externes et internes sont maintenant équipés du dossier Autorun.inf.
J'ai du batailler et relancer la désinfection un dizaine de fois, puis en déconnectant une des mes clés (parce que j'en ai 2) et mon Hdd pour que l'opération se fasse sur ma carte SD et sur ma deuxième clé.
Bref, pour le moment tous les disques sont protégés.
J'ai du batailler et relancer la désinfection un dizaine de fois, puis en déconnectant une des mes clés (parce que j'en ai 2) et mon Hdd pour que l'opération se fasse sur ma carte SD et sur ma deuxième clé.
Bref, pour le moment tous les disques sont protégés.
ComboFix 08-06-09.7 - Plumy 2008-06-13 16:06:13.5 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1365 [GMT 2:00]
Running from: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.
2008-06-13 15:42 . 2008-06-13 16:05 7,474 -rahs---- C:\nar.vbs
2008-06-12 03:33 . 2008-06-12 03:33 7,474 -rahs---- C:\WINDOWS\Nar.vbs
2008-06-12 03:10 . 2008-06-12 03:10 <REP> d-------- C:\Program Files\Common Files
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-13_ 3.36.20,81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 14:04:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 13:52:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-12 14:06:08 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-13 13:53:22 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-08 01:45 185896]
"nar"="C:\WINDOWS\nar.vbs" [2008-06-12 03:33 7474]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-02-04 22:47:35 114688]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-02-17 14:04:13 335872]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 17:18:36 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-23 12:24:36 805392]
Intel PROSet Wireless.lnk - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [2008-03-04 14:41:50 1101824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 16:09:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc21.tmp"
.
Completion time: 2008-06-13 16:10:06
ComboFix-quarantined-files.txt 2008-06-13 14:10:04
ComboFix5.txt 2008-06-10 09:25:30
ComboFix4.txt 2008-06-10 20:55:48
ComboFix3.txt 2008-06-11 17:52:42
ComboFix2.txt 2008-06-13 01:36:36
Pre-Run: 17,821,892,608 octets libres
Post-Run: 17,803,411,456 octets libres
297 --- E O F --- 2008-06-12 01:03:24
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1365 [GMT 2:00]
Running from: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.
2008-06-13 15:42 . 2008-06-13 16:05 7,474 -rahs---- C:\nar.vbs
2008-06-12 03:33 . 2008-06-12 03:33 7,474 -rahs---- C:\WINDOWS\Nar.vbs
2008-06-12 03:10 . 2008-06-12 03:10 <REP> d-------- C:\Program Files\Common Files
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-13_ 3.36.20,81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 14:04:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 13:52:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-12 14:06:08 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-13 13:53:22 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-08 01:45 185896]
"nar"="C:\WINDOWS\nar.vbs" [2008-06-12 03:33 7474]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-02-04 22:47:35 114688]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-02-17 14:04:13 335872]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 17:18:36 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-23 12:24:36 805392]
Intel PROSet Wireless.lnk - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [2008-03-04 14:41:50 1101824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 16:09:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc21.tmp"
.
Completion time: 2008-06-13 16:10:06
ComboFix-quarantined-files.txt 2008-06-13 14:10:04
ComboFix5.txt 2008-06-10 09:25:30
ComboFix4.txt 2008-06-10 20:55:48
ComboFix3.txt 2008-06-11 17:52:42
ComboFix2.txt 2008-06-13 01:36:36
Pre-Run: 17,821,892,608 octets libres
Post-Run: 17,803,411,456 octets libres
297 --- E O F --- 2008-06-12 01:03:24
ComboFix 08-06-09.7 - Plumy 2008-06-14 1:34:10.6 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1262 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Plumy\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\nar.vbs
C:\WINDOWS\Nar.vbs
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.
2008-06-12 03:10 . 2008-06-12 03:10 <REP> d-------- C:\Program Files\Common Files
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-13_ 3.36.20,81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 14:04:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 19:06:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-12 14:06:08 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-13 19:06:58 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-08 01:45 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-02-04 22:47:35 114688]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-02-17 14:04:13 335872]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 17:18:36 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-23 12:24:36 805392]
Intel PROSet Wireless.lnk - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [2008-03-04 14:41:50 1101824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 01:37:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc23.tmp"
.
Temps d'accomplissement: 2008-06-14 1:38:01
ComboFix-quarantined-files.txt 2008-06-13 23:37:58
ComboFix5.txt 2008-06-10 20:55:48
ComboFix4.txt 2008-06-11 17:52:42
ComboFix3.txt 2008-06-13 01:36:36
ComboFix2.txt 2008-06-13 14:10:08
Pre-Run: 17,568,169,984 octets libres
Post-Run: 17,556,340,736 octets libres
299 --- E O F --- 2008-06-12 01:03:24
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1262 [GMT 2:00]
Endroit: C:\Documents and Settings\Plumy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Plumy\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\nar.vbs
C:\WINDOWS\Nar.vbs
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))))))))
.
2008-06-12 03:10 . 2008-06-12 03:10 <REP> d-------- C:\Program Files\Common Files
2008-06-10 12:22 . 2008-06-10 12:22 <REP> d-------- C:\Program Files\Gadwin Systems
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Program Files\Avira
2008-06-10 04:06 . 2008-06-10 04:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-10 03:07 . 2008-06-10 03:07 <REP> d-------- C:\Program Files\Trend Micro
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-09 23:21 . 2003-07-10 12:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-09 23:21 . 2003-09-05 10:04 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-06-09 23:21 . 2003-07-10 12:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-09 23:21 . 2003-09-05 10:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-09 23:21 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-06-09 23:21 . 2003-09-05 10:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Acer
2008-06-09 23:21 . 2008-06-09 23:21 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-09 23:00 . 2008-06-09 23:00 <REP> d-------- C:\Program Files\Alwil Software
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Program Files\Lavasoft
2008-06-09 21:09 . 2008-06-09 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-09 21:07 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:06 . 2008-06-09 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 20:53 . 2008-06-09 20:53 <REP> d-------- C:\Program Files\Vilma
2008-06-09 20:42 . 2008-06-10 02:07 211 --a------ C:\WINDOWS\wininit.ini
2008-06-09 20:10 . 2008-06-09 20:10 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Locktime
2008-06-09 12:36 . 2008-06-09 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-05 15:57 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-05 15:57 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-04 17:02 . 2008-03-09 07:25 236 --ah----- C:\Program Files\Fichiers communs\dx.reg
2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Program Files\Audacity
2008-06-01 00:19 . 2008-06-01 00:19 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\dvdcss
2008-05-30 16:36 . 2008-05-30 16:36 <REP> d-------- C:\Program Files\MyPlayCity.com
2008-05-28 23:10 . 2008-06-09 20:07 546 --a------ C:\WINDOWS\system32\eRLog.ini
2008-05-23 12:53 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-23 12:53 . 2008-03-13 03:25 2,530,176 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-23 12:53 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Program Files\Fichiers communs\Synacast
2008-05-23 12:32 . 2008-05-23 12:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\PPMate
2008-05-23 12:26 . 2008-05-23 12:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-23 12:26 . 2008-05-23 12:26 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-23 12:26 . 2008-05-23 12:26 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-23 12:25 . 2008-05-23 12:25 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Logitech
2008-05-23 12:25 . 2008-05-23 12:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-23 12:24 . 2008-05-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-23 12:24 . 2008-05-23 12:26 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-23 12:24 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-05-23 12:24 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-05-23 12:24 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-05-23 12:24 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-05-23 12:24 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-05-23 12:23 . 2008-05-23 12:23 <REP> d-------- C:\Program Files\Logitech
2008-05-23 12:22 . 2008-05-23 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-23 12:19 . 2008-05-23 12:19 <REP> d-------- C:\Intel
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Program Files\ma-config.com
2008-05-23 12:11 . 2008-05-23 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-23 11:57 . 2008-05-23 11:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\TechSmith
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-05-23 11:12 . 2008-05-23 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-23 11:12 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-22 19:32 . 2008-05-22 19:32 <REP> d-------- C:\Documents and Settings\Plumy\Application Data\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 <REP> d-------- C:\Program Files\Hamachi
2008-05-22 19:31 . 2008-05-22 19:31 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-19 19:30 . 2008-05-19 19:31 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels
2008-05-19 19:28 . 2008-05-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-19 18:43 . 2008-05-19 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-05-19 16:30 . 2008-05-19 16:30 <REP> d-------- C:\Documents and Settings\Plumy\Mes documents
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:15 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 15:15 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:34 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-09 13:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 09:36 --------- d-----w C:\Program Files\Project64 1.6
2008-05-04 15:42 789,525 ----a-w C:\WINDOWS\system32\rpcrt4new.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 07:24 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-29 07:24 --------- d-----w C:\Documents and Settings\Plumy\Application Data\SystemRequirementsLab
2008-04-25 16:38 --------- d-----w C:\Program Files\SourceTec
2008-04-25 16:38 --------- d-----w C:\Program Files\Fichiers communs\SourceTec
2008-04-22 20:25 974,354 ----a-w C:\WINDOWS\system32\crypt32new.dll
2008-04-22 20:23 134,671 ----a-w C:\WINDOWS\system32\winstanew.dll
2008-04-22 20:21 87,558 ----a-w C:\WINDOWS\system32\ntdsapinew.dll
2008-04-22 20:21 171,023 ----a-w C:\WINDOWS\system32\apphelpnew.dll
2008-04-22 20:20 1,584,149 ----a-w C:\WINDOWS\system32\setupapinew.dll
2008-04-22 20:18 96,783 ----a-w C:\WINDOWS\system32\powrprofnew.dll
2008-04-22 20:16 72,707 ----a-w C:\WINDOWS\system32\secur32new.dll
2008-04-22 20:10 633,871 ----a-w C:\WINDOWS\system32\user32new.dll
2008-04-22 20:07 770,069 ----a-w C:\WINDOWS\system32\advapi32new.dll
2008-04-22 20:05 39,948 ----a-w C:\WINDOWS\system32\dwmapi.dll
2008-04-22 19:59 167,948 ----a-w C:\WINDOWS\system32\dxgi.dll
2008-04-21 20:34 --------- d-----w C:\Program Files\Frets on Fire
2008-04-21 10:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 19:51 --------- d-----w C:\Program Files\Steam
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-15 11:59 --------- d-----w C:\Program Files\Your Freedom
2008-04-15 11:51 --------- d-----w C:\Program Files\SocksCapV2
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-12 16:17 681,478 ----a-w C:\WINDOWS\system32\msvcrtnew.dll
2008-04-12 16:14 874,502 ----a-w C:\WINDOWS\system32\kernel32new.dll
2008-04-12 16:14 187,398 ----a-w C:\WINDOWS\system32\d3d10core.dll
2008-04-12 16:13 1,029,126 ----a-w C:\WINDOWS\system32\d3d10.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-12 23:06 92,064 ----a-w C:\Documents and Settings\Plumy\mqdmmdm.sys
2008-02-12 23:06 9,232 ----a-w C:\Documents and Settings\Plumy\mqdmmdfl.sys
2008-02-12 23:06 79,328 ----a-w C:\Documents and Settings\Plumy\mqdmserd.sys
2008-02-12 23:06 66,656 ----a-w C:\Documents and Settings\Plumy\mqdmbus.sys
2008-02-12 23:06 6,208 ----a-w C:\Documents and Settings\Plumy\mqdmcmnt.sys
2008-02-12 23:06 5,936 ----a-w C:\Documents and Settings\Plumy\mqdmwhnt.sys
2008-02-12 23:06 4,048 ----a-w C:\Documents and Settings\Plumy\mqdmcr.sys
2008-02-12 23:06 25,600 ----a-w C:\Documents and Settings\Plumy\usbsermptxp.sys
2008-02-12 23:06 22,768 ----a-w C:\Documents and Settings\Plumy\usbsermpt.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 18:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-13_ 3.36.20,81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 14:04:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 19:06:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-12 14:06:08 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-06-13 19:06:58 24,955 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-28 23:11 1271032]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"320d18a1"="C:\WINDOWS\system32\ehnavlbu.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-08 01:45 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-02-04 22:47:35 114688]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-02-17 14:04:13 335872]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 17:18:36 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-23 12:24:36 805392]
Intel PROSet Wireless.lnk - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [2008-03-04 14:41:50 1101824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll 2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"MSVideo1"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Steam Offline\\hl.exe"=
"C:\\Program Files\\Your Freedom\\freedom.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50]
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-19 20:29]
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2006-03-19 20:28]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-11-20 18:02]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 07:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 01:37:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Plumy\LOCALS~1\Temp\mc23.tmp"
.
Temps d'accomplissement: 2008-06-14 1:38:01
ComboFix-quarantined-files.txt 2008-06-13 23:37:58
ComboFix5.txt 2008-06-10 20:55:48
ComboFix4.txt 2008-06-11 17:52:42
ComboFix3.txt 2008-06-13 01:36:36
ComboFix2.txt 2008-06-13 14:10:08
Pre-Run: 17,568,169,984 octets libres
Post-Run: 17,556,340,736 octets libres
299 --- E O F --- 2008-06-12 01:03:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:47, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
c:\program files\adobe\adobe photoshop cs3\photoshop.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ehnavlbu.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Intel PROSet Wireless.lnk = C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13669 bytes
Scan saved at 19:08:47, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
c:\program files\adobe\adobe photoshop cs3\photoshop.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\ehnavlbu.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Intel PROSet Wireless.lnk = C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13669 bytes
Bien,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
[#FF0000]Aide : Comment utiliser MBAM.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
[#FF0000]Aide : Comment utiliser MBAM.
Lassé par la pub ? Créez un compte
- Contenus similaires :
